Cyber Monday is no longer a 24-hour event; it’s a marathon.
Since its debut in 2005, Cyber Monday (CM) has mushroomed into weeks of deals that launch before Thanksgiving. With cyber shoppers spending billions online, hackers are already hard at work finding new ways to grab your money.
Most people expect businesses to protect their data even if the user makes a mistake, but don’t bank on it. Hone your skills as an online shopper to spot the most significant risks and learn how to detour around roadblocks to keep your holidays jolly. Risks include how you connect, how you pay, and malicious traps The hazards start when you first connect to your favorite online e-tailers. Whose internet service are you using? Retailers offer free Wi-Fi, but it’s wise to pass on that perk. If you roam brick and mortar shops, device in hand to check prices online, avoid bogus public networks with names similar to businesses around you. Some are set up to drive your device to malware-laced websites; others grab your login or payment credentials using a man-in-the-middle attack that basically “listens in” on your web communications.
Paying for purchases should be the easy part, but IDShield recommends that you resist the convenience of storing payment details on a retailer’s website for future use. It won’t be convenient at all if that site gets breached next month.
With the spread of chip-enabled credit cards, fraud has dropped. Instead, hackers have shifted their attention to the web; these attacks exploit weaknesses in “card not present” (CNPF) sales, common in most web transactions. Cyber Monday’s screaming sales are alluring, but shops may inflate price tags before markdowns. Check several websites to try beating a CM “deal.” Some offerings will disclose that prices may be lower elsewhere.
View your Inbox with skepticism. Emails may tempt you with subject lines such as “iPads for $200.” Click that embedded link, and you’ll probably see a visually recognizable website, but the odds are that it won’t be the real Apple.com.
Fake delivery notices are another scam to avoid. Ask yourself this: “If a company didn’t have my address correct, how did they get my email?” Delivery firms don’t often send emails unless you request arrival notifications. Don’t click that link. Finally, there’s the genuine risk that your package may get lost, damaged, or stolen. Porch Pirates are a growing problem. These thieves cruise neighborhoods looking for unattended boxes; some even follow delivery trucks to grab the package just delivered to your doorstep.
Keep yourself and your holiday cheer safe online
- Don’t utilize free, unguarded web connection offers. If that connection is compromised, it will expose you to attacks from nearby hackers. One option is to use your smartphone to create a hot spot that’s password protected. Another is to set up a virtual private network (VPN) for your home device or download a VPN app for your phone. These virtual connections cloak your identity and can thwart bad actors.
- Do not buy a VPN app without checking reviews and legitimacy, however, as many of these apps have inadequate or non-existent privacy policies. If you use price comparison apps, make sure you vet them carefully also.
- Don’t think that these apps are thoroughly evaluated; fakes sneak through all the time. When you first establish an online shopping account, choose your password carefully.
- Do not reuse one from another site. Hackers have become adept at credential stuffing – the practice of trying leaked username and password combinations to unlock individual buying accounts with account takeover (ATO) attacks soaring in recent years.
- Pay with credit vs. debit cards, if you have a choice. Unlike cash, federal laws protect both types against fraudulent charges, but with debit, it can take up to two weeks to get missing cash restored. Credit restoration can happen in hours. The Fair Credit Billing Act (FCBA) of 1975 limits most credit consumer responsibility for unauthorized charges to $50. Major credit card issuers reduce that to $0 in many cases.
- Sign up for financial alerts. Credit card companies can notify you of hefty charges made in your name, or if you prefer, every single purchase. Text and email are two popular notification methods that let you dispute fraud before the damage mounts. Alerts also rapidly flag other financial transactions.
- Know the seller’s return policy; some vary during the holidays. Understand the seller’s shipping insurance coverage. Save digital copies of these policies for future reference. If a deluge of spam is not your idea of many happy returns, create an email address you use only for online shopping. Whenever a wave of unwanted email floods your inbox, kill that address, and create another.
- Now, about those Porch Pirates. If you live in a populated area, delivery alternatives include Amazon Locker for some drops. Other options include delivery to a work address, a neighbor’s home, adjusting the time of delivery, or requesting that boxes be hidden on your porch so folks who stroll by can’t notice them.
- Something still went wrong? Even thorough preparation won’t prevent every headache. If a product arrives damaged or defective, brush up on the FCBA or the Electronic Funds Transfer Act (EFTA) for debit cards and dispute the charges. Document any product or shipping issues with that handy smartphone.
- Resolve to check your bank statements regularly. Federal protections for credit cards are terrific, but you must challenge unauthorized charges within 60 days of the statement’s arrival. Mail your notification of debit card fraud within that period if possible but know that recent court decisions have extended it on a case by case basis. Set a reminder to check those statements as they arrive; don’t be that shopper who doesn’t discover they’ve been victimized until it’s too late!
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.