SAN FRANCISCO — In the rush to get holiday shopping done, it’s too easy to take shortcuts that could put you at major risk of cyber attack.
According to a recent CNET survey, one in four holiday gift shoppers has been a victim of an online hack in the past 12 months. To avoid joining their number, cybersecurity experts offer these tips to keep you, your credit cards and bank accounts safe.
1. Don’t use sketchy wireless networks
This is the easiest to fall for. You’re out and about, maybe waiting for someone else to finish shopping, maybe standing in a long checkout line, maybe you just want to take a quick look at whether something you want is cheaper elsewhere. You pull out your phone and up pops a free WiFi hotspot. It might even have a safe-sounding name: Westfield Mall Guest Network, or Holiday Happiness Free Wifi. Without thinking, you click and get connected. Hackers get the chance to infect your phone with malware or siphon off your passwords and account information.
There are a couple issues there. Sometimes the network is a fake one, what security professionals call a honeypot, meant to lure in the unsuspecting so their information can be stolen. To guard against these, look around for signs at the mall, store or airport that include the WiFi network name and make sure you’re using that. Don’t just assume that any network that pops up is legitimate. Hackers routinely create them and wait for the unwary to connect up. Ask an employee if you’re not sure. When in doubt, don’t connect.
Even if you are on a legitimate network, remember that public Wi-Fi isn’t secure. It’s all too easy for someone to monitor the traffic whizzing through the air and potentially steal login and password information that you yourself type in or that your phone automatically fills in through pre-existing cookies. “Consider waiting to enter your credit card information when you get home,” suggests James Lyne, global head of security research for Sophos, a security firm.
2. Who really sent you that online holiday card?
Electronic holiday cards are increasingly popular, but be careful about clicking on the links that show up in your mailbox. While we’ve become cautious of subject lines like “HELP! Stuck in the Philippines” or “Urgent: Must move funds from Romania,” something that says “Merry Christmas from the Andersons” might slip through our defenses. Do you actually know any Andersons? And didn’t you already get a paper card from them last week?
3. Use different passwords for each account
Yes, broken record time here. But criminal hackers really do keep searchable lists of all the account IDs, email addresses and passwords they’ve stolen. They can even rent those lists for pennies for a thousand names. So when they break into one account, they add it to the database. Then they try that same email address and password against a list of hundreds of other stores and banks. Think of it as the Lord of the Rings maxim: One password to rule them all makes for bad security. If you can’t remember all those passwords, consider using a password management program, suggests EY Cybersecurity Services.
Read more: 8 tips on staying cyber safe while shopping