With the holiday season underway, retailers are offering motivated shoppers deals on electronics, toys, clothes, and other hot-ticket items. Shopping days like Black Friday, Small Business Saturday, and Cyber Monday have become like holidays themselves, with the National Retail Federation estimating that more than 164 million consumers will shop Thanksgiving weekend through Monday.
Due to increased opportunities and money being exchanged online, there are people who will try to take advantage of consumers. This season, shoppers are increasingly at risk for encountering phishing schemes, viruses, and malicious apps that can infect mobile devices and compromise sensitive data.
Fortunately, you can take steps to protect yourself from fraudulent and malicious schemes. Here are some ways you can protect yourself this holiday season.
Only shop on trusted sites with a valid SSL certificate
When you are shopping online, make sure to only purchase items through websites that have addresses that begin with “HTTPS” (not “HTTP”). Data that is sent from your browser to a retailer over HTTP is in plain text and can be intercepted by hackers who may be looking to exploit you. Hyper Text Transfer Protocol Secure (HTTPS) is encrypted, so threat actors cannot capture the data. Only sites with a valid SSL certificate can establish an HTTPS connection, so keep that in mind while shopping online.
Use caution when downloading new apps for shopping or deals
Many great deals can be found through shopping apps, but be aware that some shopping apps could become compromised and unsafe for your sensitive, personal data. While app store teams do their best to review all apps for validity, some malicious apps still get through the screening process. Before clicking “download and install,” check to make sure the app is from an official e-commerce retailer, and check to see what permissions the app is asking from your device.
Avoid shopping over public WiFi
Whenever possible, do your online shopping at home over a secured WiFi connection. Public hotspots are a hacker’s dream and are often not secure enough for anything but remote browsing. Transactions that are made over public WiFi networks could be susceptible to man-in-the-middle attacks, where the data you transmit can be intercepted by hackers who want to collect your data.
Enable two-step verification whenever possible
Many e-commerce sites require that you enable two-step verification as a security measure to ensure that your transaction is indeed coming from you. This usually requires you to enter a code that is sent to your mobile phone whenever you try to log in on a retailer’s website. This way, if a hacker does intercept your password, they will not be able to log in without the code that was sent directly to you.
Use different passwords for each site
Many people make the mistake of using the same password for every site they visit. While it may be easier to remember a single password, this is not a good practice. Instead, use unique passwords for every site so that if one is compromised, the rest will be safe. If remembering multiple passwords is too complicated, take advantage of a secure password-generating/storing app such as LastPass, Dashlane, or 1Password to make it easier to create and store secure passwords for all of your online accounts.