Tips for Staying #CyberSecure While Shopping Online for #CyberMonday

Cybercriminals need shopping money for the Holidays and one of their favorite times to get yours is when you are shopping on #CyberMonday.

Use these tips to help stay #cybersecure while shopping online for #CyberMonday and at any other time:

  1. Credit or debit? Use credit cards, not debit cards, for your online shopping. Debit cards are tied directly to your bank account so if there is a problem, your money is gone. With credit cards, it is borrowed money, plus, if you have a problem with the merchant or order, the credit card company can act as your intermediary in the dispute. If possible, have one credit card that is used solely for online shopping in case you need to cancel it.
  2. Secure Internet connection. When shopping online, it is best to avoid free WiFi or other forms of open WiFi in public locations. When you are out, it is best to use your own data plan or, if you must use public WiFi, use a VPN to help minimize the risk of having your information stolen.
  3. Credible merchants. Only shop at online merchants that are credible and well-established. Anyone can put up a website in a short amount of time, make sure you know you’re dealing with a trusted merchant with a history of doing business.
  4. Scams – too good to be true (merchants). Be wary of deals that seem too good to be true and do not get too greedy because if a “deal” seems that good, it almost certainly is and the person behind the scam is either outright stealing your money or they are trying to steal your information.
  5. Saving information with merchant. While it is more convenient to save your personal information and payment information with the merchant, doing so also means that information is now stored in their database and can be compromised. It is best to not save your information with merchants.
  6. Scams – too good to be true (click here). Be wary of emails or social media posts that advertise deals that seem too good to be true and then tell you to “click here” on a link to see more information. Those are usually phishing emails that are designed for the sole purpose of getting you to click the link so they can either steal your information or deposit malware on your device. Cybercriminals can perfectly clone emails from legitimate merchants such as FedEx, PayPal, Amazon, and others so just because the email looks legit doesn’t mean it is — don’t click on the links!
  7. Scams — the sad story. While not limited to online shopping, a close relative to the “too good to be true” scam are the scams that play on your sympathy and generosity during the Holidays. An example of these is chain emails that tell of a tragedy that has befallen people and asks for donations. Criminals know how to play on our sympathies and use our emotions to manipulate us into doing things we would never do otherwise, such as sending money because someone asked for it in an email or social media post. Unless you know the people first hand, do not let your emotions overtake your judgment and stick with reputable charitable organizations with an established history.
  8. Good Cyber Hygiene. Whether for shopping on #CyberMonday or otherwise, it is best to always use good #CyberHygiene to protect yourself online. Here is a free Checklist for Good Cyber Hygiene.

For more discussion of these tips for staying safe while shopping online see 5 tips for Avoiding the Cyber Grinch this Cyber Monday! and Cyber Monday: Online safety tips from a cybersecurity expert.

SEE ALSO

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

What do holiday charities, school weather closings, social media and ransomware have in common?

Question: What do holiday charities, school closings,social media and ransomware have in common?

Answer: They are all tools that cybercriminals use to steal money from you!

Social engineering is a fancy way to describe old-fashioned lying. It is what happens when bad guys use deception to get people to do something really dumb that they would not ordinarily do. Most hackingcybercrime, and data breaches are not caused by sophisticated attacks but are accomplished by social engineering.

The bad guys play on your emotions so that your desires overpower your judgment and “BAM!” they got you. This is the Nigerian Prince. This is the chain letter. This is countless other examples just like that. Remember the old lesson, “if it seems too good to be true …”

school-closingsThere is another variant floating around during the Holidays especially. Sad stories about people suffering tragedies during the Holidays, news events of tragedies during the Holidays, etc. and they all play on your emotions to get you to either give them something (money or data), propagate the scam by sharing it, or downloading something such as ransomware that will then force you to give them something!

Yesterday, I saw a different twist on this emotional game. With freezing weather moving in, Facebook was littered with people sharing a “story” with an image that read “SCHOOL CLOSINGS” that led you to something that was not a legitimate story on school closings (I don’t know what it was, I didn’t click on it). This “fake news” item may have been good fun or it may have been something worse, I don’t know because I didn’t click on it. But what I do know is this: researchers have recently discovered that cybercriminals are now using Facebook and LinkedIn to distribute Locky ransomware through people clicking on images.Facebook and LinkedIn to distribute Locky ransomware through people clicking on images. If the bad guys see that people love clicking on “SCHOOL CLOSING” links, you can bet they will start using them.

This Holiday Season and always, click with caution!

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Kim Kardashian’s Lesson on the Relationship Between Physical and Cybersecurity

While the story of Kim Kardashian being robbed at gun-point while in Paris, France has created quite a stir in pop culture, it has lessons to learn about cybersecurity as well.

First and foremost, it demonstrates the integral interplay between cybersecurity and physical security and how people need to always maintain situational awareness of how their cyber activities may be giving away critical information about them. This kind of information, gathered bit by bit to paint a full picture, is very valuable to those carefully studying their targets, such as social engineers. Continue reading “Kim Kardashian’s Lesson on the Relationship Between Physical and Cybersecurity”

Tips for Parents to Help Keep Kids Safe Online

 

Missing Kids.png
Alicia Kozakiewicz standing in front of the wall of missing children at the National Center for Missing and Exploited Children headquarters. Read Alicia’s heartbreaking story below.

I was recently asked to talk about online safety tips that parents should understand to help keep their children safe in the online world. Here are some of my talking points: Continue reading “Tips for Parents to Help Keep Kids Safe Online”