As the popularity of online shopping increases, so does the likelihood of falling foul of cybercrooks, not necessarily because they are putting in extra effort during the festive season, but simply because more of us are doing more online shopping at this time of the year, and we’re on the lookout for the hottest deals.
Sophos has put together the following cybersecurity tips to help you focus on family, food and fun over during this season, rather than dealing with the headache of stolen credit card details or important documents lost to ransomware.
- Clean up your passwords before you start shopping
Don’t use the same password on more than one website. If the crooks get one password, they’ll immediately try it on all your other accounts. Make your passwords as long and complex as you can; in fact, consider using a password manager, which will come up with a unique password for each website automatically.
- Update your devices
When patches come out, most of them fix security holes that the crooks either already know about or will find out about soon. Don’t put off security updates because “later will be fine”. Follow our advice: patch early, patch often.
- Back up your files
Whether you’re taking your laptop on holiday, or staying at home with your faithful desktop this festive season, don’t forget to back up your precious documents on all of your devices. That way if your files are lost, stolen, “reconfigured” by a teenaged “expert”, or, worst of all, held for extortion by ransomware, you can still get your data back.
- Watch out for booby-trapped ATMs when shopping on the High Street
Watch out for modified ATMs when you withdraw money. Crooks often glue fake parts onto or around ATMs in the hope of covertly reading both your card data and your PIN. If you see an ATM with any components that look as though they don’t belong, report it to the bank and the police. That way you protect yourself and everyone else too.
- Beware of login links in emails
With so many emails flying around over the festive shopping period, it’s a popular time for cybercrooks to use fake ‘phishing’ emails to trick you into handing over personal data. When an email urges you to click on a link to login to your account and change your password, or some similar sort of subterfuge, it’s probably crooks trying to trick you onto a fake site that will look exactly like the real thing, except that the crooks get your password, not the real website. If you want to check a transaction on one of your accounts, open your browser and browse to the website yourself.
- Look for the padlock in the URL bar when shopping online
A padlock in the address bar and a URL that starts with “HTTPS” means the website uses an encrypted or secure connection. All major websites, not just financial institutions, use HTTPS these days, so if you see a site that’s asking for personal information but doesn’t have the padlock, you can be sure it’s a fake.
- Watch out for bogus courier emails
During this time, you may very well get products delivered to your home, so you’ll be expecting a visit from a courier company. Crooks know this and send fake emails about bogus delivery problems, hoping to draw you into their web. If you want to contact a courier company to check on a delivery, look up their phone number or email address yourself – don’t use any links or information from an email.
- Don’t email your credit card details
Sometimes you’ll try to buy that special gift , but your credit card won’t go through. In perfectly good faith, the seller may ask you to email through your card details to try again later. But that email could end up in the hands of cybercrooks, even if the seller handles it with care once they’ve received it. Remember: if in doubt, don’t give it out!
- Turn off Flash on your devices
Want to do one single, simple thing to improve your security, now and forever? Turn off Flash, or uninstall it altogether if you can. Booby-trapped Flash files are still a popular way of spreading malware, and with fewer and fewer sites actually requiring Flash, it’s safer to do without it altogether.
- Change default passwords before using any new home video devices
Whether it’s a new baby monitor, home surveillance system, or any other internet-enabled camera, it probably has a default password. If you don’t change the password then you are making it easy for a cybercriminal to hack in and watch whatever you’re filming. That could be you, your house, your baby, or something else that you’d prefer to keep away from prying eyes.
- Think before you share on social media
Maybe it sounds obvious, but oversharing on social media is a bad idea, and there is no better time to remind you of this than the party season. Whether it’s photos of other people, your credit card details, the fact that you’re HOLDING A REALLY AMAZING PARTY ON FRIDAY NIGHT or anything else, stop and think before you share. Once you post it, you’ll never be able to take it back.
- Upgrade the software on any new devices before using them
Even “new” computers and hardware devices usually need updates right away. After all, between when they were made and when you first use them, the crooks have had time to find new security holes to attack. If you want to protect your new devices, always patch before using them, even if it’s Christmas Day and you’re dying to try out your brand new present.
Finally, make sure your computers at home are secure. Sophos Home is free and allows you to protect up to 10 Windows and Mac computers from malware, ransomware, phishing and more. You can have different settings for adults and kids, and the web filter lets you block ads. It’s an easy-to-use solution that takes minutes to download and get started.
And remember, when 2017 comes around, all of these tips will still be valid. In other words, as much as we’re urging you not to let your computer security guard down over the festive season, we’re also encouraging you to keep your security guard up every day.
Cybersecurity is for life, not just for this season.