The holiday season is upon us! As many of us prepare our homes, pantries, and gift lists for the approaching season, cybercriminals are simultaneously preparing to exploit security vulnerabilities to their advantage. According to the Cybersecurity & Infrastructure Security Agency(CISA), these bad actors target online shoppers by using the following tactics:
- Creating fraudulent websites, emails, and text messages that appear to be legitimate, but are actually attempts to convince the recipient to surrender personal and financial information. These phishing, smishing, and spoofing attempts often have an urgent tone, prompting users to update personal information or change their password.
- Intercepting insecure transactions with vendors that do not use encryption for online purchases.
- Targeting vulnerable computers that are not protected from viruses or other malicious codes, allowing attackers to gain access to the computer and all information on it.
Research from Deloitte indicates that around two-thirds of consumers will choose to shop online this year. If you are among these likely online shoppers, please protect yourself, your data, and your computer system by following these simple tips:
- Ensure that the software on your devices is up-to-date and enable automatic software updates whenever possible. Manufacturers use software updates to patch security vulnerabilities.
- Shop through trusted sources. Avoid following links to stores that may appear in emails, texts, or on social media. Instead, navigate directly to the storefront. When you’re on a website, check for a padlock icon and “https:” instead of “http:” in the URL. The extra “s” in “https:” indicates that the communications with the website are encrypted and secure, although criminals are increasingly adding this security to their bad websites, making it even type website names directly into your browser, instead of clicking on links.
- Use a credit card, rather than a debit card for online transactions. There are laws that limit your liability for fraudulent credit card charges, but debit cards do not always offer the same protection. Check your statements regularly to detect any unknown transactions (NICCS 2020).
- When you receive an email, look carefully at the sender’s email address to decipher whether it truly originated from the purported sender.
- Exercise caution when opening attachments or clicking links, even if they come from known senders.
- Don’t open attachments or click links that come from unknown senders.
- Don’t open files that ask you to “enable a macro” or download, install or update another program.
- Don’t click on emailed links asking you to “log in” or “verify your account.” If you need to manage the account, go directly to a known website rather than following an emailed link.
- Don’t send passwords or other sensitive information via email or any other channel.
- Don’t post your cell-phone number on publicly visible spaces.
- Don’t call a phone number provided in an unsolicited email, voicemail, or text message.
- Report any suspicious activity to infosec@wustl.edu.
By using these strategies, you can ensure that your holiday season is uninterrupted by costly and dangerous security breaches. The Office of Information Security is proud to help you stay safe online this season and always.