October was National Cyber Security Awareness month and during that time with nearly 2 billion records stolen in the first half of 2017 in the US alone and the Global Breach Index reaching 9B records at a pace of sixty records every second (see: http://breachlevelindex.com). This includes email accounts, passwords, credit cards, social security numbers, dates of birth, addresses and much more personally identifiable information. According to Cybersecurity Ventures, cyber-crime damages will cost the world $6 trillion annually by 2021 (see: https://cybersecurityventures.com/2015-wp/wp-content/uploads/2017/10/2017-Cybercrime-Report.pdf)
As we’re approaching the busiest online shopping season with Black Friday and Cyber Monday right around the corner, now is the most important time to understand the latest threats and to be vigilant. This is your chance to help halt hackers on the holidays.
So here are expert tips to help you enjoy the Thanksgiving and Christmas shopping experience without losing your privacy and identity or putting your children’s safety at risk:
- Change your passwords – all of them. Do it now and do it as frequently as you can tolerate. If you don’t want to change them often, then use any unique characters you can think of, such as a dollar sign ($) or an exclamation mark (!) or replace a letter “O” with a 0 (zero). This goes a long way in preventing brute force attacks against your password. Also, never trust anyone on the phone who asks for your password, especially if they called you. The same holds true with emails. Both the telephone and email are used by people who try to get your password by pretending to be the IRS, your bank or someone else you have an account with.
- Clean up your apps. Assume most of your smartphone or tablet apps are malware that spies on you and your online behavior. Do you really need them? Delete any apps you don’t use often. Replace apps that take advantage of too many of your privacy settings with similar apps that don’t. On an iPhone, you’re not being eavesdropped on until you run the app.
- Shop online only from websites you trust. If you don’t know where the merchant is located, don’t shop online there. If they don’t have a corporate address or are located in another country, it could be iffy whether you ever see the goods you think you purchased. Also, if their shopping-cart experience is not an HTTPS browser session, then everything you type in – your name, address and credit card information – is going over the Internet unencrypted, in plain view.
- Never buy online using your credit card on a site that doesn’t have SSL (secure sockets layer) encryption installed. It’s easy to tell you are in a secure, encrypted session. You should see an icon of a locked padlock in your browser and the website URL starts with HTTPS not HTTP. Also, if you receive emails from the merchant, no matter the reason, don’t give them your credit card information over email.
- Don’t use cash or debit cards. You have three major choices when shopping – cash, credit or debit. In rare but growing instances there’s even a fourth option called “Bitcoins,” which are now accepted at some merchants including Overstock.com. Bitcoins could be considered the equivalent to the cash option, because once used, you can’t get them back. So, if you have to choose among these options, the best is the credit card. Here’s why: If you experience identity theft, credit card laws allow you to keep all of your credit immediately, with no responsibility during an identity theft or fraud investigation. With a debit card, your bank’s policy can be to tie up your money in the amount of the fraudulent transactions for up to 30 days. Some have been known to take up to 60 days to resolve the issue.
- Don’t use public WiFi without using SSL encryption. Public Wifi networks can be a hacker’s dream. If they want, they can see what websites you are visiting and insert malware into your computer or other device. The hacker also has access to any information you are sending out over the Internet, which could include credit card numbers or other critical information.
- Understand and guard against spear phishing attacks. Every day, there’s a cybercriminal somewhere in the world looking to gain access to your identity and credit. They are getting smarter and they are using sophisticated techniques to send emails that look good – like they came from someone you trust. It will usually have a link or attachment that leads to a malware infection. Don’t click the links and don’t open the attachments. Talk to your family, friends and business associates and confirm the email really came from them. Most likely, it’s a cyber-attack. Ultimately, if it looks too good to be true, especially an email and even an SMS message, it probably is – so be extra cautious and vigilant this holiday season.
- Be Wary of Porch Pirates. There are hackers who have learned how to track packages online. Some of them may be criminals in your city or town. If they know a package is arriving on your porch when you are not home, they might just nab it. It’s best to have items delivered to your office or a family or friend’s house that you know will be home during the day so they can sign for it and take it inside where it will be safe.
Finally, if someone calls you claiming to be from the IRS or a law firm or Microsoft technical support asking for money these are the three biggest phone scams lately. Never give your credit card or personal information to anyone over the phone, especially if they are calling you. Put yourself on the National Do Not Call Registry https://www.donotcall.gov – it won’t stop everyone but it will cut down on unwanted telemarketers. If you think you’ve been a victim of an identity theft, please visit https://www.identitytheft.gov and follow their instructions.
Gary Miliefsky is the Publisher of Cyber Defense Magazine. He is a globally recognized cybersecurity expert, inventor and founder of numerous cybersecurity companies. He is a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cybercrime and cyber terrorism, also covered in both Forbes and Fortune Magazines. He has been extremely active in the InfoSec arena, a member of Phi Beta Cyber Society (http://cybersecurityventures.com/phi-beta-cyber/), an organization dedicated to helping high school students become cyber security professionals and ethical hackers. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org) and the OVAL advisory board of MITRE responsible for the CVE Program (http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Learn more about him at http://www.cyberdefensemagazine.com/about-our-founder