Staying Safe on CyberMonday

December 02, 2019
Written by

authy-blog-image

Online shopping doesn’t wait for Cyber Monday. Walmart started dropping prices on October 25th, a full month before Black Friday — the day after Thanksgiving — and consumers were ready for them: 45% of respondents in a recent survey said they already made plans to start holiday shopping before November. In fact, 54% of those surveyed said they intend to shop online during the five days between Black Friday and Cyber Monday.

The popularity of Cyber Monday, combined with the availability of public Wifi and the simplicity of one-touch mobile transactions, gives cybercriminals and hackers with bad intentions a perfect opportunity to take advantage of unsuspecting consumers. As with every year, there are sure to be plenty of bogus websites and phony emails intent on separating you from your money — or worse — your identity. So, if you’re planning on post-Thanksgiving shopping from your laptop or mobile device — now or any time of year — here are two essential tips to help you stay safe.

1. Protect your passwords on any site where you regularly shop or bank.

You can hardly go a day or two without news of some massive data breach. And as they say, “if you haven’t been hacked yet, you’re probably not online.” That means some of your personal information may be already out there on the dark web, for sale for cheap. And while it’s good security practice to make sure your passwords are strong and not easily hackable, many people find changing them to be a cumbersome chore that they put off over and over again — or they simply rely on passwords they easily remember and reuse from site to site. It’s painful, yes, but now is as good a time as any to make your logins stronger. Take care of this precaution before you get into a shopping frenzy and forget.

CHECK PASSWORD STRENGTH:

Good news: you don’t need complicated, difficult to remember passwords for every account. Identify the highest-risk services you use: personal banking, online shopping, healthcare, social media. Take caution with those, but for everything else that doesn’t have an element of high risk (Pinterest, Fantasy Football, etc.), feel free to use easy to remember passwords. Just don’t reuse those easy-to-remember passwords on high-risk sites. That’s the easiest way to get hacked. Think your password is strong enough? Try it out for size here: https://howsecureismypassword.net/.

CONSIDER PASSPHRASES:

For the accounts that need stronger protection, we suggest going for a passphrase rather than a password. Why? Because a passphrase will take significantly longer to break than a common password. Lots have been written about passphrases, so much so that we won’t go into detail here. But we suggest you explore how a passphrase can help you stay more secure. This site has a great introduction and can help you generate passphrases to use on your accounts: https://www.useapassphrase.com/.

USE A PASSWORD MANAGER:

Think of a Password Manager as a secret diary of your passwords, locked by a master key that only you have. Assuming that you choose a strong and memorable master password — one that you’ve not used elsewhere else — a Password Manager a near-perfect way to protect the rest of your passwords from improper access. Password managers don’t just store your passwords; they generate and employ unique passwords whenever you log into a new website. So when you revisit a website or app, just pull up your password manager, copy your newly generated password, paste it into the login field, and you’re in.

Often, Password Managers come with browser extensions that automatically fill in your password for you. You’ll find that most reputable password managers have encrypted sync across devices, allowing you to take your passwords anywhere on any device. There are many out there, so do your homework and find a password manager that works for you.

2. Enable two-factor authentication (2FA) wherever possible.

Better than just changing passwords, utilizing two-factor authentication (2FA) wherever possible, provides an additional layer of strong security linked to your device. That means that if you have 2FA enabled on a particular account, even if an attacker were to get access to some of your information — like a username and password pair — they would still need your second factor of authentication to break into your account. You can use a mobile authenticator app, like the free Authy mobile app, to set up 2FA on a lot of standard web and mobile services.

Adding 2FA is a way more convenient, sustainable, and safe solution than changing passwords regularly. Unfortunately, you may find that you aren’t able to use 2FA everywhere you shop. Many sites still don’t offer this level of protection. But the industry has taken significant steps over the last year to promote wider adoption of two-factor authentication security for companies looking to protect their users. Take a look through http://twofactorauth.org to determine if there are sites and services you patronize that haven’t yet enabled 2FA for account holders.

Other things to keep in mind this CyberMonday (and beyond):

Know who you’re buying from.

Often attackers will try to mask themselves as legitimate sites. To keep yourself safe, only visit sites by manually entering the URL or via Google search results. Also, consider whether or not you can trust the website; it’s safe to assume that the site is secure if there is an “https” at the beginning of the URL.

Don’t respond to email offers that look too good to be true.

As mentioned above, attackers may also try to entice you to click on malicious links or fill out forms with your personal information through amazing offers made to look legit. Hackers are often keen designers and can make a forgery look very realistic. In general, if it seems too good to be true, it probably is. If you’re interested in a particular offer you receive, go to the website yourself rather than through the email link to see if it’s on the actual site.

Monitor your credit card and debit card transactions

During the holidays we tend to spend more. We might buy more spontaneously or pick up the tab more frequently when our with friends. Periods of increased activity give attackers the ability to “sneak” fraudulent purchases without you noticing. So, during ramped-up spending cycles, remember to monitor all of your financial accounts. If you’re checking your statements daily, you’ll be able to stop or prevent further fraud rather than having to go back and try to remember what was purchased—and where—at some point in the new year.

Good news: many financial institutions are employing proactive SMS fraud alerts that allow you to prevent suspicious charges. But don’t rely just on these alerts alone. Be vigilant! With increased holiday spending activity, it’s a lot more likely for something to go unnoticed.

Stay safe and happy shopping!