Buyer Beware: Tips for Secure Online Shopping During the Holidays

November 18, 2020 | 3 minute read

If 2020 has taught us anything, it is to expect the unexpected. The global pandemic has shown that people have heart and are very resilient in the face of adversity. For cyber criminals, 2020 year has been one of the most profitable in history, as we have seen a massive uptick in cyber-related criminal activity, scams and fraud. 

Innocent people and unsuspecting businesses have been victimized through tens of thousands of cyber attacks exposing hundreds-of-millions of consumers around the world to fraud through ransomware attacks, phishing email scams. and other threats. These attacks have resulted in billions of dollars of losses. 

As we enter the homestretch of 2020 and the holiday shopping season gets underway, retailers should expect to see an increase of cyberattacks on their networks, mobile shopping apps and infrastructure. In fact, Cybereason recently uncovered a wide-scale cyber attack targeting the customers of the largest Latin American ecommerce platform, Mercado Livre, with more than 300 million registered users. This multistage attack is targeting shoppers of Mercado Livre in Brazil by trying to steal their credit card numbers, login credentials, financial and other sensitive information.  

Mercado Livre isn’t alone in 2020 as popular retail sites and ecommerce platforms such as Amazon, eBay, PayPal, Shopify, Stripe, WooCommerce and Wix Stores have been hacked in 2020 or targeted due to their reach. It’s not surprising to see an uptick in attacks against the customers of these popular companies estimates that online holiday shopping in 2020 will increase 35 percent and holiday sales will reach $731 billion. With the National Retail Federation expecting a record 60 percent of consumers shopping online during the holidays, this surge will lead to more attempts by cyber criminals to steal shoppers credit card numbers, social security numbers, and other proprietary and personal information. 

Humans are the weakest link in the cybersecurity protection ecosystem. Shoppers will click on links, download information from dubious websites, and unsuspectingly fall victim to fraud because they still believe attackers won’t target them.

Consumers need to be vigilant in order to combat the potential online risks, improve security awareness, increase security hygiene, and not lapse into a false sense of security. Shoppers flocking to online sites for their holiday shopping this year can do it safely and securely by following Cybereason’s recommendations, including: 

Never click on the links you receive in emails, as they could be phishing scams. One of the most popular scams run by attackers is sending phishing emails purporting to be from a retailer with a great holiday offer. Be suspicious and don’t click on the links in the email. Instead, cut-and-paste the promo codes in the emails and go directly to the retailer's websites for more information. 

Keep your devices up to date with the latest software updates. Never download mobile shopping apps from unofficial or unauthorized sources. Most legitimate apps are available from Apple's App Store or Google Play Store. Attackers prey on consumers and dupe them into downloading fraudulent apps tainted with malware.

Don't fall for smishing (SMS phishing) attacks where hackers infiltrate mobile devices through social engineering, where consumers knowingly or unknowingly divulge personal information. Attackers will send consumers fake text messages to lure victims to click on links which direct them to malicious web pages.

Consumers should monitor their credit cards daily during the holiday season for suspicious and unauthorized charges. 

Consumers should pick one of their credit cards or debit cards for their holiday shopping purchases to more easily manage and monitor transactions. Consumers should consider putting a temporary hold on all but one or two credit accounts during the holiday season.

• Because data breaches lead to password theft, consumers need to regularly update their passwords. Do not use the same passwords repeatedly. Surprisingly, consumers still use passwords such as 'password' or ‘1234567.’ Consumers should also consider using a password manager because they are easy to use and are safe. Reputable products include, NordPass, LastPass and 1Password. Some companies are offering FREE 30-day trials on their services. 

Never visit dubious websites and do not download anything.

The holidays are a time of great joy and reflection for many people on their accomplishments and achievements throughout the year. It is a time of love and appreciation for family and friends. Unfortunately, the holiday joy can soon become misery because of the growing risk cyber thieves pose to shoppers and holiday revelers. 

Be safe, and be on the lookout for cybercrime attempts that might just come across your personal devices through phishing emails and other scams. Diligence will reduce the holiday shopping risks facing every shopper around the world this year. 

Kyle Flaherty
About the Author

Kyle Flaherty

Kyle Flaherty, VP of Marketing at Cybereason, is a tech marketing executive who is known for launching high profile technology startups with four successful exits. His passion is to not only message technology and branding of an organization, but to build award-winning marketing teams that work in lock-step to rapidly produce demand, partner with sales, and drive measurable results to impact the bottom line.

All Posts by Kyle Flaherty