Ask the Expert: Cyber attacks are more frequent during holiday shopping season; here’s what to do

Ask the Expert, Startup Initiatives |

This article first appeared in the Union Leader in December 2019

ALL regularly priced items 75% off; don’t miss this cyber holiday season deal!

Sound familiar?

We’re in that deal-overload period between Thanksgiving and the New Year when holiday shopping and deals run rampant.

The holiday season brings us more email with deals, alerts and special offers, which present an opportunity in the online world for malicious scams and hacking.

This year, Adobe Analytics reported a 19.7% increase in spending on Cyber Monday to $9.4 billion.

Research conducted by Check Point finds that the volume of e-commerce-related phishing websites accessed during the online shopping season has more than doubled in the last year.

With the amount of spending taking place this season, phishing scams present a massive vulnerability to identity theft, false purchasing and misplaced donations.

It’s a time of year when we are purchasing more often and might be rushed to make a purchase without taking the time to properly scrutinize emails and websites.

The Cybersecurity & Infrastructure Security Agency (CISA), a division of U.S. Homeland Security, shared an update to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online.

This isn’t to say that you shouldn’t jump at a great deal to save a few bucks, but in that moment just before you click on the link in an email, stay vigilant and avoid scams:

Avoid clicking links in emails. Clues that might give an attacker away are spelling and layout inconsistency, misleading hyperlinks, generic greetings or a suspicious sender’s address. To avoid or detect these phishing attempts, don’t click directly on links in the email. Instead, hover over a link to inspect the URL, see if it’s an organization you’re familiar with, or go directly to the website altogether and play it safe. The deals will be same whether you’re navigating from the email or starting off on the retailer’s website. And remember, it’s uncommon for a retailer to send an email that includes an attachment, especially if you didn’t anticipate receiving it!

Phishing attempts try to lure you through false links or requests by email. Remember, if it sounds too good to be true, it probably is! And, if you’re unsure but still enticed, find the retailer’s website through a method other than email.

Avoid entering your financial data on nonsecure websites. Attackers may create malicious websites that appear to be legitimate. Verify it’s the correct site before sharing your financial information. These websites would commonly come to you through email or social media. It can be difficult to verify a site’s legitimacy, but you might research the company if you’re unfamiliar with them and look for reviews prior to making a purchase. If it’s malicious, someone has likely fallen for the scam and written about it in a review.

Ensure that the website is encrypted. Your information will be encrypted if the website’s URL begins with “https:” instead of “http:” and a padlock icon. When in doubt, compare the site URL with a legitimate site you visit often and have more confidence in its reputability.

Verify a charity’s legitimacy before making donations. Scammers will request donations in cash, by gift card, or by wiring money, which are best to avoid altogether. If the solicitation is coming from an email or by phone, the safest approach is to pay by credit card or check directly on the organization’s website. You can navigate there on your own and avoid malicious links or paying by phone without verifying the identity of the individual on the other line. Lastly, keep a record of all donations to verify the correct date, vendor name, and amount of the transaction.

How can you minimize damage and avoid harm when shopping online and making donations? Limit the number of credit cards or payment methods you’re using to make purchases easier to track and reconcile. Try using a single, low-limit credit card to make all your online purchases.

And remember, this is a time to spend with friends and family. While gift giving is a sign of appreciation or affection, it shouldn’t come at the risk of your money, data, and information. Avoid potential scams and spend more time with the ones you love!

Ryan Robinson is the chief service officer at Mainstay Technologies located in Belmont and Manchester. Mainstay provides enterprise-level information technology and information security services to organizations of all sizes across New Hampshire and Northern Massachusetts.