NEW YORK (MainStreet) — Hackers are fond of holidays, especially ones where consumers are buying last-minute gifts online.
Online criminal activity increases around holidays, especially Valentine’s Day and Presidents Day when shoppers are more careless and phishing schemes and other attacks are even more prevalent. Cyber criminals are armed with malicious programs that can steal a person’s information with just one offhand click on a laptop or smartphone.
Hackers have been planning ahead for weeks to try and get unsuspecting users to click on links or go to websites solely designed to steal your identity or money through fake websites and spam campaigns, said Tom Chapman , director of the cyber operations group at Edgewave, a San Diego-based cyber security firm.
When you are shopping online or looking for the best deal, type the website in manually instead of just clicking on a link from an email or an advertisement banner, he recommends. Or google the website, because cyber criminals can disguise links easily.
“I can make the link Yahoo.com, but it will take you to Google,” Chapman said. “However, if I typed Yahoo.com in my browser, it will take me to the correct website.”
The Internet has deals constantly to lure you into buying deeply discounted items, especially gifts for friends and family. If the deal looks too good to be true, trust your instinct, because the majority of those deals are misleading.
“No one sells a dozen roses for $5,” he said. “Even if they did, they are probably not great roses. The same goes for Ugg boots, Oakley sunglasses or other high-end items. The lure of cheap items gets people to click on the bad link or ad.”
Avoid shopping when you are out grabbing coffee or when you are accessing public Wi-Fi, because “secure Wi-Fi is really a misnomer,” Chapman said. Public Wi-Fis are open connections, and it is too easy for hackers to gain access. Even if you have to use a password to access it, that means everyone else in the store also has access to it.
When you are surfing in public, make sure you are using “https” to connect to sites, which means the transactions are encrypted. If it is possible, use a VPN instead. They are not difficult to set up, inexpensive and can shield you snooping from criminals, he said.
Use two- factor authentication as much as possible and on sites that have it. Many email and social media have the option available. Even if a snooper gets your password, he won’t be able to log in.
One way to prevent your email from being corrupted is to ensure that your email application doesn’t automatically download attachments, said Paul Lipman, CEO of iSheriff, a Redwood Shores, Calif. cloud security provider.
Keep your anti-malware software updated, and only download apps from trusted app stores such as iTunes and Google Play.
“They should run a security application that can scan other apps for potential vulnerabilities and protect against web-borne mobile threats,” he said. “Cyber criminals know that tens of millions of us will be going online to buy gifts, cards and candy hearts, and they simply step in front of this flood of clicks and transactions since they expect they will be able to snare many unsuspecting victims along the way.”
It is easy to be fooled into installing apps from dubious sources by clicking links we receive in text or email messages from seemingly authentic sources, said Michael Shaulov, CEO of Lacoon Mobile Security, a San Francisco-based mobile security company.“Sometimes we can be fooled or we can be tricked easily into clicking malicious links in banner or pop-up ads,” he said. “Cyber criminals use this technique to get you to install fake or altered apps that compromise device security. Think twice when clicking on links offering free apps, even if they’re shared with you from friends, family and colleagues.”
While installing apps is fast, be wary when ask for broad permissions, which most of us grant without question, Shaulov said. When you are installing or updating apps, take the time to carefully review the requested permissions.
“Stop to consider when apps ask for more than they seem to need or if an update requests additional permissions it didn’t need before,” he said. “If a flashlight app is requesting access to your contact list, there could be something to worry about.”
Know where your data from the app is being stored since sometimes it is stored on the device, sometimes it is in the cloud and sometimes it is not even stored at all,” Shaulov added. Knowing where an app is keeping your sensitive data should be a “significant part of vetting its security, both for personal and enterprise apps,” he said.
Check for conspicuous consumption on your phone, and always be wary if one app is using too much data. The primary way malicious apps get data into the hands of cyber criminals is by sending it a remote server, he said. Keep an eye on your monthly bill, since the hackers can extract data from your phone, which will result in higher data usage or unusual usage patterns. Some apps like YouTube or backup solutions will use a lot of data for a good reason.
“If you notice high data use from an app that seems strange like a wallpaper app or from an unfamiliar app you don’t remember installing, be suspicious,” Shaulov said. “This could be an indication that someone’s been stealing sensitive data off of your device.”
Sharing passwords with anyone should be verboten, even among people you trust, since the information could be leaked or shared without your permission.“Don’t share passwords with anyone, including significant others and family members,” said Michelle Dennedy, vice president and chief privacy officer for Intel Security, a Santa Clara, Calif. cloud security provider. “If you need to share it, create a unique code just for that account and change it immediately if you suspect foul play.”
Deleting data not only will make your phone work faster, but it could also help you save face later on. If you send personal or intimate messages, make sure to delete the content from your device and in the cloud as soon as possible, Dennedy said. A 2015 Intel Security study found that 32% of respondents in the U.S. admitted that they know their significant other’s bank or credit card passwords, and more than a quarter of them don’t delete intimate media after sharing them with the intended recipients.
“It can save you from years of damage control for your reputation later on, both online and offline,” Dennedy said. “The Internet is forever – once you share, post or tweet, your private information is available to the public and is out of your control, so be mindful of what you are sharing.”
–Written by Ellen Chang for MainStreet