“It’s the most wonderful time of the year”—or is it? Unfortunately, it can be the most wonderful time for criminals, who try to prey on financial generosity through scams and frauds. Extra vigilance is needed during the holiday season to protect organizations and their employees.
It’s often easier and more convenient to shop online, but with convenience comes risk and the need to be aware. As online shopping has expanded, so have criminals’ attempts to steal from holiday shoppers. And since this shopping is often done on devices connected to an organization’s network—making the company’s confidential data vulnerable—it’s important for organizations to educate their employees about trending online scams and how to shop securely.
Shopping Online Securely
Whether they are using a work-issued laptop or a personal device, encourage employees to take these important steps:
- Confirm computers, mobile devices, and other devices have the most recent software updates. Taking this first step provides an extra layer of defense against viruses and malware.
- Don’t access a product’s website through social media ads. “Sponsored” or “ad” links could lead to a scam website. Make sure to purchase items directly from the official site, even if it’s cheaper to follow a social media advertisement for a product. It will be less problematic and more secure to buy directly from an official site, especially since if an issue later arises, the purported business may not assist with a resolution.
- Be wary of deals that are “too good to be true” or have a short time limit. Criminals advertise major discounts and use high-pressure tactics to draw victims to their site. The products are cheap—often because they are counterfeit or even nonexistent.
- Use familiar, trusted sites and apps for holiday purchases. Watch for counterfeit sites that appear to be real, but instead are fake and want to steal money. Legitimate merchants offer details about the product, include user reviews, and explain the site’s customer service and return policies in language free from spelling and grammar mistakes. Apps should only be installed from official app stores, and time should be taken to note and limit the permissions that the app is requesting.
- Use a credit card for online purchases, not a debit card. Money is deducted directly from a bank account with a debit card; depending on the bank’s fraud investigation policies, if fraud is committed, recovering the money can be more difficult on debit card purchases. Having one credit card dedicated to online shopping, if possible, makes it easier to manage and monitor purchases. Secure and well-known payment services, such as PayPal, can also limit financial exposure if a site or app is fraudulent.
- Confirm recipients before using a P2P service. During the holiday season, some people opt to send their loved one’s money. It is imperative that this is done securely. Common peer-to-peer (P2P) payment services, such as Zelle and Venmo, offer quick, secure digital money transfers, usually sending it to a contact’s email address, username, or phone number. Although the convenience and simplicity of these applications has drawn in many users, this same simplicity allows criminals to target users through hacking, social engineering, or other scams. Carefully review the recipient’s information before sending any money, because the option to withdraw a transaction may be unavailable after money has been sent to the recipient.
- Be wary of cryptocurrency transactions. Cryptocurrency apps can be an easy way to send money to someone, but criminals take advantage of many people’s lack of knowledge about cryptocurrency to perpetuate scams. Keep in mind that cryptocurrency transactions are irreversible—there is no recourse in the event of fraud, theft, or even user error. If planning on gifting someone crypto, take the time to confirm the transaction before sending.
- Be wary of typing personal information into a chat box. An unsecure chat box could allow hackers to steal names, addresses, passwords, and credit card numbers. Criminals could also eavesdrop or convince a customer to install a malicious program. If prompted to enter personal information or to download an app while in a chat box, take a moment to determine if the site is secure and if the requested information is needed. Consider a phone call or other means to provide that information.
- Only give information that websites require be provided. The more information shared, the more information is available to criminals—making people more vulnerable. Read the website’s privacy policy to confirm how personal information will be shared.
- Only shop when connected to trusted networks. It takes only five minutes for hackers to establish a malicious Wi-Fi network. Even if a Wi-Fi network appears legitimate, such as requiring a password for logging in, never shop when connected to free or public Wi-Fi to prevent others from spying on transactions.
- Pay attention to tracking information. Criminals prey on consumers’ frequent purchases by creating fake shipping alerts. Do not respond to texts or emails that ask for a link to be clicked or a number to be called to confirm a delivery. Instead, visit the shopping website or app to check for delivery dates and information using the confirmation details that were provided during checkout process.
- Close accounts and delete apps if that vendor won’t be used in the future. Consider contacting the vendor and asking if personal information can be permanently removed. Monitor incoming statements to confirm that fraudulent purchases are not made with that vendor in the future.
Donating Securely Online
Organizations can advise employees of the risk associated with donating money to unreputable charity organizations. Unfortunately, criminals take advantage of people’s generosity by sending fraudulent emails, setting up fake social media accounts, creating phony websites, and launching bogus crowdfunding campaigns to prey on those who want to help.
- Do due diligence before donating to any charity. Before donating any money or goods to an organization, research the charity, even if it is well-known and has a proven track record. Reach out to a newly established charity for details about its mission and plans—even though it might be legitimate, it may not have the infrastructure to be effective. Confirm that a charity is registered with a federal or state government, which means that the charity must follow certain regulations. Keep in mind that reputable charities will not try to aggressively pressure anyone into donating.
- Avoid donating to unfamiliar organizations. The links below (among others) will assist in verifying legitimate charitable organizations:
Organizations can ensure their employees and their data are protected by emphasizing the importance of security over convenience during this holiday season. With hybrid work schedules allowing many employees to alternate their personal and professional activities when using a work-issued laptop or mobile device, it’s important to ensure employees are alert to all threats to their cyber safety.