Like it or not, the holidays are almost here. While you might have mixed feelings about the jolly season approaching, now is a great time to get yourself —and even your spouse—that knick-knack you've been eyeing. It's important to make sure your year-end shopping spree isn't spoiled by cybersecurity threats, hackers or scammers.
Read on to learn how to best protect yourself when shopping online this holiday season.
1. Protect Your Identity With Different Passwords
One of the best ways to protect yourself is to avoid using the same password for every website. Also, please don't use “password” as your password. Passwords should be a random string of alpha-numeric characters and symbols, such as b0R@m3ir or !@$#!@K$223.
Basically, your password needs to be something someone could never guess.
Since creating and remembering potentially dozens of random passwords is completely impossible for the human brain, you'll need help to keep track. Fortunately, free password manager widgets are available for your web browser. Two common managers are LastPass and Dashlane. Both of these password managers run on the “freemium” business model, offering a free base service as well as an upgraded paid version. For most people, the free version works just fine.
Unfortunately, no password manager is foolproof. Speaking from experience, both LastPass and Dashlane are imperfect. They may sometimes not save a new password or new login information. Still, the software is much better than the dangerous alternative of using the same password for every site. (For related reading, see: Detailed Ways to Protect Digital Data.)
2. Install Anti-Virus Software
Installing a quality anti-virus program takes just a few minutes and can be a relatively painless process. Popular consumer expert Clark Howard suggests a variety of free anti-virus programs on his website. Like the password apps, many anti-virus offerings run on the "freemium" model.
3. Keep Software Updated on Your Personal Computer
Bree Fowler of Consumer Reports recommends updating anything and everything on your personal computer. This means updating your:
- Operating system (OS), be it Windows 10 or whatever large predatory cat Apple is now on
- Web browser, be it Chrome, Firefox or Safari. If you’re using Microsoft Internet Explorer, stop to ask yourself why. Seriously, why are you still using Microsoft Internet Explorer?
- Your anti-virus software
Now that I’ve told you to update your software, you should know there are many common scams that pretend to update your software but actually end up infecting your computer. Here's how you can spot the difference: When you are legitimately updating your computer’s existing software, you’ll be doing this from within that very software, not from a pop-up or banner ad you see on a website. For example, if updating Avast anti-virus, open your existing Avast program and select "Update."
Update your software from within that very same software. Don't click on random messages you come across online to update your software. You should never click on an online link that says any variation of: "Urgent: your software is dangerously out of date. Click to instantly update!"
One red flag of bogus invitations to install nasty stuff on your computer is the severity of any given warning. The more urgent and perilous the message, the higher probability it’s a total scam.
One virus circulating the internet right now begins with a prompt to update Adobe Flash. If you think your Adobe software needs updating, go straight to the source. Do not click on anything anywhere else. The same applies for any other software you have that may need updating.
No matter what, go straight to the source!
4. Enable Two-Factor Authentication
As a financial planner, I’ve sat through more than one presentation on cybersecurity. One thing I've learned is enabling two-factor authentication (2FA) is the best way to stop hackers. With two-factor authentication, you are prompted to enter a one-time passcode each time you log on. This passcode can be delivered via email, as an SMS message (text message) to your phone or be on a physical or software-based token.
If possible, choose anything except SMS delivery. Tech guru Bill Winterberg warns that SMS is the least secure delivery option available. However, 2FA via SMS is better than no 2FA at all.
5. Never Use Public Wi-Fi Without a VPN
Using public wi-fi without a virtual private network (VPN) is asking for trouble. It’s akin to publicly broadcasting your personal information. If you log into any account over public wi-fi—be it Facebook, your bank or your email—that information is available for anyone sophisticated enough to see it.
What’s public wi-fi? It’s the wi-fi at your local coffee shop, a hotel or the airport. If you think you’re safe using wi-fi at a conference that’s only accessible via password, think again. I’ve gone to more conferences than I can count where wi-fi login information—password included—is displayed on the tables for everyone to see. If anyone can see the password, what’s the point of having a password!?
The secure solution is to use a VPN. A VPN is a piece of software that you install on your computer or mobile device that allows you to use a wi-fi connection securely. So, if you’re connecting to wi-fi without a password, or with a password that anyone can see, you’ll be browsing much more safely with a VPN. (For related reading, see: Online and Mobile Banking Precautions and Safeguards.)
6. Ignore Fake Courier Messages
Even outside of the holiday season, I have received countless spammy e-mail messages about pending or delayed shipments. These have come from “USPS,” “UPS,” and “FedEx.” Don’t fall for it!
The United States Post Office (USPS) is not in the habit of using email messages or phone calls to communicate shipping exceptions, warns Anthony Giorgianni of Consumer Reports. Instead, you can expect a notice at your door. If you get a phone call from USPS, it’s likely a scam. The best move is to hang up.
Do not provide these fraudsters with your personal information, as the fraudsters will attempt to glean your birth date, Social Security number, or other personal information. Scammers use this information to perpetrate identity theft, as well as other crimes. (This is another good reason why it’s always good to freeze your credit report, too.)
7. Avoid Deals From Unknown Websites
As the old saying goes, if it’s too good to be true, it probably is. Giorgianni warns of two ways scammers try to separate you from your money. The first warning is for any random website offering a popular product at an insanely low price. When you see this, don’t immediately enter your credit card information. Your best bet is to Google the site name and the word “scam” to see what the deal is.
If you see a deal that's too good to be true, do your homework!
Craigslist also warns that all transactions made through the website should be done in person. By doing this, you’ll avoid 99% of scams on the site. If you’re holiday shopping on Craigslist, there’s no reason to make an exception to their rule. Run screaming from anyone on Craigslist who insists on paying via a wire transfer without ever meeting in person.
Protect Yourself from Online Scams This Holiday Season
If you're not already actively trying to protect yourself from hackers and scammers, the best time to come up with a strategy is now. Most of the techniques listed above are free and only take a few minutes of effort to employ. Best of all, they help ensure your safety, privacy and security when shopping for your Christmas, Hanukah, Kwanza, Festivus or Winter Solstice gifts.
I can say with confidence that I’ve got all of the above checked off. With that in mind, I’m looking forward to safely, securely, and privately purchasing a five-gallon glass fermenter for myself (and my wife too) this holiday season!
(For more from this author, see: Skip the Fake News and Choose Boring Investments.)