7 ways to shop safely online during the holidays
Don't wade online with your credit card number and other information without putting a few of these into play
Malware is likely the last thing on your mind when you're buying gifts. But in 2013, hackers stole data from more than 40 million credit and debit cards during the holiday season from people who shopped at Target stores. Shopping online also brings its own concerns. Researchers saw a 20.5% jump in "attempted cyberattacks between November and December of 2016," according to security software firm Carbon Black. When you're opening your digital wallet to buy gifts, someone else might be trying to stick their hand in to get your payment data. Luckily, there are some ways to avoid playing Santa to a cyber criminal this holiday season.
Avoid public WiFi
Step one to avoiding malicious activity when shopping online is to keep the connection between you — and an online store. It may be nice to shop online in a coffee shop, but often routers that serve up free Wi-Fi are configured without automatic encryption. That means anyone in the vicinity with the know-how and motivation can peek in and see all the traffic flowing over a network. Hackers can also set up their own "rogue" networks. Say you're at a local coffee shop, and you see Wi-Fi named "Coffeeeshop" or "coffeeshopwifi": you might connect without noticing anything wrong. But you may also have opened up a direct portal between yourself and someone who's going to see all the data you send.
Try running a virtual private network
If you do have to use public Wi-Fi, your best bet is to obscure the information you send over the web. A VPN, or a virtual private network, allows you to secure a private connection — and create your own little bubble of privacy — over an otherwise wide-open public network. VPNs aren't totally impenetrable, which is why your home internet is still a safer option. But it is much more difficult to hack a private, encrypted connection than it is a public, unencrypted one. VPNs have a slight drawback: due to the added layers of security, they can sometimes slow down loading times. You'll breath easier, though, if marginally slow internet is your biggest problem when surfing out in public.
Set up complicated, varied passwords
While you are online, you really don't want a hacker who got their hands on your Amazon password to then leverage it and access your bank account because you used the same password for both. While we're at it — "passw0rd" or "123456" are truly not acceptable. Maybe you should consider a password manager. At the least, it's best to avoid pop-up and banner ads as a means of navigating the web. Stick to the old-fashioned method of typing known and trusted website domains into your search bar or Google.
There's a suite of free and open-source software out there to make your life a little more cozy when you're online, like HTTPS Everywhere. That's a program courtesy of the Electronic Frontier Foundation, EFF, that automatically encrypts your data no matter what site you visit. It's a no-brainer to install HTTPSE not just once, but as an extension in every web browser you use. Firewalls will warn you when visiting potentially malicious sites, and advanced firewalls will ask for permission any time any program or entity tries to run on your system.
Your computer likely already has a basic firewall built-in, but if you're interested in a more savvy program, ZoneAlarm is a good choice. And if all else fails, you'll want some good antivirus software to get your system clean. Avast, McAfee, Kaspersky, Malwarebytes and others all offer free or free lite-version programs designed to handle the sorts of everyday malware you're most liable to run into.
Opt into fraud alerts
There are also offline ways to make your online shopping life a little easier. Most bank and credit card companies offer free fraud alerts, notifying you when their internal A.I. software detects suspicious spending patterns from your account. Make sure to have those alerts sent to you immediately by text rather than email. That way, in a worse case scenario, you'll sniff out criminal activity when it's a $10 problem, before it becomes a $100 or $10,000 problem.
Get a credit card with a chip
In 2013, when millions of Target customers had their credit cards swiped, the issue was point-of-sale malware — a malicious program copied the data. If you don't have one already, get a credit card with a chip, which can add another layer of security.
Keep in mind though, that you can do everything right and still fall subject to a hack. That means you don't just need to protect yourself from the bad guys online. You'll also have to watch out for the good guys who have your information but can't — or simply don't — protect it themselves.
- Story by Nathaniel Nelson