Hacking the Holidays: Online Shopping

The Holiday season always brings two things: cooler weather, and a relentless increase in online shopping. Clearly being a much easier form of shopping, you can stay home, avoid traffic, and click a few buttons to have the items directly sent to your loved ones, saving time, energy, and aggravation.

But where is the fun in that without a tradeoff?

An ever-increasing percentage of people shop online, especially during the holidays; and because of this, consumers are more vulnerable to scams and hacks. The statistics show that around a 14 percent increase in fraud attempts are occurring during the 2018 holiday season. Since more people are looking for great online deals, they are more susceptible to spam emails, phishing attempts, and even completely fake applications promising amazing discounts and savings.

Some cyber-security companies have tactfully searched mobile apps specifically looking for applications containing “Black Friday” and “Cyber Monday” in the search terms and out of those results, more than 5.5% of them were malicious featuring credit card number skimmers to steal card information. Couple that with the number of online transactions from mobile phones (40% in 2017) during the holidays and Black Friday, it becomes an even bigger concern.

The threats generally come from three major sources: online shopping, airline travel, and phishing emails. While online shopping exponentially grows, so do the quantity of hacking attempts. Just partially this year, between July and September, there were an estimated total of 9.2 million hacking attempts to online stores and online shoppers. People are often lured with fake deals, ads, or auction listings and as the end of the season nears, online shopping desperation yield a higher number of successful hacks.

The holiday season is also the busiest travel time of the year, from Thanksgiving all the way to New Year’s Eve. In 2017, travel related fraud increased by 37 percent and is expected to be similar this year, with online travel scams as the main culprit. The other most common form of travel fraud is “account takeover” were a hacker uses your password to login to your travel account and steal financial data or use URL links inside of confirmation emails to redirect you and steal personal information. Regarding emails, about 91 percent of cyber-attacks start with a phishing attempt. The reason why it usually starts with this type of attack is because they are generally successful by impersonating legitimate emails that most people would consider normal and ordinary (online purchases, delivery notifications, security updates). The biggest difference here is that these attacks will always request an action, i.e. “click here to receive your discount code.” For a phishing email to do anything harmful, there must be some form of cooperation on the recipient’s end. Therefore, it’s imperative that you know the true legitimacy of the email and where it is coming from.

There are a few tips to deal with online fraud during the holiday season, but ultimately, it is the user’s skepticism that is at the forefront of the battlefield. Obviously, you should also be using strong and unique passwords, be cognizant of data you share on social media, and use utmost caution when receiving a phone call or email from someone claiming to be from a bank or credit card company. You should also avoid using alternate payment options and look for sites that have adopted the https:// security standard. If adhered to properly, this advice should greatly reduce your risk of being susceptible to hacking attempts. Either way, always be cautious, skeptical, and follow the golden rule: If something seems to good to be true, it usually is.