Top 10 Digital Tips for a Safe Holiday SeasonNovember 18, 2019 - by Matt Scott
Safe Online Shopping
The holiday season is upon us—a time for joy, comfort, friends and family. But it can also be a stressful time for those traveling or trying to find that perfect gift.
As shopping increases at both brick and mortar stores as well as online retailers, the rise in activity makes shoppers an easy target. The number of criminals looking to make some easy money increases as well, and they are ready and waiting to wreck your holidays.
Travel Safety Tips
There are many things that we take for granted with our digital life that expose us to theft. Just like you wouldn’t leave your wallet or credit cards lying around, your digital information must be protected in the same way, whether you are in an airport or rental car. And, with a few precautions, you can reduce the likelihood that you will be one of those easy targets for criminals with these holiday travel safety tips!
Safe Holiday Tips
1. When shopping online, make sure to visit legitimate websites with valid payment services like PayPal or Venmo.
There are thousands of online stores, and when you include private sellers like Etsy or Facebook Marketplace, the potential is staggering for your information to either be dealt with irresponsibly or land in criminal hands. Ensure, prior to payment, that you are visiting legitimate retailers and using valid payment servicers like PayPal or Venmo.
2. Do not click ads to access websites. Type in the address yourself as cybercriminals build doppelganger websites, or look-alikes, to steal information.
When you are navigating websites, closely review the address (URL) that you type in or see in an ad. Many fraudulent sites will make doppelganger sites to legitimate retailers to try and lure away traffic and have you purchase goods with no intention of ever delivering them.
3. Ensure website addresses are secure and start with https rather than http.
When you are visiting smaller, online retail websites, verify the beginning of the address uses “https://” and not “http://”. The “s” indicates they are using a security certificate to protect your information. Also check if they are ecommerce safe and follow Payment Card Industry (PCI) standard guidelines.
4. Do not use open, public Wi-Fi.
The first thing you will probably run into while out and about are all the open Wi-Fi access points. Retailers and cafés provide open connection points as an amenity to draw you in, and often have a ‘login’ or ‘registration’ step you must follow before you can use the network. This is typically done so they can add you to a mailing list to solicit more business.
While that is all fine and legitimate, some bad actors, or cybercriminals, will spoof the open access points and create fraudulent registration pages with password fields. Typically, people sign up for things with the same email address and regularly use the same password. With this technique the bad actor can capture your email and password and then attempt to use them on many other sites to potentially gain access. This can open up your banking, medical, and credit information to illegal use and identity theft.
5. Inspect physical credit card readers prior to making purchases to ensure tampering has not taken place.
When you go to make a purchase, inspect the credit card reader to be sure it hasn’t been tampered with. There are many techniques that credit card thieves use that are hard to see, and physical alteration of the reader is an easier one to spot. To do this, you can grab the cover to make sure it doesn’t pull off, look to see if it is physically intact or if it looks damaged, or if it has been altered with the addition of a skimmer.
6. Consider purchasing an RFID blocking wallet or sleeve to keep your ‘chip’ cards safe.
When it comes to the credit card itself, it’s important to note that today’s modern credit cards come with RFID chips, which makes credit information easily available for purchases. Unfortunately, this also means that thieves can gather your credit information from the cards by passing near you with an RFID reader. You can safeguard your credit or debit card information by storing them in an RFID blocking wallet, or through a cheaper alternative, a blocking sleeve.
7. Do not leave your belongings unattended. And make sure to always lock your phone and configure location services.
Any time there is a large gathering of people the likelihood of physical theft goes up. With the commotion of shopping and the quantity of extra people it is easy to get distracted. This makes it easy for the thief to physically take your mobile devices. Once they have access to your mobile device, they have access to most of your life at their fingertips.
Don’t leave your personal belongings without supervision. Never leave your phone unlocked. If you can, configure mobile wiping capabilities on your mobile devices just in case it is taken. This allows you to wipe the device quickly should it fall into the wrong hands. You should also configure location services on the devices, which will allow you, and law enforcement if necessary, to locate the device after an incident. Many current devices also allow for better access security and have multi-factor authentication options like fingerprint scanners, or facial recognition, or number/swipe pattern locks. If your device has these, they should be configured and enabled for use.
8. Do not use airport Wi-Fi.
Traveling adds to holiday stress, as you are in unfamiliar settings and doing things outside of your daily norm. Always be mindful of the Wi-Fi networks, purchasing options, websites, and physical surroundings as you navigate your way through your trip. Any time you connect your mobile device to another system, that other system has access to all the information on your phone.
9. Do not use airport USB charging stations. Always bring your own charging block and plug it in yourself.
USB and Bluetooth connections should never be done to unknown systems. If you need to charge your mobile device in a public area, such as an airport, you should bring your own charging block and use an outlet. Many airports have USB charging stations and those have been known to allow network access by the bad actors to the connected devices.
10. Do not connect any device to your rental car, as it can store all your phone’s information and make it available to the next renter.
When renting a car, you should never connect your phone by either the USB or Bluetooth to the infotainment system. By doing so, you can easily provide most, if not all, of your contact information to the computer in the rental car. It can store your GPS information while you travel, text information as they come into your phone while connected, call numbers and history, and address book information of your contacts. Once you return your car, all that information is accessible to the next person that rents the vehicle.
Things to Remember
All of the recommendations we’ve made are things you should know and be doing in your daily life. In many cases you already are. The holiday season brings with it abnormally high levels of stress, shopping, and travel. If you are observant, and take extra care, you should have a digitally safe holiday season by remembering this checklist.
About the Author
Matt, Practice Leader, Digital Forensics, has nearly 20 years of experience, and provides consulting expertise to the insurance, legal, law enforcement, private, and public communities on computer/mobile forensics, cyber incidents and failure analysis. He investigates computer-related crimes, cyber incidents (breach investigations) and/or ransomware. He also has vast experience determining origin and cause of failures, and is highly proficient in multiple programming languages.