MILWAUKEE — As the country navigates a year like never before, one software company is reminding consumers to do their holiday shopping smartly and safely.
Check Point researchers said there is an 80% increase in malicious phishing campaigns targeting online shoppers in the form of “special offers” this year, and urge consumers to be wary of “too good to be true” bargains found online as we approach Black Friday and Cyber Monday.
To help consumers protect themselves, the company shared these seven security and safety tips.
1. Beware of “too good to be true” bargains
This will be tough to do, as Black Friday & Cyber Monday are all about great offers. But, if it seems WAY too good to be true, it probably is. Go with your gut: an 80% discount on the new iPhone is usually not a reliable or trustworthy purchase opportunity.
2. Never share your credentials
Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts.
3. Always be suspicious of password reset emails
If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).
4. Always note the language in the email
Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
5. Look for the lock
Avoid buying something online using your payment details from a website that does not have a secure sockets layer (SSL) encryption installed. To know if the site has SSL, look for the “S” in HTTPS, instead of HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below. No lock is a major red flag.
6. Watch for misspellings
Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copy-cat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
7. Protecting against phishing attacks
Understanding the risks of phishing attacks and some of the most common pretexts is an important first step in protecting against them. However, modern phishing campaigns are sophisticated, and it is probable that, eventually, someone will fall for one. When this happens, having endpoint and email security solutions in place can mean the difference between a major security incident and a non-event.