1. Email accounts were one of the items targeted during this year’s surge of high-profile retail breaches. Given this, we expect even more malicious phishing campaigns than usual so do not open any unexpected emails, especially from third-party vendors. Specifically, be wary of unsolicited emails, phone calls or SMS messages offering deals, giveaways, promotions, charities or other shopping incentives. Fraudsters are better equipped this Christmas season, they will start their campaigns building on all the data they’ve collected through this year’s breaches – they will exploit anything they can.

2. Take care when clicking on sponsored advertisements or banner-ads when trying to visit an online store. These ads can be hijacked by attackers for nefarious purposes, such as redirecting users to bogus sites posing as legitimate stores, or malicious sites rigged with exploits and spyware. Visit legitimate sites directly rather than through third-party ads or URLs.

3. If possible, use only ONE credit card for all your online purchases. This will make it easier to monitor your balance for any unusual transactions while limiting the amount of exposure of your banking and credit card credentials on the Internet.

4. Avoid using a debit card for online shopping and in-store purchases. Debit cards give attackers a direct line to your bank account while typically not providing the same standards for fraud protection and liability compared to credit cards.

5. Ensure each site is encrypted with HTTPS and has a valid certificate authority (CA) before entering any payment information online. The CA can be checked by clicking on the green lock symbol in the URL bar to see if the identity is verified. It should also provide the encryption strength under the “Connection” section.

6. Avoid installing mobile apps for shopping programmes or anything ‘temporary’ for the Christmas season – such as events or shopping programmes – as these applications could have access to all kinds of things in your phone and you have no real idea what they’re doing with the data.

7. Practise good password hygiene. Update your accounts with new unique passwords that are long and complex, with a mix of lower and upper case letters, numbers, spaces, and symbols. Passwords should be more than 8 characters long – length equates to randomness, making longer passwords harder to crack. Sites such as howsecureismypassword.net allow you to test the strength of your passwords.

8. Do not use the same password for more than one account. Use a password manager application if you’re having trouble remembering all your unique passwords across accounts.

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago