Cybersecurity for the holidays Cybersecurity for the holidays Cybersecurity for the holidays

'Tis the season—to be vigilant with online shopping. Crossing off your gift list with a digital cart has its advantages (we both do it, too), but the holidays have a way of attracting those who are eager to take advantage of the rush. The good news is that by recognizing the red flags and practicing good cyber hygiene, we can all can click ahead with greater peace of mind.

Good cyber hygiene starts with recognizing that the holiday season is prime time for online fraudsters. Retailers of all shapes of sizes are doing an increasingly excellent job of putting cybersecurity controls in place, but as transaction activity ramps up, cyber criminals rely on consumers letting their guard down and rushing to jump at online deals—at the expense of digital security.

To stay safe, look out for common red flags, such as:

• Unfamiliar addresses: Cyber criminals often present themselves as familiar stores or brands to lure you into giving up personal information. Your browser should give you a preview of where the link is pointed, and if the address seems suspect or different from the site's regular address, it's best to leave it unclicked.
• Suspicious communications: The holidays have a way of filling our email inboxes with sales and promotions. Many of these might be from valid sources, but some will be from cyber criminals hoping you aren't paying attention. If you spot odd grammar, spelling mistakes, or messaging that appears off-brand, try verifying the promotion or sale directly with the retailer or simply click "delete."
• Asking too much: "Social engineering" is the practice of tricking consumers into giving up their personal information for any number of nefarious reasons. Cyber criminals attempt to ply this information through surveys, phishing emails, or even phone calls that purport to be from reputable sources. Be extra cautious about who you're speaking with and what you're sharing.

The short version? Be on your guard. Retailers have a lot riding on the holidays, too, so you can trust they are taking every precaution to protect their customers.

Stepping up your cyber hygiene
All the same, consumers can also do a lot on their end to enjoy the advantages of online shopping with far fewer risks. That begins with practicing essential cyber hygiene habits:

• Shop from your device: It's good practice to use your own connected device when making purchases online. You can't be certain someone else's device hasn't been compromised or will leak your information.
• Connect using secured wi-fi: Cyber criminals use technologies to "pull" data from public and unsecured wi-fi hot spots. Instead of shopping on a free customer network, save it for when you're at home and linked to your own network.
• Verify the app: Some retailers require consumers to download a specific app to shop online. App stores are generally good at weeding out the scams, but it still pays to read reviews and apply common sense. If the app doesn't have many downloads, has bad reviews, or simply seems "off," your best bet is to avoid it altogether.
• Look for cyber security verification: Many online retailers have had their cyber security systems verified by a third-party. Look for these verification symbols for added assurance.
• Review your statements: Pay close and consistent attention to your financial statements (e.g., credit card, debit, digital wallets, etc.) to ensure everything lines up.
• Consider a trusted payment system: There are online services that serve as "middlemen" between buyers and online retailers. Consider using one that offers buyer protections, which can add peace of mind to your shopping.

What to do when you think you've been scammed
In our experience as cybersecurity professionals, we can attest that even the most diligent consumers can fall prey to cyber criminals. The important thing is that you act quickly when you suspect foul play.

The first step is to stem the damage. Immediately change your online passwords and, we recommend using different passwords for each of your accounts. Next, enable enhanced security measures where possible, such as two-factor authentication.

It's also important to report the event. If you notice a fraudulent charge on your credit card, get in touch with your financial institution as soon as possible to explore your options, and consider reporting the event to the Canadian Anti-Fraud Centre. Of course, there's value in reaching out to law enforcement, too. Not only might they be able to use their resources to track the fraudsters down, they can also combine your case with other reports to generate criminal intelligence that can help prevent similar scams.

Online shopping can be convenient and cost-effective, and retailers are doing their best to make the experience as secure and productive as possible. Still, there will always be an element of risk with any consumer transaction. Remaining vigilant and prioritizing good cyber hygiene will go a long way to securing your holiday shopping transactions.