Editor’s note: Wired for Safety is a column on cybersecurity and other tech issues. Duane Dunston is an assistant professor of cybersecurity and networking at Champlain College. He received his bachelor’s and master’s of science from Pfeiffer University. From 2001 to 2011 he worked in cybersecurity for NOAA. He is a doctoral student at Northeastern University with a concentration in Curriculum, Teaching, Learning, and Leadership. His other activities include “You Have A Voice,” a project to develop an electronic screening assessment to identify human trafficking victims.
[C]yber criminals take advantage of the holidays by sending emails with viruses or programs that can harm computers or compromise or steal a person’s identity and financial information. Phishers attempt to gather information from you by throwing out bait — such as a fake email from your bank requesting your username and password — and hoping you’ll bite; thus, the term “phishing.”
Also, please understand that even if you have a Mac, you are not immune to viruses, phishing or other security vulnerabilities.
(It’s important to know that many banks have a policy against refunding any money lost if you willingly provide your credentials to someone and that person performs financial transfers or purchases with your credit card. If you provide your credentials to a phisher, you may have a hard time convincing the bank you were not at fault.)
If you give to charities, give directly to the organization via its official website, or visit the office and give directly. I’m not trying to undermine the good charities and folks who have street donation stands set up; I’m just asking you to be aware.
And here are some safe holiday shopping recommendations:
• Beware of bogus delivery confirmation messages, especially if you ordered a package and are waiting on a confirmation. The holidays are a prime time to get hooked by one of these types of messages. Regardless of whether you have a Mac, Linux or Windows, entering your personal or financial information on a website is a feature provided by all of those operating systems. Accordingly, you could fall victim to a phishing campaign and inadvertently provide your credentials or financial information to a criminal.
I can’t overemphasize this one, folks. Even if you are expecting a confirmation, visit the delivery service website directly. Copy the tracking number in the email. Manually type in the website for the shipping company, instead of clicking the link in the email. Then paste the tracking number into the website. UPS, the U.S. Postal Service and FedEx are the most popular delivery methods. Make a note of their legitimate web addresses: www.ups.com, www.usps.com, www.fedex.com.
• If at all possible, and it is within your budget, try to shop with reputable online sellers, such as Amazon.com, Yahoo.com or jcpenney.com. A “secure” site brandishing a locked padlock could still be fraudulent. A criminal can pay nothing or about $30 to get a valid security certificate (to display the padlock) to lure you to the site.
• Be attentive of low-price items and the shipping cost. Some companies offer the item at a low price, but the shipping can cost a lot of money. Users on eBay are notorious for this practice.
• Some reputable companies will hire a third-party organization to handle financial transactions, to minimize the load on their system. Encrypted information on a secure site requires more bandwidth and system resources, so it is a common practice during the holidays. Call the company you want to purchase the item from and ask it to verify the name of the third-party organization handling the financial transaction. And let THEM tell you the name of the company.
• Stay away from resellers that want you to pay for items through a third-party organization called an “escrow” company. These pop up often and can be fraudulent.
• If you are using instant messaging programs, it is best to close those applications entirely before shopping online. A lot of people look at the keyboard when they are typing, and it is very easy to have an instant message window pop up as you type sensitive information and to press “Enter” before verifying what was typed. Notice how if you use your Google Web Calendar, it pops up and switches to the Google Calendar screen; that’s similar to what can happen if an instant messaging window opens while you are typing.
• Have the latest antivirus software. This will help find programs such as keyloggers and backdoors that try to capture personal information.
It really comes down to being aware. If you shop with Amazon.com, for example, you can be pretty much assured that your credit card information is being sent over a secure connection. The same can’t be said for all online sellers.
