Cyber News Roundup: Security Tips for Shoppers this Holiday Season

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Whether you’re buying sweaters, perfume, video games, or fruitcakes — shoppers beware! Just as sales are in progress everywhere this time of year, so are cyber thieves and cyber scams, as we are amidst the biggest shopping season of the year. The National Retail Federation expects a record $859 billion in holiday sales in the U.S., an increase of 10.5% compared to 2020. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other industry leaders are warning shoppers to proceed with caution. 

KATU reports that there were 17,000 cases of fraud schemes in Oregon last year. “Officials expect that number to increase this year as criminals get savvier.” The FBI says that internet scams continue to grow and that scammers are out in full force. Special Agent Kieran Ramsey, who is in charge of the FBI’s Portland Field Office states that the current state of things will likely bring out even more con artists. “We have rumors of merchandise shortages. We still have the global pandemic pushing people to shop online. And then, unfortunately, we have the perpetuation of any number of these schemes, where they just vary slightly in one way or another. And bam, people unsuspectingly get caught in some kind of fraud scheme.” 

The FBI offers these 13 tips for consumers to protect themselves when shopping online, as reported by KTVZ: 

1. Pay for items using a credit card dedicated for online purchases, checking the card statement frequently, and never saving payment information in online accounts. 
2. Never make purchases using public Wi-Fi. 
3. Beware of vendors that require payment with a gift card, wire transfer, cash, or cryptocurrency. 
4. Research the seller to ensure legitimacy. Check reviews and do online searches for the name of the vendor and the words “scam” or “fraud.” 
5. Check the contact details listed on the website to ensure the vendor is real and reachable by phone or email.  
6. Confirm return and refund policies. 
7. Be wary of online retailers who use a free email service instead of a company email address. 
8. Don’t judge a company by its website. Flashy websites can be set up and taken down quickly. 
9. Do not click on links or provide personal or financial information to an unsolicited email or social media post. 
10. Secure credit card accounts, even rewards accounts, with strong passwords or passphrases. Change passwords or passphrases regularly. 
11. Make charitable contributions directly, rather than through an intermediary, and pay via credit card or check. Avoid cash donations, if possible. 
12. Only purchase gift cards directly from a trusted merchant. 
13. Make sure anti-virus/malware software is up to date and block pop-up windows. 

Jen Easterly, director of CISA, confirms that cyber criminals will be hard at work looking to target online shoppers. In a CNN opinion piece, Easterly says that the holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is to get a hold of consumers’ personal and financial information to compromise your data, insert malicious software, steal your identity and take your money. She recommends these four consumer-protection tips: 

1.  Start by protecting your devices. Mobile phones, computers, and tablets all ask you to install software updates, which include the latest security features and patches. Protect your devices by downloading the latest software updates. The easiest way to do this is to enable automatic updates. Next, take a look at your online accounts and make sure they have strong passwords. Make sure you use different and complex passwords for each account. Consider using a password manager so you don’t have to remember the complex alphanumeric combinations that make passwords harder to crack. 
2.  Turn on multi-factor authentication. The most important thing you can do to protect your online accounts is to implement multi-factor authentication. Your email, your online bank, social media accounts should all allow you to turn on multi-factor authentication. This means they’ll use an additional piece of information to verify your identity. It can be something as simple as receiving a code via text message, but for even greater security, you can use a security key or authenticator app. 
3.  Know how to spot phishing scams. Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails that are designed to look like they’re from retailers but are actually designed to steal your information or infect your system with malware. Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link. Never provide your password, or personal or financial information in response to an unsolicited email. Legitimate businesses will not email you asking for this information. If you receive a suspicious email that you think may be a phishing scam, you can report it at us-cert.gov/report-phishing. 
4.  Always use safe methods for purchases. Always assume a public Wi-Fi network isn’t secure, and therefore don’t access sensitive personal or financial information if you need to use one. Look for “https” (versus just “http”) in the subject line of a web address to confirm that a site is encrypted and keep your browser and security software up to date. If you can, use a credit card as opposed to a debit card when making a purchase. Criminals can use debit cards to steal directly from your bank account, and while there are laws to limit your liability for fraudulent credit card charges you may not have the same level of protection for your debit cards and your bank account. Check your credit card and bank statements frequently for any fraudulent charges. Immediately notify your bank or financial institution and local law enforcement if you see suspicious charges. 

Cyber Oregon sponsor, Fortinet, and its FortiGuard Labs have observed increased scams involving counterfeit websites that appear to be legitimate ecommerce sites. “To the untrained eye these sites may look safe, but if you aren’t paying attention they can steal your payment (and possibly payment information) via a purchase you thought was legitimate. Fake ecommerce sites are quickly becoming the latest threat to consumers and they cover a wide range of products to lure potential buyers.” Learn more about this latest scam that leverages the look and feel of the world’s largest companies and their respective trademarks to compel and lure victims into making purchases, in the blog post Black Friday and the Proliferation of Fake Ecommerce Sites. 

Partner blog post of interest: McAfee: What is the Dark Web? Everything You Need to Know