UNIVERSITY PARK, Pa. — Cyber Monday, the 24-hour online post-Thanksgiving shopping period during which consumers can snag exclusive deals and bargains, is one of the busiest days each year for online retail sales. In 2017, Cyber Monday was marked as the largest online retail sales day in U.S. history with $6.59 billion in online sales, according to Adobe Insights.
But does a rise in online shopping mean a rise in cybercrime?
“Cyber threats exist year-round, although the frantic pace of the holidays, such as Cyber Monday, increases vulnerability when harried shoppers and employees are not able to maintain vigilance,” said Edward Glantz, teaching professor of information sciences and technology at Penn State.
As consumers and retailers gear up for the 2018 shopping event on Monday, Nov. 26, Glantz shared best practices to follow that can keep personal information safe on Cyber Monday — and throughout the year.
Tips for consumers
- Shop at credible sites – Avoid buying from unknown retailers and those with negative online ratings.
- Be wary of deals too good to be true – Cybercriminals may pose as trusted retailers online to advertise special deals via email in an effort to steal personal information. “Email scams can be very tricky while falsely offering great deals, rebates, refunds or, ironically, even warnings about fraudulent use of your credit cards,” said Glantz.
- Never click links in any email – Instead, Glantz suggests navigating directly to a store’s website and typing in coupon numbers, or following links on the site for clearance or advertised specials. The same practice is advised when dealing with banks and credit cards. Navigate to the site directly, or call to confirm customer alerts and warnings about spending activity.
- Visit only secure websites – Look for the "https://" in the URL to ensure that any sensitive credit card or other personal information being shared through the site is encrypted.
- Be aware of porch pirates – According to Shorr Packaging Corp., one-third of online shoppers had a delivered item stolen from their porch in 2017. “Treatments vary by threat type,” said Glantz. “For example, porch theft can be addressed through installing a doorbell camera, opting to have items delivered to your work address, and utilizing private or public lockboxes.”
- Report credit or debit card fraud immediately – Most stores have fraud and phishing reporting sites. “For example, Apple and UPS have links for customers to forward phishing emails,” said Glantz. “Identity theft can be reported at the FBI website. Lost or stolen drivers’ licenses can be reported to the state police.”
- Do your online shopping from home – Don’t trust public Wi-Fi networks, especially for the exchange of personal or confidential data.
- Be wary of eavesdroppers or shoulder surfers – With all the attention paid to online security, cybercriminals may take a less sophisticated approach by lurking nearby someone who is online shopping in public to view or hear the information they’re sharing online. “I was shocked while shopping recently when the store owner, of all people, booked a trip and gave his full name, address and complete credit card information over the phone,” said Glantz.
Tips for retailers
- Be sensitive to shipping orders to non-billing addresses – If possible, confirm with the buyer that their provided information is correct.
- Ensure that digital assets are encrypted – Personally identifiable consumer data, such as email address and credit card numbers, should be encrypted, kept behind firewalls and eventually taken offline.
- Work with third-party organizations – Consider collaborating with vendors that specialize in handling payment transactions and associated security to provide additional protection to your consumers.
- Train employees to be wary of business email compromise scams – Email accounts of high-level business executives are spoofed or compromised and used to trick employees to wire funds to fraudulent accounts. Report these issues to the FBI.
- Use data backups – Employ at least one data backup that is air gapped from the network as a defense against ransomware attacks.
- Require passwords and implement a second form of authentication for employees – Add varying levels of permission for employees to access systems. “Users should connect with the lowest level of privilege access to protect against accidentally installing malware,” said Glantz.
By following these tips, retailers and bargain-seeking shoppers can enjoy a safe shopping experience on Cyber Monday.
“Online shopping can be fun, and permits convenient access to deals with minimal hassle,” Glantz concluded. “Be wary of where you shop, though, and of what information you are providing.”