With holiday shopping and gift receiving in full swing, cybersecurity does not seem to be foremost in many people's minds.
Over 56% of consumers said they're not more concerned about falling victim to fraud during the holiday season, according to the 2017 Holiday Season Fraud Forecast report by Next Caller.
Around 30% of respondents said they aren't trying to prevent fraud, the report found. Some are taking a few basic precautions: 40% are monitoring their bank accounts, 36% are avoiding unknown emails, and less than 20% will be watching package delivery trackers to avoid mail theft.
"Cybercriminals have been gathering information all year about how they can pretend to be you and their attempts will be very realistic," said Steve Durbin, managing director of the Information Security Forum, said. "Of course, not everyone is a criminal, and there will be genuine offers, but stop and think before you click that button."
Here are 13 tips to safeguard your holiday season.
SEE: Guidelines for building security policies (Tech Pro Research)
1. Think critically before buying a smart device
Internet of Things (IoT) devices will be popular gifts this year, but they come with a special set of potential security vulnerabilities. Mike Bell, executive vice president of IoT and devices at Canonical, has three go-to questions for the smart devices: Does it have a changeable default password? Does the manufacturer offer software updates? And are you trusting it too much solely because it comes from a market leader?
2. Update your security software
Before shopping online, check your firewall and antivirus software. If there is an update available, install it before shopping.
3. Check out all sites, offers, and emails before you purchase
Make sure you're using legitimate, recognized sites for shopping. As Durbin said, not everything is a fraud in disguise, and it may simply be a new brand or site to you. Check them out through Google or Facebook, and closely examine the URL or email sender. Don't purchase, click on a link, or download an attachment until you've done your due diligence.
Hackers may also try to lure you in by pretending to be your bank. It is unlikely your bank would communicate via email, according to Lisa Baergen, marketing director at NuData Security.
4. Don't buy using free Wi-Fi hotspots
Attackers can create their own fake hotspots or hang around public connections, according to Kevin Watson, CEO of Netsurion. Opt for a trusted network like your home or office or a known network that is password-protected to process online payments or check your bank account.
5. Sign up for credit card alerts
Monitoring their bank accounts is the top way consumers are watching for fraud this holiday season, according to the Next Caller report. Many credit and debit card providers let you set an alert for unusual card usage, Watson said. Take advantage of it.
When checking your accounts, also look at smaller purchases. Attackers may do trial runs before making large purchases, said Chad Holmes, cyber chief technology, strategy and innovation officer at EY.
6. Only use HTTPS sites
Look for the lock symbol and "https" at the start of every URL to make sure you're on a secure connection.
7. Use a password manager
Password managers can store all of your passwords securely in one spot under one private master password. Some password managers also create passwords for users, allowing consumers to set hard-to-crack passwords for each of their online shopping sites.
8. Know what to do if you accidentally open a trick email
Hackers may set up emails that look like a popular seller's, said Steven Bearak, CEO of IdentityForce. If you accidentally open a trick email, delete it before you click any links. The links could lead to a virus, Bearak said.
Attackers may also use fake emails designed as package trackers—they might lead to a virus or ransomware as well, Forcepoint principal security expert Carl Leonard said.
SEE: Cybersecurity in an IoT and mobile world, PDF (ZDNet/TechRepublic special report)
9. Check out the site's grammar
Attackers will sometimes use funky characters or misspell names or words, either in the domain name or the site or email's content, Leonard said. It's highly unlikely a legitimate seller would have copy errors. Also, look out for entirely new domains that may add words to what would be the normal URL.
10. Verify digital gift cards before you spend
Send a thank you note to the sender if you receive a digital gift card, Holmes said. Consumers will be able to figure out if the card is real instead of a potential phishing scheme.
11. Clean up before you shop
Clean out the email accounts you use for online shopping beforehand. Delete anything that you wouldn't want an hacker to access if you do fall victim to an attack, said Robb Reck, CISO at Ping Identity. This includes anything with sensitive information, especially financial documents. This is especially important for business leaders who may have company documents accessible from their email account.
12. Turn on two-factor authentication
If a service or account offers two-factor authentication and you don't already have it enabled, Reck suggests turning it on. It makes accounts harder for hackers to access.
13. Know where to go if you might have become a victim
If you receive an email saying you purchased something or see an unusual bank transaction, solve the problem as soon as possible. Contact your bank or credit card provider, or lean on some trained organizations for more help.
- Gallery: 20 bad tech gifts to avoid giving during the 2017 holiday season (TechRepublic)
- The year's best gifts: Our favorite tech for work and play (ZDNet)
- 2017's best tech gifts for the holidays (TechRepublic)
- Best gifts: Internet of (Things) you can't live without (ZDNet)
- 2017 holiday buyer's guide (CNET)
- 6 tips for avoiding phishing, malware, scams, and hacks while holiday shopping online (TechRepublic)