The hectic shopping season isn't just about finding perfect gifts. It's also prime time for identity thieves to snag your info. Here's five tips from security experts on staying safe online.
Avoiding long lines and cranky crowds are just two of the benefits of online shopping. But getting hacked while buying a toy playset from the hit movie "Frozen" through an online seller is a real shopping risk, too.
It may seem that protecting yourself from hackers is impossible, given that it's been a banner year for identity theft. In 2014, hackers stole tens of millions of email addresses and credit card numbers from US retailer Home Depot and bank JPMorgan and got into Apple's iCloud service through a password breach, which exposed explicit, personal photos from around two dozen celebrities including actress Jennifer Lawrence.
Fortunately, there are simple steps you can take to protect yourself that don't require expertise in network penetration technology, said Gary Miliefsky, the founder and CEO of spyware blocker SnoopWall, who has decades of experience in online protection. But first, a reality check. "Assume you're already compromised," Miliefsky said.
That's because the more we shop online, the more we put ourselves at risk – whether using smartphones or home computers. Online fraud has almost tripled in the past year, according to the 2014 annual online fraud report from Javelin Strategy and Research. There are 60 new identity theft victims every three minutes, according to studies from the nonprofit research firm Identity Theft Resource Center.
People who have more than 20 online accounts and are very active on the Internet are more likely to reuse passwords, which makes them 37 percent more likely to have their accounts compromised, according to another Javelin Strategy and Research report released this month.
Miliefsky said there are three things you can do to stave off basic hacking attempts. First, delete apps you don't use and clean up ones you do use. Second, when shopping from your smartphone at a mall or other public location, turn off all wireless networks except for mobile data. Third, use credit cards instead of debit cards.
"Try to avoid using a debit card that has direct access to your checking account. Always use credit cards when you can," because credit cards are insured against fraudulent charges, said Adam Kujawa, head of malware intel at Malwarebytes.
When it comes to app and network controls, many people are unaware of how to take basic precautions, Miliefsky said. One of the most popular flashlight apps for Android and iPhones, Brightest Flashlight, was secretly recording and sharing users' device ID and location information. The app maker eventually settled charges brought against it by the US Federal Trade Commission. Checking an app's origins through the Apple App Store or Google Play can go a long way to avoiding headaches.
The same goes for at-home Web browsing. Make sure you've disabled add-ons and plug-ins before shopping. This lowers the risk of unauthorized access to your shopping habits and credit card details. Unauthorized network access is another risk users can take simple steps to reduce when shopping. "Turn off Bluetooth and Wi-Fi when you're in stores to keep the store from tracking you," said Adam Ely, the co-founder and chief security officer of Bluebox Security. That also "keeps you from getting more spam."
The icons at the top of your phone will tell you which services are active. If you're even just a bit tech savvy, use a Virtual Private Network app when using free Wi-Fi. VPNs, as they're called, encrypt your Internet traffic and protect it so it can't be snooped without permission. "If you're on a public Wi-Fi, then absolutely use it," Ely said.
Another precaution is to strengthen your webmail with a second, temporary password called two-factor authentication. An added password is often texted to your smartphone and must be entered immediately after your main password, making it much more difficult for hackers to get into your account. With two-factor authentication, if hackers guess your main password – as they did with many celebrities during the iCloud hack – your account won't be accessible to them.