SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Securing festive shopping: Tips to avoid online scams and protect personal data
Tue, 24th Oct 2023

The 2022 festive shopping season saw Americans spending over 200 billion dollars online, with 97% of consumers planning to continue the trend, according to a recent survey. However, as online sales increase, so do the associated risks, with losses exceeding 300 million dollars inflicted by scammers in 2022, as reported in the FBI's IC3 report.

Heightened concerns around personal cybersecurity provoke questions about how to ensure safety while shopping online. A recent survey, conducted by Yubico in collaboration with OnePoll, showed that while 80% of respondents were worried about the security of their online accounts, 39% admitted to using the same password for multiple accounts.

As the holiday season approaches, here are five top tips for maintaining personal online safety:

1. Be mindful of where your information is sent. Scammers often use personal information to gain access to accounts. Yubico’s survey showed that 32% of respondents lacked confidence in identifying fake online retailers. Beware of websites asking for excessive or irrelevant information, odd modes of payment, and suspiciously generous coupon offerings.

2. Stay aware of the latest scams, such as those involving tracking information. Ignore unsolicited personal information requests and check package status at the source. Register for tracking notifications and investigate suspicious messages by directly accessing the vendor’s site without clicking links in emails or text messages.

3. Use protected methods of payment, such as credit cards or trusted brokers like PayPal. Cease sharing banking information or conducting wire transfers online.

4. Protect your login credentials. Passwords are no longer adequate defence mechanisms, and according to Yubico's survey, 49% of respondents do not use Multi-Factor Authentication (MFA). For a stronger line of defence, use phishing-resistant MFA methods, such as PassKeys or security keys like the YubiKey - which are superior to passwords as users do not need to remember or manually enter character sequences. Platforms such as 1Password, WhatsApp, Amazon, Apple, Google, and social media sites like X (formerly Twitter) and Meta all support YubiKey.

5. Implement the highest level of protection for most valuable assets. Protect your mobile ecosystem by configuring hardware-backed security keys, secure your email with phishing-resistant PassKeys, and ensure strong MFA for your core identity providers. This includes any services used for 'Sign in with ___' options and your password manager.

By heeding these tips, you can enjoy a more secure online shopping experience during this festive season and beyond. Ready yourself for a different era of online security by adopting phishing-resistant, hardware-backed, and universally adaptable authenticators.