Thanksgiving Weekend — some might call it the Super Bowl of shopping — is here, and it’s set to hit record numbers, according to analysts.
About 164 million people plan to shop from Thanksgiving Day through Cyber Monday, according to this year’s annual survey by the National Retail Federation and Prosper Insights and Analytics. In October, the retail group predicted that shoppers will spend an average of $1,007.24 this year, up 4.1 percent from the $967.13 survey respondents said they’d spend last year.
While this is good news for retailers, it’s also ample hunting ground for hackers and cybercriminals looking to score consumer information. Experts warn that while traditional techniques like phishing are still popular with cyber thieves, new methods using ads and offers on social media platforms are also gaining traction.
ABC News asked security experts from IBM, Google and Facebook for online shopping advice. Here are 10 tips for safer shopping.
1. Install ad and tracker blockers
“Ads have become one of the most frequently abused mechanisms through which hackers have tried to download malware onto your computer over the past few years. My top recommendations are ‘UBlock Origin,’ ‘Privacy Badger’ and ‘Ghostery.'”
— Jim McCoy, Creator of the Vektor home cybersecurity device and former tech lead of security tools and operations at Facebook
2. Use a private browser window
“Most browsers have a button or menu item that lets you open a new window that keeps no cookies or other identifying information — either during the browsing session or after you close the window. Some stores will actually charge longtime users more than they do for people who they can’t identify. The other advantage is that what you are browsing for or purchasing is not tagged with an ad re-targeting cookie, and so on a shared computer some else is unlikely to see re-targeting ads for the gifts you have been considering or have even purchased!”
3. Do a search on internet-connected devices
“When purchasing an internet-connected device — e.g. wireless security cameras, ‘smart devices’ or connected toys — do a quick check of Consumer Reports or a Google search for “[item name] security problems.” It can save a lot of future headaches. This applies to nearly all manufacturers — some of the worst security problems have come from mainstream brands and not just from cheap clones and low-end devices.”
4. Think: Do you really need an internet-connected device?
“When considering an internet-connected purchase, I would think hard about whether the device really needs to be connected to the internet. If in doubt, find a version that does not try to connect to some external service. Many of these internet-connected features add little long-term value to the item, but potentially open a home up to hackers. No one wants to be remembered as the person who gave a gift that led to identity theft for the recipient.”
5. Beware of phishing schemes
“Be cautious with unsolicited emails. Every year, IBM X-Force sees a massive uptick in phishing campaigns that disguise themselves as anything from package tracking emails to coupon codes to early-bird sales, but they are actually distributing various forms of malware. Don’t click links to copy codes, instead copy it and use it directly on the retailer’s website, — even if it’s a retail brand you trust. If you must click a link in your email, before doing so, hover over the URL and make sure it’s taking you to the actual website.”
— Caleb Barlow, vice president of threat intelligence at IBM Security
6. Use a unique password for each online store
“Never reuse the same password on different websites, especially retailers. Instead, create a unique passphrase for each website you shop on. For example, something like “longpassword123.” Same goes for loyalty cards — create a unique password for these accounts also.”
7. Choose credit over debit
“Credit cards offer consumers more protections if a card is compromised. More importantly, it won’t impact your checking account during the holiday season if there’s an issue.
8. Strictly manage your credit cards
“The holiday season is a peak time for online fraud. Keep a close watch on your credit card statements. A hacker who stole your card information in the summer is likely to try to use it during the Christmas shopping season when people are making a large number of online purchases, many of which are outside their normal purchasing behavior, and it is easy for fraudsters to slip something into your bill that you don’t notice amid all of the other online purchases.”
9. Protect your phone
“Add a screen lock or pin code to your smartphone, and don’t leave it unattended in a taxi, plane, train or going from store to store.”
— Mark Risher, director of Google account security
10. Try Google’s security checkup if you use it to browse
“Take our security checkup. This is Google-specific, but it really is the single best piece of security advice we have on our end. It’s a one-stop shop for Google account security where we’ll tell you if there are any issues to address — and then help you take care of them. Besides just following the instructions, add a phone number to your account so we can reach you if you’re ever locked out.”