Tis the Season to be… Ripped off
Posted: November 27, 2018
With the holiday season upon us, most people are enjoying a time of shopping, spending, traveling, family time and overall enjoyment. Unfortunately, cyber criminals also enjoy this time as they themselves are shopping for access to unsuspecting victims’ credit card and bank accounts.
What can you do to protect yourself and your mobile devices during this bustling season when one can easily let their guard down?
If you are shopping online, please consider taking these precautions:
- When you can, use a credit card instead of a debit card. If your credit card gets compromised and fraudulent charges start to pile up, you are often only responsible for the first 50 dollars provided you report the issue in a timely manner. If your debit card becomes compromised, your account can be quickly emptied out.
- Look for secure shopping sites as indicated by a prefixed HTTPS. You can also discern a secure site by the padlock logo near the address. These indicators help to ensure secured shopping.
- Be wary of shopping applications. Only download shopping applications from reputable sources like Google Play Store, Apple, etc. and be mindful that even with reputable app sources, there is still a chance of downloading a counterfeit application that could be compromised. Better yet, go directly to the retailers’ site and download their application directly.
- Never open a possible phishing email. Don’t open emails from unknown sources. More importantly, don’t click on links within the emails or respond with any personal or credit card information.
- Try not to use a public device (communal computer) at an airport, hotel, or internet café. Although itis very tempting to use a public device to check emails or for some last-minute shopping, avoid using these devices unless absolutely necessary. If you do find yourself having to use public access be mindful of the following:
- Never use payment or shopping applications like PayPal, eBay, Amazon, etc. and especially never use banking applications.Because the transactions would be conducted over public WIFI, the chances are greater that your personal information could be compromised. If you use an application, ensure that you are logging out of the application completely.
- NEVER EVER check the ‘Remember My ID and Password’ boxes on a public
- NEVER EVER enter any personal information on public devices.
- Watch out for shoulder surfers. It is important to be vigilant about individuals observing your on-screen activity. They may be more than casual observers.
Protect Your Mobile Device
Protecting your mobile devices is also important when considering personal data security. When traveling or shopping it is often easy to lose track of your phone or tablet. Some items to consider for securing these devices include:
- Never leave your valuables in your vehicles in plain sight. If you must leave them in your car be sure to secure your devices in the trunk before you leave for your destination. Do not transfer the device upon arriving at your destination as your actions may be observed.
- Protect your device by using a pin to secure it. If possible, use two factor authentication or a biometric control (e.g. fingerprint) in the event the device is lost or stolen.
ATM Best Practices
It is also important to exercise caution when using ATM Machines or paying for gas at the pump. When using your card to pay for gas at the pump, pull on the card reader before inserting your credit card, to ensure that a scanning device has not been inserted. If a device is detected, do not use that pump and report what you’ve found. Once you verify that the card reader is legitimate, pay as a credit vs a debit card to limit your exposure.
Before inserting your debit card in an ATM machine, pull on the card reader to ensure that a scanning device has not been inserted. When keying in your 4-digit pin, cover the numbers to ensure that a hidden camera or the person behind you are not capturing your pin information. Make certain that you collect and keep the receipt from your transaction and hit the No Further Transaction on the ATM before leaving.
Have a safe and enjoyable holiday season!!!
Author: Bruce Josephs
Bruce is a senior consultant with Compliance Point located in Texas serving clients on audit related initiatives. He retired from Fidelity Investments after 11 years of being responsible for disaster recovery and interfacing with internal and external auditors by preparing for reviews (SSAE16, ISO27002, SOC1, SOC2), and managing access programs (terminations, transfers, elevated access reviews) for Fidelity. Bruce is a holder of the CISSP, CISA, CISM and CIPP certifications and holds an MS Degree in Financial and Investment Management from Drexel University. Bruce has also previously held both secret and top secret clearance while working in the defense Industry and has authored two articles on Mainframe Security.