Staying Safe Online During the Holidays

Ever received a suspicious order confirmation or shipping verification? What if I told you that innocent click could cost you more than you bargained for? Stay tuned to unravel the secrets of avoiding cyber traps this holiday season. It’s the Thanksgiving holiday in the U.S and Black Friday is an event that many people come to expect during the holiday season. I recall asking my 10 years old son, do you want to get up at 5 AM and go shopping with me to buy new computers or TV. “Yes, dad! I want to get up early and go with you.” Many people in the Silicon Valley, San Francisco, Bay Area will be familiar with Fry’s Electronics. Fry’s Electronics is my favorite local store to shop at on Black Friday and all things electronics. Getting in line at 5 AM, and waiting for the door to open was exciting and challenging because there is a limited number of items and there are so many people looking for the same deals. Dealing the crowds and long checkout lines is not a fun experience. Today, shopping is mostly an online activity. The experience is different, and the challenges are also different. One of the most significant differences is the online threat. When we buy from Amazon, Costco, or other online stores, most items are shipped via FedEx, UPS, and USPS. We get email notifications when the item is ordered or when the item will ship. Cybercriminals know this and create fake emails or text messages to confirm orders or verify shipping. Often the criminals may send an order confirmation that you didn’t buy, but you are prompted to click a link and call them to confirm the order. As a result of clicking on the link or calling them, the criminal steals your credit card, identity, and other information.

According to the FTC, about 96,000 people reported being targeted [by a scammer claiming to be Amazon], and nearly 6,000 said they lost money. Reported losses totaled more than $27 million. The reported median individual loss: $1,000.” What you can do to protect against online threats and protect against phishing emails?

. Remember this key phrase: SLAM and use this guideline to help you stay safe. When you get an email, take these simple steps, check:

Sender: Confirm that the sender’s email address is from the correct company you ordered
Links: Hover the URL link or website link in the message of the email to confirm it is the correct company website
Attachment: Do not open any attachments from anyone you don’t know.
Message: check if there is any error in the email message or misspelled domain name or company.

. If you are still not sure about individual or company that sent you an email or SMS (text message) or voice message, call the phone number on the vendor website, do not call the phone in the email, to confirm the order.

For example, this image shows a fake order which looks similar to the format you get from Amazon.

The email is from Gmail.com, not amazaon.com
Phone Number is not the real number on Amazon.com website.

Change Your Password to something strong with 15 characters or more, and Setup MFA (multi-factor authentication) or two-step verification.

Don’t use the same password for different sites.

Learn More – 15 ways to protect yourself.

. Confirm your devices updated to latest software version for:

Windows 10/11 or MacOS
Android, iPhone or iPad
Chrome, Edge, Firefox or Safari browser
Have security protection like anti-virus or end-point detection and response (next-gen antivirus), and a firewall.

Back up your files, photos, and email.

Encrypted any sensitive or important data (e.g., tax returns, customer information and finacial data).

Lastly, do not let anyone you don’t know remotely access your computer.

Most vendors like Amazon, Costco, Microsoft, and others will never ask to remote into your computer.

Hackers may ask to login to your computer, saying, let me verify your order or check you are safe, this is a way fro them to exploit your computer and install back door to access your computer in the future.

Don’t trust anyone you have not done business with to remote into your computer; check with your IT person or someone you know before you like someone access your computer.