• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

How to Defeat Holiday Cyber Security Threats in 2020

December 14, 2020 By Bill Mann — 7 Comments
Holiday Cyber Security Threats

Most people love the holiday season. That includes cybercriminals, who see it as an ideal time to make money. Thanks to the pandemic, people are doing more of their holiday activities online.

Hackers, scammers, and other online criminals expect to make a killing — but we don’t have to make things easy for them. There’s a lot we can do to defeat cybersecurity threats and make this a bad year for the bad guys.

This article will help you defend yourself as we identify the major threats you’ll face this year and how to defeat them. The most likely holiday cybersecurity threats for 2020 include:

  1. Account takeover fraud
  2. Non-delivery of orders
  3. Shipping notification scams
  4. Charity donation scams
  5. Formjacking of legitimate sites

Here’s a quick rundown on each of them.

1. Account Takeover fraud

Credit card fraud is so last year. Account Takeover (ATO) fraud is the big new threat. According to Threatpost.com, ATO attacks cost consumers and retailers almost $17 billion in losses in 2019.

The goal of an ATO attack is to get access to at least one of your accounts. Once they get into your account, the attacker will mine it for everything of value. Finding your credit card information is always nice.

But the real target is your personal information. With that, all sorts of mayhem is possible. They can commit identity theft, destroying your finances and wrecking your reputation. They can also use the information from this account to break into your other accounts.

identity theft password

Imagine some creep logging in to all your online accounts. Impersonating you on social media. Draining your bank accounts. Not good.

Here’s how to reduce the damage an ATO attack can do to your life:

  • Use different login credentials (user name and password) on every account, and keep everything secure with a good password manager. This makes it difficult for the creeps to get into your other accounts after hacking the first one.
  • Don’t store your credit card info or other personal data on your favorite store’s website. Why leave your data right there for an attacker to find?
  • Use 2FA. I’ll tell you more about this later on.

2. Non-delivery of orders

When you order something from a major retailer like Amazon or Target, you can expect it to arrive and the site security to be locked down. But ordering from an obscure site without verification can come with the risk of being billed for a product that never gets sent to you.

Such scam sites have offers that are too good to be true. They may also demand that you pay for your order using a gift card, rather than a credit or debit card. Either of these is a big red flag.

According to the FTC (Federal Trade Commission), “Anyone who contacts you and demands that you pay them with a gift card, for any reason, is always a scammer.”

The only real defense against this is to shop at the big name, reputable online retailers.

3. Shipping notification scams

Expect lots of emails about problems shipping a package you supposedly ordered. The email will look real enough, but it will be a trap. Click a link in the message and you are in trouble. You will either end up someplace unpleasant or receive a malvertising attack.

Here’s how to see if there is a problem with an order you placed:

  1. Go to the website of the shipping company or the vendor.
  2. Once there, check the status of your order, or contact customer service for help.

4. Charity donation scams

Cybercriminals try to take advantage of people’s generosity this time of year. They send out phony emails requesting donations to well-known charities.

charity donation scam

As with shipping notification scams, the goal is to get you to click a link in the email. Doing so can expose you to numerous attacks, while also exposing your personal and financial data.

If you want to donate to a charity, ignore the email and go directly to the charity’s official website.

5. Formjacking of legitimate sites

Formjacking is an emerging cybersecurity threat that is pretty tough to defeat. It happens when bad guys inject malicious JavaScript code into a legitimate website.

The code gets added to the order page of the site and sends your personal information to the hackers. Minor things like your name, address, and credit card number. Stuff you definitely don’t want some random creep using or selling on the dark web.

You can’t install a defense against formjacking. But you may be able to dodge the attacks. The websites of large retailers are likely to be better defended than those of mom and pop shops. Again buying from major online retailers is the best way to stay safe.

General holiday cyber security tips

Those were specific defenses for specific attacks. Here are more general ways to protect yourself against cybersecurity threats.

Install defenses

Our #1 goal is always to avoid a cyber attack, but that is getting harder by the day. It is wise to have certain defenses installed and active on your computer just in case. Here’s what we recommend:

  • Antimalware – Antimalware can detect, block, and sometimes remove all sorts of nasty code that cybercrooks want to install on your computer.
  • Firewall – A firewall can prevent unauthorized messages traveling to and from your computer.
  • VPN – A VPN (Virtual Private Network) hides your actual location and prevents online snoops from tracking what you do online. Some, like NordVPN, have strong built-in antimalware capabilities. This lets them do double duty in your defense.

Use different passwords (and a password manager too)

To be safe online, you must use a different password for each website and account. But remembering more than a handful of different passwords is hard. That’s why you need a quality password manager. One option I like is Bitwarden, a reliable, free, open-source product with excellent security.

bitwarden password manager
Use a good password manager.

If you want even more options, here’s an analysis of the best password managers.

Enable 2FA wherever possible

2FA (Two-Factor Authentication) boosts your security by requiring a second-factor to log into an account. The second factor is usually an app on your smartphone. The most commonly-used 2FA app is Google Authenticator:

google authenticator
Google Authenticator is the leading 2FA app.

The key thing to know is that with 2FA, someone who steals your password still won’t be able to log into your account. Only you will be able to do so, since only you have access to the second factor. Use 2FA whenever possible.

Conclusion: You can defeat holiday cyber security threats

This holiday season’s cybersecurity threats are worse than ever before. But now you know how to defeat the ones you are most likely to run into.

Put these defenses to work today and enjoy a safer online holiday season.

About Bill Mann

Bill specializes in explaining complex technical topics to a non-technical audience. In his 30+ year career, he has covered many of the technological advances that shape our lives. Today, Bill uses those skills to help people protect their privacy and security against the ever-growing assaults on both.

Reader Interactions

Comments

  1. Reye

    January 6, 2021

    I apologize for my off topic question, but my issue has been driving me bonkers for a while and now I have had enough.

    I use Google News frequently to get news items. I would like to see where exactly I am going but those ridiculously long URLS can’t be exposed where they actually go. I tried various URL revealers and cleaners and none of them can crack those Google URLS.

    I’m hoping someone here might know or offer suggestions? Thanks

    Reply
    • J.M.

      February 4, 2021

      Sorry for the delay on answering. I was waiting to see how an update would come out, and I am not disappointed.

      If you use Brave, they have unveiled Brave Today. I have been playing with it four a little.

      They Will be adding more resources online plus adding a way to add your own sources.

      This will solve two things:

      1) no more doubts about where Google sends you.

      2) You start to leave the Google conglomerate.

      https://brave.com/brave-today/

      Reply
  2. multidimenssional

    January 1, 2021

    9009LE’s not worse & not better than a??le , m$, and all the other giants together with their supply chains. there may be differences in howdo’s , but generally they are all doing what they have been told to do, which is to gather as many data from consumers as possible and integrate easier access to data systems for gov agencies, often the services offered to customers can be used to spy on them without their knowledge or consent. kind of a phishing operation.
    generally, customers are selves their gratest enemies because they support or just willingtly ignore what govs agencies are doing to them, kind of a “resistance is futile” attitude because of fear to peak up the legal fight collectively, a very divided consumer society controlled by minority-report psychos, paid by the Money Masters .

    Reply
  3. vikky

    December 15, 2020

    Google is killer of privacy and security that is the most down range of search security , because its a fake and lier majolar , spying and snooping from the customers and so is one of best partners of the spying services .
    Best cheers
    Good luck .

    Reply
  4. J.M.

    December 14, 2020

    Good info, Bill, but one comment…

    Google? Really?

    I know 2FA apps don’t phone home, supposedly, but do you trust them?

    I use Aegis, which is open source and independent.

    Reply
    • Sven Taylor

      December 15, 2020

      We can look into Aegis, but have not yet tested it.

      Reply
      • J.M.

        December 15, 2020

        @Sven,

        Sounds good. I just am very much anti-Google and skip it as much as I can.

        Thanks a lot!

        Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP