How to Defeat Holiday Cyber Security Threats in 2020

Most people love the holiday season. That includes cybercriminals, who see it as an ideal time to make money. Thanks to the pandemic, people are doing more of their holiday activities online.

Hackers, scammers, and other online criminals expect to make a killing — but we don’t have to make things easy for them. There’s a lot we can do to defeat cybersecurity threats and make this a bad year for the bad guys.

This article will help you defend yourself as we identify the major threats you’ll face this year and how to defeat them. The most likely holiday cybersecurity threats for 2020 include:

1. Account takeover fraud
2. Non-delivery of orders
3. Shipping notification scams
4. Charity donation scams
5. Formjacking of legitimate sites

Here’s a quick rundown on each of them.

1. Account Takeover fraud

Credit card fraud is so last year. Account Takeover (ATO) fraud is the big new threat. According to Threatpost.com, ATO attacks cost consumers and retailers almost $17 billion in losses in 2019.

The goal of an ATO attack is to get access to at least one of your accounts. Once they get into your account, the attacker will mine it for everything of value. Finding your credit card information is always nice.

But the real target is your personal information. With that, all sorts of mayhem is possible. They can commit identity theft, destroying your finances and wrecking your reputation. They can also use the information from this account to break into your other accounts.

Imagine some creep logging in to all your online accounts. Impersonating you on social media. Draining your bank accounts. Not good.

Here’s how to reduce the damage an ATO attack can do to your life:

• Use different login credentials (user name and password) on every account, and keep everything secure with a good password manager. This makes it difficult for the creeps to get into your other accounts after hacking the first one.
• Don’t store your credit card info or other personal data on your favorite store’s website. Why leave your data right there for an attacker to find?
• Use 2FA. I’ll tell you more about this later on.

2. Non-delivery of orders

When you order something from a major retailer like Amazon or Target, you can expect it to arrive and the site security to be locked down. But ordering from an obscure site without verification can come with the risk of being billed for a product that never gets sent to you.

Such scam sites have offers that are too good to be true. They may also demand that you pay for your order using a gift card, rather than a credit or debit card. Either of these is a big red flag.

According to the FTC (Federal Trade Commission), “Anyone who contacts you and demands that you pay them with a gift card, for any reason, is always a scammer.”

The only real defense against this is to shop at the big name, reputable online retailers.

3. Shipping notification scams

Expect lots of emails about problems shipping a package you supposedly ordered. The email will look real enough, but it will be a trap. Click a link in the message and you are in trouble. You will either end up someplace unpleasant or receive a malvertising attack.

Here’s how to see if there is a problem with an order you placed:

1. Go to the website of the shipping company or the vendor.
2. Once there, check the status of your order, or contact customer service for help.

4. Charity donation scams

Cybercriminals try to take advantage of people’s generosity this time of year. They send out phony emails requesting donations to well-known charities.

As with shipping notification scams, the goal is to get you to click a link in the email. Doing so can expose you to numerous attacks, while also exposing your personal and financial data.

If you want to donate to a charity, ignore the email and go directly to the charity’s official website.

5. Formjacking of legitimate sites

Formjacking is an emerging cybersecurity threat that is pretty tough to defeat. It happens when bad guys inject malicious JavaScript code into a legitimate website.

The code gets added to the order page of the site and sends your personal information to the hackers. Minor things like your name, address, and credit card number. Stuff you definitely don’t want some random creep using or selling on the dark web.

You can’t install a defense against formjacking. But you may be able to dodge the attacks. The websites of large retailers are likely to be better defended than those of mom and pop shops. Again buying from major online retailers is the best way to stay safe.

General holiday cyber security tips

Those were specific defenses for specific attacks. Here are more general ways to protect yourself against cybersecurity threats.

Install defenses

Our #1 goal is always to avoid a cyber attack, but that is getting harder by the day. It is wise to have certain defenses installed and active on your computer just in case. Here’s what we recommend:

• Antimalware – Antimalware can detect, block, and sometimes remove all sorts of nasty code that cybercrooks want to install on your computer.
• Firewall – A firewall can prevent unauthorized messages traveling to and from your computer.
• VPN – A VPN (Virtual Private Network) hides your actual location and prevents online snoops from tracking what you do online. Some, like NordVPN, have strong built-in antimalware capabilities. This lets them do double duty in your defense.

Use different passwords (and a password manager too)

To be safe online, you must use a different password for each website and account. But remembering more than a handful of different passwords is hard. That’s why you need a quality password manager. One option I like is Bitwarden, a reliable, free, open-source product with excellent security.

If you want even more options, here’s an analysis of the best password managers.

Enable 2FA wherever possible

2FA (Two-Factor Authentication) boosts your security by requiring a second-factor to log into an account. The second factor is usually an app on your smartphone. The most commonly-used 2FA app is Google Authenticator:

The key thing to know is that with 2FA, someone who steals your password still won’t be able to log into your account. Only you will be able to do so, since only you have access to the second factor. Use 2FA whenever possible.

Conclusion: You can defeat holiday cyber security threats

This holiday season’s cybersecurity threats are worse than ever before. But now you know how to defeat the ones you are most likely to run into.

Put these defenses to work today and enjoy a safer online holiday season.