SHOP SAFELY ON CYBER-MONDAY

If you intend to do any gift shopping online, here’s some suggestions to help you shop safely on Cyber Monday.

Cyber Monday is a marketing term for the Monday after Thanksgiving. Wikipedia defines the term Cyber Monday as a day created by marketing companies to persuade consumers to stay home and shop online instead of having to brave the large crowds on Black Friday.

Cyber Monday shopping online

Cyber Monday is quickly becoming one of the most lucrative shopping days of the year for retailers. They will be promoting great deals through their websites and social media channels. But, consumers need to know how to shop safely on Cyber Monday and beyond…

First, you must make sure you are on a trusted legitimate website from a well-known retailer. Be careful not to misspell the website name. Imposters intentionally create fake websites using a misspelled name of a legitimate merchant or a name that is very similar to a legitimate retailer.

Next, you should be sure that the website address begins with HTTPS. The ‘S’ in HTTPS means that the website is using encryption to safeguard the personal information you enter when making your purchase. You can also use a browser plug-in called “HTTPS Everywhere”, for a more secure internet experience.

Once you decide to make a purchase, the merchant will ask you to begin by setting up an account. People mistakenly believe that if they use the “check out as a guest” feature, it means the merchant won’t store their information or add them to their email marketing list. Yes – they will!

There are 3 steps required in the process of shopping online and tips on how to safely navigate them:
  • You need to provide an email address. The retailer needs an email address so they can contact you if there’s a problem with your order. Instead of providing your usual regular email address, create a throwaway email address. You should just use this throwaway email address whenever you’re shopping online.
  • You need to create a Password. This is the single biggest security step consumers need to take to protect themselves online. It’s extremely important to create a stealth password. Preferably one that a cybercriminal can’t crack! A good password can mean the difference between keeping your personal info secure or handing it over to a hacker. Always use a unique separate password for each of your online accounts. Make your password long and nonsensical. Make up a sentence or silly phrase using upper and lower case letters and mix in numbers and symbols.
  • You need to pay for your purchase. There are various methods you can use to pay, such as a credit or debit card, gift card or mobile payment. But the safest recommended way to pay is by using a low-limit prepaid card for all of your online purchases. When you use a low-limit card, crooks won’t be able to make additional charges on it. This is especially important for any purchase that involves free trial offers or recurring charges. Never use your debit card online because it is tied to the money in your checking account. You will have very little recourse if your debit card gets compromised. Keep these tips in mind, so you can shop safely on Cyber-Monday! I hope you find some really good holiday bargains!

 

Tis the Season…For Holiday Scams

The holiday shopping season is underway and Scammers are already gearing up to exploit innocent victims with holiday scams. They love this time of year, when they have even more opportunities to separate you from your money.

Holiday Scams Warning

Here’s a list of Holiday Scams to help  keep you safer & smarter!

Spam Phishing Emails will be finding their way into your inbox. These emails have urgent messages or will contain offers for bargain prices or discount coupons. They will always include a clickable link or an attachment to open. If you click on the provided link or attachment, you will infect your device with Malware. It is advisable to never click on email links or attachments.

Package Delivery Scams are a Fraudster’s favorite trick. They know that most of you are either sending or expecting to receive a package during the holidays. Many millions of spam emails, pretending to be from known shippers (like the Post Office, FedEx or UPS) will be sent out to unsuspecting victims. The emails will include a link to click on that lets you “track” a problem with a package you recently mailed or “track” a package that’s on its way to your house.

E-cards are a fun, easy & inexpensive way to send holiday cheer to family and friends. Make sure any e-card you receive comes from a well-known reputable e-card company. Do NOT open it if the sender is unknown to you.  Many fake e-cards contain spyware and viruses.

Gift cards make popular holiday gifts. Be sure to only purchase them from official retail stores or websites that you know and trust. Beware of websites or ads offering steep discounts for gift cards. Chances are the cards are fraudulent or stolen cards from third-party vendors.

Fake websites will pop up all over the internet offering fantastic bargains. Beware of copy-cat websites or sites that use similar or misspelled names of legitimate retailers. You may not realize that you’re on a fake website and enter your password or credit card information. You think you actually made a purchase, but your merchandise will never arrive and your credit card information will now be used to make illegal purchases.

A good place to evaluate websites selling retail goods is http://www.resellerRatings.com  where you can find reviews about merchants and see if they’re legitimate. If they’re not listed there, chances are it’s a holiday scams website.

Fake online Ads will appear on social media sites and even on legitimate News websites. They exist to entice you to click on links that will either contain keystroke-logging Malware or lure you into providing personal information that will make you a victim of Identity Theft.

Public WiFi is neither private nor secure. You can never be sure whether you’re using the authorized WiFi of the retailer or actually the WiFi of the thief, sitting a few tables away. Use a Virtual Private Network (VPN) when using WiFi, for better online security. Make sure to NEVER use your debit card while shopping online. Your debit card is tied to the money in your checking account. You have better consumer protection when using your credit card. Better yet, use a gift card or prepaid debit card for all your online purchases.

EVERY YAHOO CUSTOMER HIT BY 2013 BREACH

Way back in 2013, Yahoo had 3 Billion customers worldwide – who had a user-account with them. ALSO – way back in the month of August 2013, every single Yahoo customer was affected by a historical data breach. Yes, EVERY SINGLE Yahoo customer was affected in that 2013 breach, totaling 3 Billion accounts!

Every Yahoo Customer
DO YOU YAHOO?

Additionally, Yahoo was hit by another breach in 2014, which they said affected around 500 million of its customers. This breach is believed to be a separate incident from the 2013 breach. In March of this year, the Dept. of Justice indicted four people in connection with the 2014 breach – two Russian spies and two hackers.

It is unclear who was behind the 2013 breach, but the stolen data was up for sale on the dark web shortly afterwards. The dark web is an underground murky network, only accessible through special software, where criminals buy and sell their stolen data.

The compromised information included names, emails, phone numbers, birth dates, encrypted (hashed) passwords, security questions and the answers to those security questions. The stolen passwords were hashed, which is a form of encryption. It will therefore, be more difficult for crooks to crack them.

Although no financial information was stolen from every Yahoo customer, the info that was stolen is more than enough data for any criminal to use, for purposes of identity theft AND account takeover. 

Yahoo will be sending out notices to the additional affected accounts. Following their prior hacking revelation, Yahoo required password changes and invalidated un-encrypted security questions, in order to protect user info.

WHAT CAN YOU DO ABOUT IT? 
  • ALWAYS use unique passwords for each of your accounts. It is never a good idea to reuse the same passwords. Also, change your passwords periodically.
  • Make your passwords long, complex and hard to crack. Use sentences or phrases. Mix it up with numbers, symbols and upper & lower case letters.
  • Use two-factor authentication on all your important accounts. A code will be sent to your phone or email before you can successfully login to your account.
  • Beware of fake targeted emails that claim to be from Yahoo. These fake emails appear to be legitimate and will contain links and/or attachments designed to lure you into clicking on or opening them up. You’ll end up infecting your computer if you do!
  • Information you post on social media, coupled with what’s available via pubic records, makes it easier than ever for crooks to guess your security questions. So, use nonsensical answers to security questions instead of the actual real correct answer. For Example: Question: Mother’s maiden name – Answer: Pizza. Be absolutely sure to keep a record of those nonsensical answers you used, you may need them for future reference.

WHY YOU SHOULD PLACE A CREDIT FREEZE

A credit freeze is one of the most effective tools consumers have to prevent future Identity Theft involving credit. In light of the recent Equifax data breach, it is extremely advisable to do so – ASAP!  Think of a Credit Freeze as having an insurance policy that protects you from anyone trying to obtain credit in your good name.

A credit freeze allows you to actually ‘seal’ your credit reports. Therefore, no one, including cyber-thieves, can open up new lines of credit or get a loan – even if they have your social security number. Keep in mind that the Equifax breach exposed the Social Security numbers of 145.5 million U.S. citizens.

A credit freeze denies anyone else (except you) the ability to access your credit report. This prevents the bad guys from trying to establish new credit accounts or take out new loans, using your stolen information. If your credit file cannot be accessed, a lender will not be inclined to issue a new credit card or finance a new loan.

NOTE: Freezing your credit will not protect you from identity theft on your existing lines of credit, such as current loans or current credit cards. A freeze will not provide protection for any financial accounts that you already have open. Placing a credit freeze only protects you from future credit applications. In other words, if your current credit or debit card is lost or stolen, a thief can still steal from you, unless and until you shut down the affected account.

HERE’S HOW TO PLACE A CREDIT FREEZE

Credit Freeze
Freeze Your Credit File ASAP!

You’ll need to call or visit the websites of each of the three credit bureaus and request a Credit Freeze. Each credit bureau charges a small fee that varies by State. The cost in the State of AZ is $5.00 – per person – per credit bureau. Once a credit freeze is in place, it will remain frozen until you remove it or you temporarily ‘thaw’ or ‘lift’ the freeze.

Each credit bureau will assign a PIN (personal identification #) that you must be sure to keep in a safe place for later retrieval. The PIN will be required if you yourself ever want or need to personally apply for a new loan or credit.

If that occasion arises, you will need to temporarily ‘thaw’ or ‘lift’ your freeze, so that your personal application for credit can be processed by the lending institution. Therefore, you’ll need to contact the 3 credit bureau(s) and ‘lift’ the freeze for the number of days you need. Then, once the time expires, your credit file will automatically go back to being frozen again.

The fee to temporarily ‘thaw’ or lift’ a credit freeze will cost you $5.00 – per credit bureau. However, more-than-likely, you will only have to lift the freeze with just one of the credit bureaus. So, be sure to ask your would-be creditor which credit bureau they will use to check your credit.

EVERYONE NEEDS A CREDIT FREEZE

Keep in mind that each individual will need to place a credit freeze. Each person has their own credit file, which is paired with their social security number. So, a husband and wife will each need to place a freeze on their own credit file. Parents are also strongly advised to place a credit freeze on their children’s credit file too. Child ID Theft is a serious issue and very difficult to remedy.

Lastly, you must realize that a credit freeze cannot and will not protect you from other forms of identity theft – such as medical, tax or employment ID theft.  These types of ID theft are much more difficult to protect yourself from, so you must always be ever vigilant.

Remember, your information is only as safe as the companies that store your data and then protect it from data breaches. According to the Identity Theft Resource Center, there were 1093 data breaches reported as of December 2016. We are well on our way to breaking that record in 2017.

CHANCES ARE YOUR DATA IS ALREADY OUT THERE!

You must accept the fact that with all the data breaches and the many millions of records already exposed, your personal information is being sold to the highest bidder on dark underground websites. When it comes to protecting yourself from ID theft, it is always best to take matters into your own hands and be proactive. Always treat your identity as a valuable asset that must be protected at all times!

Read my previous article about a Credit Freeze vs a Credit Lock

Contact Info for Credit Bureaus:

Equifax: 800-349-9960 or www.equifax.com

Experian: 888-397-3742 or www.experian.com

TransUnion: 888-909-8872 or www.transunion.com