Black Friday is behind us. Cyber Monday is in the rearview mirror. But, if you’re like me, you still have a fair amount of holiday shopping left to do. As the holiday season rushes toward us the convenience of last-minute, online shopping becomes especially attractive, especially if you spend most of your time out on the road as a professional truck driver.
However, the surge in online activity this time of year also attracts cybercriminals eager to cash in and exploit unsuspecting holiday shoppers. To ensure that your personal information and access to your hard-earned cash remains secure, it’s crucial that you adopt robust cybersecurity practices. Here are ten tips to help you safely navigate online shopping this holiday season.
Before you even begin your online shopping, make sure that your devices—smartphones, tablets, and laptops—have the latest software updates installed. These updates often include security patches that will protect you from known vulnerabilities. It’s good practice to enable automatic updates on all your personal devices so that this happens without requiring you to remember to check for and manually install updates.
Make sure that you are using strong, unique passwords for every one of your online accounts. A strong password should be long, and complex. Typically, these should include a mix of upper and lower-case letters, numbers, and special characters. An alternative is to use what is known as a passphrase. This is a very long sentence or phrase that only you know but is easier to remember than a complex password. This should still include upper and lower-case letters at a minimum and often will be more than twenty characters long (think: favorite song’s first line, a description of your favorite memory, etc..)
Adding an extra verification method on top of a password significantly reduces the likelihood of a bad actor gaining access to your accounts even if they manage to harvest or guess your username and password. Multi-factor authentication (MFA) requires either a text message code, or biometric verification (fingerprint/facial scan) plus your password to access an account.
Stick to well-known and reputable retailers when shopping online. Be very wary of deals that seem too good to pass up, as they are likely to be fraudulent. Verify the legitimacy of a website by checking for contact information, customer reviews and always ensure that the connection is secure before entering any payment information. You can verify this detail by making sure that there is an https:// in the URL. Just remember that a scammer can host a “secure” site on an https:// URL and still not be legitimate. Make sure to do a little research on any new site you are shopping on for the first time. Check online reviews from other sites, such as Reddit. Even quick search for “[Site/Company Name] scam” or “[Site/Company Name] reviews” can help you sniff out a scam site fairly easily.
Cybercriminals often use phishing emails or messages to trick their victims into providing personal information or clicking on malicious links. Be skeptical about any unsolicited communications, especially if they include a sense of urgency to act immediately or request any sensitive or personal information. Always verify the source before clicking links or downloading attachments. It is best to avoid clicking any link or interacting with any attachments in communication that you did not initiate.
It’s best to use a credit card and not a debit card when shopping online. Credit cards typically offer better fraud protection and if the card number is ever compromised, your personal bank account cannot be drained using that number. Avoid payment methods such as wire transfers or prepaid gift cards when possible as these are harder to trace in the event of fraud. Remember to regularly monitor your accounts for any unusual or unauthorized transactions and report them to your financial institution immediately.
Public Wi-Fi networks are typically less secure and are susceptible to on-path or “man-in-the-middle” attacks, making it easier for a cybercriminal to intercept your data. Don’t access sensitive accounts or make financial transactions on public Wi-Fi networks. If public Wi-Fi is the only available option, use a virtual private network (VPN) to encrypt your traffic.
Remember: If it seems too good to be true, odds are that it is. Scammers often use social media platforms to promote fraudulent deals and counterfeit products. Be very cautious when encountering ads on social media. Research the seller thoroughly and access their site directly, rather than through the social media link before making any purchases.
As mentioned above, keep a close eye on your bank and credit card statements to detect any suspicious activity immediately. Many financial institutions offer alert services that notify you of any transactions above a certain threshold. If this is an option at your financial institution, be sure to take advantage of it as an added layer of security.
Keep yourself educated about the latest cybersecurity threats and scams. Organizations like the Cybersecurity and Infrastructure Security Agency (CISA) provide up-to-date information and resources to help you stay vigilant: www.cisa.gov.
By incorporating these tips into your online shopping routine, you will be able to take advantage of the convenience of purchasing holiday gifts from the road without compromising your personal and financial security. Remember that staying cautious and staying informed is your best defense against cybercriminals this holiday season.
Ben Wilkens, CISSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™. He leads research initiatives and teams focused on developing advanced cybersecurity technologies, strategies, and methodologies to protect information systems and networks. Ben works closely with academic institutions, industry partners, and government agencies to advance cybersecurity practices and provides expert guidance to organizations navigating the ever-changing cyber threat landscape.
Before joining NMFTA, Ben was a key executive at a family-owned trucking and logistics company, where he integrated technology to enhance operations while maintaining robust cybersecurity standards. With CISSP and CISM certifications, an active Class A CDL, and hands-on experience as an over-the-road driver, dispatcher, and IT specialist, Ben brings a unique perspective to the intersection of cybersecurity and transportation.