As we enter a new year, chances are many of you will continue to shop online as you seek out great post-holiday deals and prepare for upcoming birthdays and other celebrations that involve gift-giving. And cybercriminals are banking on this growing trend, planning to capitalize on these web-based purchases, and the growth in smart connected devices, to try and steal personal information.
McAfee’s A Christmas Carol: Scam Edition survey found that 40% of Canadians have already been exposed to e-mail phishing scams this year, or know someone who has; 39% were victims of robocalling, and 30% of text phishing. During the first quarter of this year, the account credentials of more than 2.2 billion people were stolen and sold by underground cybercriminals, reports the McAfee Advanced Threat Research (ATR). Canadians have lost money due to such scams, with 33% reporting having lost more than $500.
“Just like your family, cybercriminals have holiday traditions and they are constantly looking for ways to take advantage of holiday shoppers,” says Gary Davis, Chief Consumer Security Evangelist at McAfee. “While most consumers believe that cyber-scams become more prevalent during the holiday season, a third don’t actually take any steps to change their online behaviour. It is crucial that we are mindful of potential risks and take the proper steps to protect ourselves this holiday season.”
It isn’t just about protecting yourself while you shop, though. It’s also about protecting your loved ones by ensuring that they not only know how to set up the high-tech devices you buy for them, but that they are aware of how to ensure these devices aren’t used as gateways into their home Wi-Fi, and thus for access to their personal account information.
Which Tech Gifts are Totally Hackable?
Here are some of the products and services you need to be especially careful with and what you can do, and suggest to your gift recipients to do, in order to safeguard them so they won’t be vulnerable to cybercriminals.
Smart…anything: Whether it’s a smart TV, smart speaker, smart display, smart security camera, baby monitor, and more, virtually any device that will be connected to Wi-Fi is hackable. And while it might seem like no big deal if someone were to access your smart speaker, it can lead to big problems should they use that device to gain access to more personal information.
How to safeguard them: With smart speakers and other similar devices, make sure they are connected to a secure and password-protected Wi-Fi network. The password shouldn’t be something easy to guess nor the same as passwords you use for other services. Set up a guest network for visitors. Don’t keep your passwords on a file on your computer or a piece of paper in your sock drawer. If you find it difficult to remember them all, invest in password management software that can store a list of your passwords and encrypts the data so it isn’t easy to steal. And always keep devices updated with the most current software updates, which, often times, include security patches to prevent hackers from gaining access.
Note, also, that while always-on microphones are great for convenience, there are privacy implications that need to be considered.
Smartphones and Laptops: Yes, mobile devices can be great gateways into your personal details. Remember, today people store everything from their work data to banking information, e-mail, social media, and more, on their mobile devices.
How to safeguard them: As with any other connected device, make sure it is connected to a secure and protected Wi-Fi network or, in the case of smartphones, cellular connection. To go the extra mile, set up fingerprint or facial biometric authentication so only you can unlock the mobile device, and never to connect to open public Wi-Fi networks, which can leave devices vulnerable to attack. It’s a good idea to install anti-virus software, which is available for smartphones as well as laptops and computers. Also, be wary of Bluetooth, says IT infrastructure company Matrix Intgeration. While you might think it’s a safer way to connect than Wi-Fi, it can provide a direct link for cybercriminals to access your personal information. Remind the person to disable Bluetooth if they are in a crowded public place as a precaution.
Speaking of public places, make sure the person knows never to punch in secure passwords on a device like a laptop or smartphone when someone could be looking on, and to never login to secure apps or sites with sensitive information, like a banking app, while on a public Wi-Fi network. Wait to do so when you get home.
Apps: In addition to smartphones themselves, cyber criminals can use apps to steal information about you, like your home address, credit card information, and even account passwords. This goes for gifts you might give like subscriptions to video streaming services or app stores, as well as popular app games.
How to safeguard them: Be mindful of what information you share with which app providers, and always use secure and unique passwords for every service. Where possible, use a service that masks your actual credit card number when making online purchases within apps so it’s more difficult to steal your personal information.
Gift cards: Believe it or not, gift cards are hackable, yet McAfee says 29% of Canadians don’t even know fraudulent gift cards exist.
How to safeguard them: Only buy gift cards from reputable stores and keep the receipt. While they don’t contain personal information, you could end up being taken advantage of if you try to buy one from a website that isn’t well-known or trusted and secure.
Toys with microphones: While you might be tempted to buy a special child that cute toy with a microphone, make sure that the parents know how to use and protect it. Cybercriminals could gain access to the toy, which would them lead them to personal information about your child, including their name, age, and maybe even voice. It could also lead to parents’ personal information including credit card number, home address, and more.
How to safeguard them: Include only limited information if registration is required and turn the toys off when they aren’t being used. Always make sure you are present when the child is using the toy. If it’s connected to your Wi-Fi network, again, make sure it is a secure Wi-Fi connection.
What else should you be mindful of when shopping online?
Double check the authenticity of an e-mail: During the holiday season and the Boxing Week (and even month) that follows, your e-mail inbox is probably chocked full of promotional e-mails from your favourite retailers promising heavy discounts when you buy online or in store. But double check where the e-mail address is originating from as well as the website address it clicks to. To be safe, open your web browser and type in the store’s web address directly instead or contact the retailer by phone to confirm the authenticity of the e-mail. Even if the site looks legitimate, it could be a carbon copy made by a hacker.
Note that you could be buying from independent sellers: Even when you are buying something from an authentic retailer’s website, it isn’t always coming from them. Many retailers offer products from independent, third-party sellers, too. Before you confirm that purchase, double check whether you’re buying from the retailer itself or a third-party seller using their website. You can detect third-party sellers through wording used like “sold by,” “shipped by,” or “fulfilled by” listed by the product description. Some retailers also have separate sections on their websites called a “marketplace” or “partners” where items are sold by someone else. If you’re doing this, make sure you fully understand who needs to be contacted in the event of a customer service issue as well as who handles delivery to ensure it makes it on time.
With the right safeguards in place and ensuring that the person you’re giving a high-tech gift to understands how to use it and, most importantly, how to protect their personal information while using it, the latest tech can be a welcome gift for just about any occasion.
Related: Cyber Safety