If you’re hunting for a deal (and who isn’t these days?), there’s a good chance Cyber Monday is on your radar. Falling on the Monday after Thanksgiving, Cyber Monday is marked by online retailers offering discounts to entice shoppers. And it works: according to Statista, in 2020 online shopping spending on Cyber Monday in the US alone reached almost 10 billion dollars - a 24% increase from the previous year. It’s safe to say Cyber Monday sees a lot of people online buying a lot of things.
If Cyber Monday is attractive for consumers, it’s also reasonable to assume it’s attractive for cyber-criminals. All those transactions! All that PII! All those phishing opportunities!
As it is, the cybersecurity waters aren’t exactly calm. According to the Bitwarden 2023 Password Decisions Survey, 60% of IT decision makers reported their organization experienced a cyberattack within the past year. The Bitwarden 2022 World Password Day Survey also revealed that nearly a quarter (24%) of global consumer respondents were affected by a data breach in the past 18 months. Earlier this month, a hacking group with purported ties to Russia claimed credit for disrupting more than a dozen U.S. airports’ websites. And in September, Uber experienced a major breach by an alleged 18-year-old hacker.
If this is what it’s like on days that don’t involve a massive influx of online shoppers, what type of criminal activity might one find on Cyber Monday or more generally, during the holiday shopping season? While it’s a bit challenging to break out stats for just the holidays, the FBI - on a page devoted to “Holiday Scams,” which should be telling - notes the Internet Crime Complaint Center (IC3) “receives a large volume of complaints in the early months of each year, suggesting a correlation with the previous holiday season’s shopping scams.” In 2021, the Cybersecurity & Infrastructure Security Agency (CISA) also put out a “Ransomware Awareness” alert calling out holiday targeting.
Bottom line? There are pretty compelling reasons to follow personal security best practices at all times, but especially around the holidays. Before launching into some tips for staying secure, here’s something else to consider: in an evaluation of the top 5 e-commerce sites in the US, Bitwarden found that website password security friendliness was a bit of a mixed bag. When it comes to security, it wouldn’t be wise to blindly trust that a website has done all of its due diligence.
So, what should consumers do if they want to shop securely on Cyber Monday and around the holidays? Fortunately, the solution doesn’t lie in a bunch of expensive hardware or software. Instead they should:
1. Use a Password Manager
Naturally, it’s our first recommendation - because password managers work. Password managers are one of the most effective and important tools for creating a private and secure profile online. They help consumers create and manage unique passwords so they don’t have to resort to the risky and foolish practice of reusing them over and over again. Consumers just need to remember their master password.
When it comes to finding the right password manager, look for providers that implement complete end-to-end encryption for vault items, as this indicates the password management provider cannot see anything inside of your vault.
Our online worlds revolve around passwords. Accept this, and then get yourself a password manager. And if cost is a concern this holiday season, don’t worry - you’ll be able to find a fully featured free option.
2. Use Two-Factor Authentication
Two-factor authentication, or 2FA, means using more than one method to unlock your account. So, you might start by signing into a website with your password but also need to verify your identity via a special code that was sent to you via SMS or email. By expanding the login process beyond a single step, 2FA makes it that much harder for cyber-criminals to guess your credentials. Common conduits for 2FA include SMS, email, authenticator apps, and security keys.
In an ideal world, consumers would rely less on SMS and email and more on more secure authenticator apps and security keys. But, some 2FA is better than no 2FA - so don’t let perfect be the enemy of good.
3. Don’t click on unrecognizable links or attachments
Scammers are constantly trying to manipulate consumers into clicking on compromised links or divulging personal information. Referred to as social engineering attacks, these fake reach-outs can come in the form of emails, phone calls, or texts. Those that redirect victims to websites harboring drive-by malware downloads are referred to as ‘phishing’ attacks, and they’re common. According to the Bitwarden 2023 Password Decisions Survey, emails purporting to be from financial institutions (41%) or your boss or company executive (22%) were the top phishing culprits of 2022. As we go into the holidays, expect more of this - with some fake retail sites thrown in for good measure.
Fortunately, there are some straightforward tactics for not falling prey to phishing attacks. You should check all aspects of emails to confirm they are from the proper institution. This includes looking at the email sender name as well as the accompanying email address. Hover over links to confirm they go to the proper website, and in general, avoid clicking on links since they can be designed to trick users. If you’re feeling suspicious, call the person or institution who supposedly reached out to you. Avoid clicking on random attachments from people you don’t know.
4. Avoid public Wi-Fi for e-commerce transactions
Just don’t do it. It’s not worth it. That purchase can wait until you get home and are settled into the confines of your own network. As the Federal Trade Commission (FTC) notes, there’s no guarantee public Wi-Fi will be secure.
Ready to experience the benefits of a password manager with Bitwarden? Quickly set up a free Bitwarden account, or keep your team protected online by initiating a 7-day free trial of our business plans.