If you’re hunting for a deal (and who isn’t these days?), there’s a good chance Cyber Monday is on your radar. Falling on the Monday after Thanksgiving, Cyber Monday is marked by online retailers offering discounts to entice shoppers. And it works: according to Insider Intelligence, Cyber Monday 2022 “was the largest ecommerce sales day in history. Consumers spent $11.3 billion online - a 5.8% increase over last year”. It’s safe to say Cyber Monday sees a lot of people online buying a lot of things.
If Cyber Monday is attractive for consumers, it’s also reasonable to assume it’s attractive for cyber-criminals. All those transactions! All that PII! All those phishing opportunities!
As it is, the cybersecurity waters aren’t exactly calm. According to the Bitwarden 2023 Password Decisions Survey, 60% of IT decision makers reported their organization experienced a cyberattack within the past year. The Bitwarden 2023 World Password Day Survey also revealed that nearly a quarter (20%) of global consumer respondents were affected by a data breach in the past 18 months.
Currently chronicling ‘significant cyber incidents’ is the Center for Strategic and International Studies, which has captured instances of major attacks on government agencies, tech firms, and organizations that have experienced a loss of more than a million dollars. While the list is heavy on nation-state hackers, it also includes run-of-the-mill cyber criminals seeking payday - and it’s extensive. And in October 2023, Google and Amazon disclosed they had fought off what was apparently the largest known denial-of-service (DDoS) attack they had ever experienced.
If this is what it’s like on days that don’t involve a massive influx of online shoppers, what type of criminal activity might one find on Cyber Monday or more generally, during the holiday shopping season? While it’s a bit challenging to break out stats for just the holidays, the FBI - on a page devoted to “Holiday Scams,” which should be telling - notes the Internet Crime Complaint Center (IC3) “receives a large volume of complaints in the early months of each year, suggesting a correlation with the previous holiday season’s shopping scams.” Both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have also noted “an increase in highly impactful ransomware attacks occurring on holidays and weekends”.
Bottom line? There are pretty compelling reasons to follow personal security best practices at all times, but especially around the holidays. Before launching into some tips for staying secure, here’s something else to consider: in an evaluation of the top 5 e-commerce sites in the US, Bitwarden found that website password security friendliness was a bit of a mixed bag. When it comes to security, it wouldn’t be wise to blindly trust that a website has done all of its due diligence.
So, what should consumers do if they want to shop securely on Cyber Monday and around the holidays? Fortunately, the solution doesn’t lie in a bunch of expensive hardware or software. Instead they should:
1. Use a Password Manager
Naturally, it’s our first recommendation - because password managers work. Password managers are one of the most effective and important tools for creating a private and secure profile online. They help consumers create and manage unique passwords so they don’t have to resort to the risky and foolish practice of reusing them over and over again. Consumers just need to remember their master password.
When it comes to finding the right password manager, look for providers that implement complete end-to-end encryption for vault items, as this indicates the password management provider cannot see anything inside of your vault.
Our online worlds revolve around passwords. Accept this, and then get yourself a password manager. And if cost is a concern this holiday season, don’t worry - you’ll be able to find a fully featured free option.
2. Use Two-Factor Authentication
Two-factor authentication, or 2FA, means using more than one method to unlock your account. So, you might start by signing into a website with your password but also need to verify your identity via a special code that was sent to you via SMS or email. By expanding the login process beyond a single step, 2FA makes it that much harder for cyber-criminals to guess your credentials. Common conduits for 2FA include SMS, email, authenticator apps, and security keys.
In an ideal world, consumers would rely less on SMS and email and more on more secure authenticator apps and security keys. But, some 2FA is better than no 2FA - so don’t let perfect be the enemy of good.
3. Don’t click on unrecognizable links or attachments
Scammers are constantly trying to manipulate consumers into clicking on compromised links or divulging personal information. Referred to as social engineering attacks, these fake reach-outs can come in the form of emails, phone calls, or texts. Those that redirect victims to websites harboring drive-by malware downloads are referred to as ‘phishing’ attacks, and they’re common. According to the Bitwarden 2023 Password Decisions Survey, emails purporting to be from financial institutions (41%) or your boss or company executive (22%) were the top phishing culprits of 2022. As we go into the holidays, expect more of this - with some fake retail sites thrown in for good measure.
Fortunately, there are some straightforward tactics for not falling prey to phishing attacks. You should check all aspects of emails to confirm they are from the proper institution. This includes looking at the email sender name as well as the accompanying email address. Hover over links to confirm they go to the proper website, and in general, avoid clicking on links since they can be designed to trick users. If you’re feeling suspicious, call the person or institution who supposedly reached out to you. Avoid clicking on random attachments from people you don’t know.
4. Avoid public Wi-Fi for e-commerce transactions
Just don’t do it. It’s not worth it. That purchase can wait until you get home and are settled into the confines of your own network. As the Federal Trade Commission (FTC) notes, there’s no guarantee public Wi-Fi will be secure.
Looking for even more suggestions to stay secure online? Check out the ‘Holiday Online Safety Tip Sheets’ from CISA.
Ready to experience the benefits of a password manager with Bitwarden? Quickly set up a free Bitwarden account, or keep your team protected online by initiating a 7-day free trial of our business plans.
Editor's Note: This article was originally written on October 27th, 2022 and was updated on November 9th, 2023.