What Not To Do This Black Friday?

Guest written by James Lyne, Global Head of Security Research, Sophos

Instead of creating the traditional ‘top tips to protect yourself from cyber-criminals this Shopping Season’, Sophos has turned it on its head to create the Shopping Season Security Checklist which will highlight the top 10 consumer traits that leave you vulnerable to cyber-criminals.

1. Use a password that’s easy to remember, like ‘Password’ or ‘123456’. Though they are easy to remember, for a cyber-criminal this is like giving candy to a baby. A password like this can be cracked in less than a second.
2. Have the same password for everything so it’s easy to remember. It’s a lot of hassle having to have a separate password for our online banking, online shopping and email accounts. However, remember if a cyber criminal has access to one password they have access to all your accounts and the plethora of data they contain.
3. Create a ‘log-in and password’ folder on your phone or in your email. So, you have different passwords and usernames – that’s great. But keeping a folder with all of the information in is a hacker’s dream and one that is easier to access than you might think. You’re better off using a password manager that you know is secure.
4. Ignore notifications to update your phone or your laptop. We all get frustrated by notifications asking us to update the software on our laptops or iPhones, and it’s so easy to ignore or click remind me later. But some updates will have important security patches that really need to be carried out.
5. Open links or attachments in an email from an unknown sender. Has curiosity ever got the better of you, and you’ve been desperate to know what’s in the attachment or tempted to click a malicious looking link? Phishing emails are going from strength to strength and some are even fooling the pros, but as a rule of thumb never open it if you’re not expecting it.
6. Replying to emails that notify you of unusual activity on your account. The majority of ‘fraud alert’ or ‘account compromise’ emails these days tend to be scams. Don’t reply to them or click on the links, but instead go directly to the website of the provider (or phone them) to check for issues. Clicking a link in one of these emails and ‘signing in’ is a classic way to lose your login information.
7. Click ‘remember me’ when you log into sites. It’s convenient to be able to go on a site and already be logged in, but do you want to allow a cyber criminal access to your Facebook account for example? Always log out and never tick the ‘remember me’ box.
8. Believe deals that are too good to be true – there’s no such thing as a free iPhone. We’re all after a good bargain this Black Friday, but this also presents cyber criminals with an opportunity to steal your information by offering you the most competitive deals. Use your initiative to know what is real and what isn’t, and if you aren’t sure, don’t take the risk.
9. Connect to an unknown Wi-Fi network. It’s important to be confident that the Wi-Fi you’re connecting to is secure. Otherwise all the data on your phone from your Facebook account to your banking apps could be infiltrated by a cyber criminal. If you’re not sure it’s secure but you really need to connect, you could use VPN.
10. Don’t check your transactions and miss any fraudulent activity on your cards. These days it’s much harder to check every transaction on our bank statements, however the Christmas shopping period is the most important time of year to be doing this in order to avoid falling victim to fraud. If you discover payments that you can’t identify, notify your bank immediately.