This post has been republished via RSS; it originally appeared at: Microsoft Security Blog.
You may have already noticed this holiday shopping season feels different than those we’ve had before. Headlines about supply chain issues, worker shortages, costs rising—all while the pandemic continues to impact our lives. In my own inbox, I saw emails from brands touting Black Friday sales as early as October! An attempt to get ahead of any shipping delays that are widely expected to impact the holiday season. It’s no surprise that according to a recent Microsoft survey,1 at least 63 percent of holiday shopping will be done online.
While we all grapple with these challenges and what they mean for our holiday traditions and celebrations, there is another group that is evaluating what it means for them—hackers. We know bad actors aim to understand the psychology of their victims—what tricks will they fall for and what vulnerabilities they have. And this year, there are some new areas around which we all need to be extra vigilant. Luckily, if we are aware and take simple steps to protect ourselves, we can all have peace of mind this season.
According to our survey, price and availability are the two most important things shoppers are considering this year. We know price is always at the top of the list for most shoppers, but availability is a newer concern for most this year. If you’re already worried about getting gifts in time, you are certainly not alone—54 percent of people report they are worried about supply chain issues. And one in five are willing to go to a third-party seller, like auction or resale sites, to get their must-have holiday gifts.
Less than half of those surveyed say they consider the safety and security of their personal information when shopping online—while I’m glad to see that it’s in the consideration set, that means more than half aren’t even thinking about it. Luckily there are a few simple things that can set us all on a path to a safer shopping experience.
Fortify ahead of time
Before you start making purchases, look at the things you can do now to keep yourself more secure. We know that weak passwords are the entry point for most attacks—and there are a whopping 579 password attacks every second! Stop keeping track of your passwords and look to more secure alternatives.
- Turn on multifactor authentication: If an account or service offers multifactor authentication (MFA), turn it on. If someone else tries to log into your account, you will be able to thwart the attempt when you are notified with a text, email, or other chosen method. MFA can block over 99 percent of password attacks.
- Use free, trusted tools: Microsoft Edge offers several free features to keep you safe while shopping online. Should any of your saved logins become compromised, Password Monitor will notify you, allowing you to quickly change your password with the new one-click Easy Update feature in Edge. Password Generator automatically generates a strong, unique password suggestion each time you need one, as you create accounts to get all those great holiday deals.
- Delete your password altogether: Where possible, remove your password completely and choose an alternate, more secure form of authentication. We make it easy to remove your password from your Microsoft account—not only is it more secure, you never need to worry about forgetting or changing a password. Learn how to go passwordless here: The passwordless future is here for your Microsoft account.
Don’t fall for too-good-to-be-true offers
With so many people worried about availability, we all need to be extra vigilant about scams that may prey on our desires to get the gifts our loved ones want. It can be easy to get tunnel vision and when we see an ad for what we want with a “guaranteed delivery” offer. It might be tempting to go for it even if it’s a site we aren’t sure we can trust. But keep in mind, most offers that seem too good to be true are just that.
People are still falling victim to online scams like buying a fake digital gift card or making a purchase from what turned out to be a fake company. In fact, one in four have admitted to buying an item and receiving something that didn’t match the online description at all. Imagine thinking you’re getting the most popular toys of the holiday season only to get something that is more scary than merry.
And if you think that email offering extreme discounts or availability for an item that is sold out everywhere else seems a bit phishy, you may be right. Before you click, hover over any suspicious links to see if the web address matches what’s mentioned in the message. Look for any weird spellings, extra letters, or other telltale signs. When in doubt, go to the retailer website directly and see if the offer checks out. Learn more tips to spot phishing here:
- 7 ways to protect yourself from phishing
- Trend-spotting email techniques: How modern phishing emails hide in plain sight
These are just a few simple things you can do to help make your holiday shopping more secure, but the most important is #BeCyberSmart! Educate yourself, your family, and your friends about the threats out there and how to protect yourself. This helps us all be more vigilant and makes the world a little safer every day. To help you learn more about cybersecurity safety, visit our cybersecurity education resource center.
We’ll share more tips this holiday season—and be sure to check out what our colleagues at RiskIQ have to say about keeping e-commerce sites secure for holiday shopping.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Data is from YouGov Omnibus among a sample of 2,010 adults in the US and was collected between 3 to 5 of November 2021. The survey was carried out online and data have been weighted to be representative of all US adults (aged 18 plus).
The post Stay safe online this holiday shopping season with tips from Microsoft appeared first on Microsoft Security Blog.