10 Cyber Monday Security Tips

Cyber Monday Is The New Black Friday

Known as Cyber Monday, the Monday after Thanksgiving is often the biggest online shopping day of the year. But it's not just online retailers hearing the "ka-ching" of virtual cash registers. Cyber criminals will also be banking on users' eagerness to get the lowest deals on Cyber Monday with a slew of scams and malware attacks designed to part shoppers from their credit card numbers. The good news is, these schemes are often avoidable by applying a few Cyber Monday security best practices and beefing up antimalware software (or installing some if you don't have any).

Here are 10 tips that will keep your future online gift from turning into a lump of coal. Happy holidays!

Refrain From Clicking Embedded Links

As the holidays draw nearer, users will be pummeled with offers for great deals on popular gifts such as iPads and Wii.

But even if they look legitimate, links included in e-mails, IM or social media, are never a good thing, especially if the communications are unsolicited. And that goes double for the holiday season, when users are rushed to buy gifts and too pressed for time to adequately check the sites they visit.

Once users click on the links, they will almost certainly be taken to a Web page that downloads malicious code onto their system, used to capture keystrokes or infiltrate the machine to steal sensitive or personally identifying information.

So instead of clicking, check the URL contained in the message. If it doesn't look familiar, stay far away.

Double Check Search Engine Results

During the holidays, users will typically bombard search engines with holiday-related terms and popular gift items such as "Holiday Sale" or "Xbox Discounts." But these days, it's not enough to blindly click the first few search engine results.

The reason? Cyber criminals are more likely to launch search engine optimization poisoning attacks, manipulating the ranking algorithm to put their malicious sites at the top and greatly increasing the amount of click traffic.

Users who click on these results will often be taken to sites that drop malware or peddle bogus merchandise.

To avoid being duped, double-check the top ranking sites by scrolling your mouse over the URL to make sure you aren't redirected to another site than the one displayed. And look closely at the context of the link before clicking to scan for content that might not be relevant to your search term.

Be Wary Of Friends Bearing Gifts

Okay, well, we don't mean your real friends. However, hackers have mastered the art of social engineering schemes by embedding malicious links in spoofed e-mails or their friends' social networking profile pages. Hackers then exploit users' inherent trust in the alleged sender, which compels them to click on the malicious embedded links without question.

With the influx of users reaching out to friends and family during the holidays, these scams will likely experience an increase.

So ask yourself -- does your friend usually send you links to "great deals on designer watch knockoffs?" If the answer is no, then be suspicious when clicking on the link, even if it appears to come from a familiar source. For ultimate peace of mind, call your friend to find out if he or she sent the message. Once again, if the answer is no, then start deleting.

Stop Yourself From Handing Over Unnecessary Information

In the midst of an online transaction, it's easy to provide information and details hand-over-fist in an effort to check it off your list and be done with it. But wait before you start blindly giving your life away.

Legitimate online retailers only need to know credit card, billing and shipping information. Anything else is irrelevant. So if you're asked for extraneous information such as Social Security numbers, drivers license number, mother's maiden name or anything else, then the transaction is either a phishing attack or being tampered with to harvest data.

Either way, the next step is to put a stop to the transaction and make the purchase from a reputable online retailer.

Avoid Transactions Over Public Wi-Fi

While traveling during the busy holiday season, it may be most convenient to do a little shopping wherever you can plug in, whether that be the hotel lobby, an airport or a coffee shop. However, while convenient, this may not be the wisest shopping strategy.

Unknown, unsecure hot spots are prime targets for hackers because they're just that -- unsecure. These open networks enable cyber criminals to sniff out traffic flowing to and from these hotspots, allowing them to intercept communications and capture login credentials and other sensitive information, such as credit card and bank account numbers.

If you do get the urge to log onto a public Wi-Fi over the holidays, go to somewhere with a secured wired or Wi-Fi connections. And try to make your most sensitive transactions in the safety of a privately secured network.

Stick With Known Merchants

Almost everyone is looking to save as much money as possible in the weak economy. And in the enthusiasm to get a good deal, it's easy to overlook key details that could give clues as to whether the site is legitimate.

But don't be fooled by the low price tag. During the holidays, spammers routinely hook users with good deal offers to peddle bogus merchandise or to deliver a different product than promised in exchange for the victim's money and credit card details.

So research e-commerce sites, check for valid contact information, and scan for a known trust seal authenticating it as a trusted site. And when it doubt, stick with what you know.

Keep Antivirus Updated

Let's face it, with all that online shopping, there's a higher probability that you'll unintentionally visit a malware or phishing site. And chances are it won't be immediately obvious if you do.

These days, malware authors have sacrificed the fame and glory of high profile viruses for stealthy attacks designed to sit silently on your machine and funnel your financial and personally identifying information to their malicious servers. Often these attacks are delivered via drive-by downloads, in which users become infected simply by visiting a malicious site.

So be prepared for the worst. Download the latest version of your favorite antivirus or antimalware software, which ideally should be able to block all of the malicious code that gets hurled your way, while providing alerts and reports on sites that are suspicious or dangerous.

Secure That Smartphone

With the explosion of BlackBerrys, iPhones and Android devices on the market, more users will be doing their holiday online shopping from their smartphone. Unfortunately, hackers know this too. Subsequently, more malware is being written for smartphones designed to steal login credentials and other sensitive information.

As with conducting transactions from a laptop or any other mobile device, take necessary precautions when doing business or making online purchases. Make sure all the device's security features are enabled. And avoid making your most sensitive transactions in public hotspots or surrounded by numerous strangers.

Change Passwords Frequently

It should be a habit anyways, but it's always a good idea to change passwords and other login credentials with increased frequency during the holiday season, particularly for online banking, PayPal, Amazon and other financially sensitive accounts.

Not surprisingly, users will access these types of accounts with increased regularity during the holidays to make gift purchases and check balances.

Like we said before, most users will be unaware if their account usernames and passwords have been compromised in a malware attack. Regularly changing passwords serves as one mitigating factor by rendering the stolen information obsolete.

While changing passwords doesn't replace installing a solid antivirus product or applying other security best practices, it could be just the deterrent that forces would-be hackers to venture elsewhere.

Okay, You Got Hacked

Worst case scenario -- your computer has malware. An account was hacked. You sent private information to scammers. Okay, it happens.

If you have any reason to believe that personal information or passwords have been stolen, notify all of your affected accounts immediately. Change all of your passwords and alert banks and credit card companies to any potential misuse of your financial information. Meanwhile, obtain a copy of your bank statements and credit report to find evidence of fraud.

No one likes dealing with the aftermath of malware, and cleaning up a hack can entail additional stress during the holiday season when users are already weighted down by lack of time and tightening budgets.

Most of the time, attacks are avoidable -- just keep in mind that prevention is always easier than recovery afterward.