Holiday shopping online? Brush up on these cybersecurity basics first

Holiday shopping, like everything else, will look a whole lot different this year. Rather than vying for a coveted space in crowded mall parking lots, most of us will be scrambling to get online orders in to meet shipping deadlines.  

Peak holiday spending season typically kicks off on Black Friday, when discounts abound. With the pandemic-related surge in e-commerce, shoppers are even more likely to be searching for deals online this year rather than queuing up outside of their favourite big-box stores. 

"Online spending is at an all-time high," says Sukhmani Dev, VP of Digital & Cybersecurity Solutions at Mastercard. "We conducted a survey, and asked Canadians how they will be shopping for the upcoming holiday season, and the vast majority (78%) said that they're likely to shop online." 

Mike Agerbo, technology expert and host of GetConnected, calls Black Friday and Cyber Monday "Christmas for cybercriminals," explaining that as Canadians head online en masse to spend, hackers tend to ramp up their efforts as well.   

As digital transactions doubled in 2020, credential-stealing scams became increasingly more creative, according to a recent report by Mastercard's NuData Security. Online attacks have become more sophisticated and human-like than ever before. Dev calls this new era of innovative cybercrime the opposite of the "spray and pray" approach previously taken by hackers.

As you begin to embark on your holiday shopping journey, here are some things to have top of mind to keep your personal and financial information safe. 

Don't shop at stores you're unfamiliar with

When it comes to where you shop online, experts recommend going with what you know and sticking with trusted retailers.

"We're working very closely with all players in the ecosystem, including merchants, to help protect Canadians," says Dev. 

It's important to do your homework before handing over payment information, according to Agerbo. "If it's a company you're not familiar with, look them up," he says. "Do a Google search on them. If you want to take it to the next level, phone that small business and confirm their website address to make sure you're on the right page. Also, in your web browser, up in the address bar, look for a padlock in the lock position. That means it's a secure website." 

Don't save your information unless you trust the merchant

Impulse buys are so much more simple when your name, address and payment information is pre-populated in a merchant's system, but experts say you should be careful when creating new accounts and saving your credentials since retailers, especially small and medium-sized businesses, have become especially susceptible to data breaches over the past few years. In a recent poll a quarter of Canadians admitted to having their login credentials stolen in database hacks.

"With more and more small businesses establishing an online presence — and doing so in a bit of a rush in an effort to serve their customers — they can become easy targets," Dev says. "Be more particular about where you're choosing to save your card information and when you do save your card information make sure that you're using strong passwords," she adds. She also recommends taking advantage of multi-factor authentication wherever possible. To confirm it's really you, some merchants will send a code via text message, which you have to enter to log in. Click to Pay is another service that lets consumers remove passwords from the equation.

Whether you're setting up an account with a new grocery delivery app or signing up for a points program with a trusted retailer, the same rules apply.

Dev adds that should your saved payment information become compromised; you should rest assured that the bank that issued your credit card will have your back. 

"Cardholders are protected against unauthorized or fraudulent transactions by the Mastercard Zero Liability Policy, which means they are not responsible for purchases made with a lost or stolen card", explains Dev.  "This benefit is available to all card holders, and it doesn't matter which website you're using. If cardholders suspect unauthorized use of their account, they should immediately contact the bank that issued their card for assistance and more information." 

Do update your apps and operating systems

Updates may seem annoying, but Agerbo advises against procrastinating on this essential task. He says that in addition to enhanced features and glitch fixes, updates often include patches to security vulnerabilities that, if left unattended, can quickly attract cybercriminals. 

"Make sure you protect yourself by updating all the different components of your online world: your browsers, your apps, your phone software and your computer software," says Agerbo. 

Don't open links or attachments from unknown sources

One third of Canadians have experienced a phishing attack this year, according to a recent report by Statistics Canada.

"We've been seeing a lot of domains related to COVID-19 relief pop up overnight, and those domains, which are likely fraudulent, are aiming to lure people into believing that grants, loans or funds are available for them to take advantage of, when it's likely just a scheme to skim people's credentials," says Dev.

"There are going to be a lot more phishing-type scams this holiday season," says Agerbo. "Particularly email scams trying to get you to log in to your account because maybe there's something wrong with your payment information or your password." 

You know that old chestnut: if something seems too good to be true, it likely is. Remind yourself of this as deals start to crop up on social media and in your inbox as the holidays draw near.   

"If someone is giving you a link to check out a special deal, I would not always click on that," says Agerbo. "I would type the website address in myself for that business and go there directly."

"Be vigilant," says Dev. "Mastercard will never call you directly. We will never ask for your personal information directly. Don't open links or email attachments from unknown sources. Don't share credit card information or personal information via unsolicited phone calls or emails or text messages. And if you ever accidentally provide your credit card information and it seems suspicious later to you, immediately call your bank and let them know that that happened so that they can help you." 

This is paid content produced on behalf of Mastercard. This is not CBC journalistic content. To learn more about Advertising and Paid Content on CBC click here.