Shopping online

How to Protect Yourself from Online Scams this Holiday Season

Since October is Cybersecurity Awareness Month, BECU Chief Information Security Officer Sean Murphy shares his tips for protecting your personal information online.

As part of BECU's activities for Cybersecurity Awareness Month, I am sharing important tips for protecting your personal information online. As we approach the holiday shopping season this year, constrained in many ways by the COVID-19 pandemic, it's more important than ever to remain vigilant.

1. Take steps to secure your accounts

These steps can help prevent your personal information from falling into the wrong hands:

  • Use complex passwords and change them regularly. Also, don't use the same account credentials for multiple online accounts.
  • Make sure to install the latest security updates on your computer.
  • Be careful when using public WiFi access points. Also, do not conduct transactions in public places since people can be looking to view and copy data like your bank card information, passwords, etc.
  • Regularly back up your data and sensitive information.
  • Be careful with downloads. Use malware scanning tools before downloading any application or software on your computer.
  • Opt-out of tracking cookies within your web browser. Also, make sure to check your browsers for current cookie settings.

2. Continually monitor for suspicious activity

As the COVID-19 pandemic continues, many shoppers will make their holiday gift purchases online. During the holidays, we usually see more spoofing attempts by criminals hoping to fool people into providing information that leads to account access. We also see an increase in attempts to steal personal information that can be used to open new lines of credit.

Monitor your credit report to ensure that accounts and credit cards are not being opened in your name without your knowledge. It's also a good idea to routinely comb through your debit and credit card activity to make sure there aren't any suspicious or unfamiliar charges. If you do notice any fraudulent activity, report it to your financial institution as soon as possible.

Most financial instititions, including BECU, allow you to set up text or email alerts to notify you when there are unusual activities on your account, such as a low account balance, large expense, or international transactions.

3. Remember the phrase: S.H.U.T.U.P.

As the holiday shopping season approaches, we should all be skeptical when we see emails with links that provide offers for gift cards, discount airfares or extra-special giveaways. My advice, even during the uptick in risk during this time, is to be on the lookout for red flags that signal a potential cybersecurity scam. Here is a memorable acronym to remember what to look for online:

  • S – Sensational: Content that is meant to draw your attention and seems too good to miss.
  • H – Hostile: The tone can be hostile and aggressive as the attackers try to get you to act.
  • U – Unfamiliar: Messages that come from unknown senders. If you do not recognize the source or did not expect the email or call, be skeptical.
  • T – Too good to be true: For example, notices of large cash rewards are likely a scam.
  • U – Urgency: Using an impending or urgent deadline to force you to act quickly.
  • P – Personal information: Legitimate sources are not going to ask for your personal information.

4. Trust your instincts and verify websites

It is important to stay vigilant to protect yourself from theft of your personal information online. A healthy dose of skepticism is a good foundation for taking internet safety seriously.

When browsing social media sites, check to see if the account has a blue checkmark icon right by the name. This indicates that it is a verified, legitimate account. Also, before making any purchases or inserting personal information, look to see if the account has a large number of followers and an archive of regular content that was posted over time. Finally, check the website address to make sure it matches the official address. Secure sites should have a lock icon to the left of the URL and should also begin with ‘https,' which indicates the site is using a security certificate to protect your data from third parties.

5. Report cybersecurity scams

If you do fall victim to an online scam, don't be embarrassed. Online scammers often impersonate real institutions and people, and over the past several years they have gotten much more sophisticated in their techniques.

If you suspect you have encountered a scam, it's better to reach out to your financial institution sooner than later so they can close the account as quickly as possible and save you from being liable for any unauthorized charges. It is also important to report it to authorities so they can investigate and warn the public. If the scam happened online, you can report it to the FBI's Internet Crime Complaint Center. Here is a list of other places to report scams.

Interested in learning more? BECU has partnered with KnowBe4 to offer FREE cybersecurity courses with lessons on protecting your identity, creating strong passwords, keeping children safe online, and more.

About Sean Murphy

As BECU's Chief Information Security Officer, Sean Murphy leads the credit union's Information Security team with a focus on creating a culture of cybersecurity built-into the work we do. He manages the tools, processes and policies BECU uses to safeguard our members' personal and financial information.