With the holiday season approaching, and Black Friday and Cyber Monday some of the busiest shopping days of the year, University of Central Florida cybersecurity researchers are offering tips for keeping privacy and personal identity safe.

Online Shopping

  • Make sure that any online vendors have the shield/padlock symbol near the web address bar as opposed to an exclamation mark or warning. This indicates that the website is secured by Secure Socket Layer (SSL) protocols, which means your data is safely encrypted.
  • Be sure the shield/lock encryption symbol is present when entering passwords or credit card information through websites
  • Encryption is meaningless if the website is fake. Common attacks are to take you to a site like “amaz0n.com” or “amazon.com.servicesite.net,” neither of which is to the company at “amazon.com.” Many times, links to fake websites can arrive through emails.
  • When making new accounts, use a new password. Do not reuse passwords. Use a password manager to avoid having to remember them all. Turn on two-factor authentication, which is an extra layer of security protection, when possible.
  • Be sure to shop from reputable merchants or at least pay through reputable payment companies so that you share your credit card number only with reputable parties.
  • Never use your debit card for online shopping. Use your credit card instead.

Privacy

  • Be mindful of what you post on social media. If you have your profile set to public or have accepted friend requests from strangers of weak ties, you might want to think twice about posting information that makes it obvious that you are out of town. It makes it easy for people to target your home when you are not there.
  • Also, check your privacy settings on social media, especially those that can reveal the location of where your post was shared or your holiday pictures were taken, as these could identify that you are out of town.
  • For people who are traveling during the holidays, remember to activate home monitoring systems and make sure your Wi-Fi is working. Ensure that security settings are enabled on these systems and on any smart devices in the home so that hackers cannot hack into them and threaten your home’s safety.
  • Keep your smartphone safe by ensuring it has a long PIN, full disk encryption, or the encryption of all the data on the computer’s disk drive, and that you haven’t written passwords in unencrypted notes. Use a password manager for managing passwords on your smart device.
  • Cover your hand when entering your PIN, such as at ATMs.

Theft and Scams

  • Phishing email is probably the No. 1 security threat. Be cautious when opening any promotion or discount email, since many of them are phishing emails. Don’t click on web links on these types of email. If you are interested in one of the discounted products, go to the company’s online website yourself, and then do an internal search to find the product.
  • Never give out secret information, like passwords, credit card information or social security numbers, through email. Asking for this information is a sign of a phishing email. No reputable company will ask for these types of secret information.
  • Unattended package theft is rampant. If you can’t be home, ask a neighbor or trusted friend to watch and pick up a package for you. Or you could instruct the delivery person to leave it in a concealed area or ask the delivery service to hold the package for pickup.
  • Be sure to check your credit card or debit card transactions on your online accounts frequently. The holidays are the times when most stolen credit cards are used, so check and verify your online transactions frequently to find any unrecognized transactions.
  • Sign up for a credit-monitoring service that is often offered for free by some credit card companies.
  • Remember, even major retailers can be hacked, thus revealing your credit card number. Paying in cash can avoid this, but there is also a risk when carrying large amounts of cash. Consider the risks of each approach.

Overall, electronic transactions offer a convenience, but like any transaction, can come with risks as well. The above tips can help reduce those risks.

Additionally, the UCF Cybersecurity and Privacy Cluster is researching ways to make the cyber world safer and more secure for all.

This includes ensuring there are trusted and secure cloud environments, tackling insider security threats in organizations, detecting and defending against digital attacks from malware, ensuring the authenticity of information to prevent fake news, and researching the cultural and social aspects of privacy to make better privacy setting and to prevent online bullying.

The tips were contributed by UCF Cybersecurity and Privacy Cluster members Yan Solihin, a Charles N. Millican Chair Professor of UCF’s Department of Computer Science and director of UCF’s Cybersecurity and Privacy Cluster; Cliff Zou, an associate professor in UCF’s Department of Computer Science and program coordinator of UCF’s Master’s Degree in Digital Forensics; Paul Gazzillo, an assistant professor in UCF’s Department of Computer Science and head of UCF’s Applied Programming Languages, Software Engineering, and Education (APPLeSEEd) Lab; Pam Wisniewski, an assistant professor in UCF’s Department of Computer Science and head of UCF’s Socio-Technical Interaction Research (STIR) Lab; and Yao Li, an assistant professor in UCF’s School of Modeling, Simulation and Training.