Cyber Monday happens immediately after the Thanksgiving weekend, and it’s a day of potential online bargains when many people will be flocking to their browsers to look for great deals, just as they flocked to the shopping mall for in-store Black Friday discounts.
Cyber Monday not only causes a huge surge in online shopping, but also brings along a giant raft of spams and scams that aim to catch you while your guard is down.
With that in mind, our timetable of advice this week is as follows:
- Tuesday November 22: Black Friday: What to watch out for when you hit the stores.
- Wednesday November 23: Cyber Monday: What to watch out for when you hit the web.
- Thursday November 24 2016 (Thanksgiving Day): Facebook Live Video: Don’t be a security turkey this Thanksgiving.
The Facebook Live video is scheduled for 16:00 UK time (4pm), which is 11am on the US east coast and 8am on the west coast.
If you can tune in to our Naked Security Facebook page at that time and join in, we’d love to have you; if you can’t make it, the video will be available to watch any time afterwards.
So, back to today.
Here are four tips for Cyber Monday – tips that you can actually use all year round because they won’t expire once the holiday shopping season is over.
1. Don’t lower your standards for spam
If your inbox is anything like ours, you’ll have seen a surge in “special offer” spam lately, including emails from marketing companies you’ve never heard of, often promoting great deals on products you do know well.
Unfortunately, your inbox is probably also fuller than usual with similar-looking emails from legitimate sources, and the crooks are banking on the fact that you’ve already decided to take advantage of some of the great deals available on Cyber Monday.
In other words, to find the best price among all the many discounted offers, you may very well take a risk and click on links in emails that you’d normally delete as spam.
So, stop and think before you click.
Ask yourself, “If it weren’t Cyber Monday; if I were at work and playing by IT’s rules; if I were broke and looking to spend nothing; if I’d already finished all my purchases, would I have any reason to treat this email as anything but spam?”
Don’t let your guard down just because the volume of enticing email has gone up.
Stick to your usual thresholds for spam tolerance, and don’t give the crooks extra room just because it feels like a special time of year.
2. Don’t disclose more data than you need
Even when you browse to legitimate sites offering special deals, you’ll often bump into what the marketing community calls a “gate”.
A gate is one of those web forms where there is a quid pro quo that requires you to hand over various items of personal information before you can go any further.
To open the gate, you may be asked for an uncomfortable amount of detail such as name, address, email, phone number, date of birth, gender, hobbies, income and more.
Different sites ask for different amounts of personal information, though if you look carefully, you may find that some of it is optional so that you can proceed without giving it away.
You can’t easily tell whether giving a site the minimum amount of personal information and witholding the optional stuff might affect any offers you later receive. For all you know, the company might give better deals for bigger disclosures. However, the amount of data that a company insists you fill in, rather than merely inviting you to provide, gives you an idea of just how acquisitive that company is. We recommend that you leave out all optional data fields unless you have a good reason of your own for disclosing the information.
We suggest that you decide in advance what your data disclosure limits are going to be – rather like setting yourself a maximum bid before an auction so you don’t get carried away in the heat of the moment.
If you’re comfortable with everyone knowing your date of birth, for example, put it on your list of data points you’re willing to give away.
But if you want to keep your location private, say, make a firm decision ahead of time never to hand over your address (or your postcode if you live in a country where each postcode covers just a few houses at most), and make that a disclosure limit you stick to.
Remember that even if a company acquires, uses and shares the data it collected entirely honourably, there is always an implicit risk that it might be exposed in a breach.
Our catchphrase: “If in doubt, don’t give it out.”
3. Don’t get bait-and-switched
As the name suggests, a bait-and-switch is where a website draws you in with a promise of one thing, such as a free iPhone or tickets to a movie premiere, and then leads you round the houses, sometimes quite subtly, to sell you something quite different from what was originally promoted.
Additionally, the “prize” you were promised at the start typically morphs in something different, often much less valuable and desirable than the original drawcard.
Remember that “special offer” scams don’t just arrive by email, but may show up on Twitter, Facebook and other social networking sites.
They may even show up with the endorsement of a friend you trust, for example if your friend’s password was hacked, or their computer was infected with malware.
(No video? Watch on YouTube. No audio? Click on the [Closed captions] icon for subtitles.)
A common bait-and-switch trick, shown in the video above, is to use your location as an excuse for the switch, on the grounds that the offer you started with isn’t available in your area.
Bail out as soon as you feel uncomfortable with the direction any special offer or discount is taking, especially if there’s a gate that requires you to put in personal data early on, before it’s clear what you are going to be offered.
Remember that for disreputable companies, online talk truly is cheap, in both costs and consequences: there are no brochures to print, no stamps to buy, no envelopes to stuff, and often very little for the regulators or the courts to go after if the company ends up breaching its obligations or promises.
Whether it’s CyberMonday or not, don’t be sucked in by too-good-to-miss offers.
Our catchphrase, when it comes to online promises: “If it sounds too good to be true, it IS too good to be true.”
4. Don’t be cyberaware only because it’s Cyber Monday
Cybersecurity is for life, not just for special occasions, as we said when made this very same point yesterday in our advice for Black Friday shopping.
Cyber Monday would be a particularly bad day to be incautious about security, but the tips we’ve given here won’t lose their value when the spending season is over.
If you decide to use Cyber Monday as a reason to take cybersecurity more seriously…
…we urge you to make that a lasting digital lifestyle choice!