At least 63% of shopping will be done online this holiday season, and while this brings great convenience, it also increases our risk of falling for online scams.

To help buyers avoid these traps, Microsoft has published a list of simple steps to protect ourselves over the next few weeks.

Microsoft’s survey found buyers tend to be more concerned about price than the safety and security of their personal information.

The holiday shopping season presents security challenges with 63 percent taking place online this year. You can learn how to protect yourself online this year on Microsoft Security's blog.

Given this, it would be wise to put some protections in place ahead of time before your eyes fall on that irresistible offer.

Fix weak passwords

The first layer of protection is a strong password, and Microsoft therefore suggests:

  • Turn on multifactor authentication: If an account or service offers multifactor authentication (MFA), turn it on. If someone else tries to log into your account, you will be able to thwart the attempt when you are notified with a text, email, or other chosen method. MFA can block over 99 percent of password attacks.
  • Use free, trusted tools: Microsoft Edge offers several free features to keep you safe while shopping online. Should any of your saved logins become compromised, Password Monitor will notify you, allowing you to quickly change your password with the new one-click Easy Update feature in Edge. Password Generator automatically generates a strong, unique password suggestion each time you need one, as you create accounts to get all those great holiday deals.
  • Delete your password altogether: Where possible, remove your password completely and choose an alternate, more secure form of authentication. We make it easy to remove your password from your Microsoft account—not only is it more secure, you never need to worry about forgetting or changing a password. Learn how to go passwordless here: The passwordless future is here for your Microsoft account.

Don’t fall for too-good-to-be-true offers

With so many people worried about availability, we all need to be extra vigilant about scams that may prey on our desires to get the gifts our loved ones want. It can be easy to get tunnel vision and when we see an ad for what we want with a “guaranteed delivery” offer. It might be tempting to go for it even if it’s a site we aren’t sure we can trust. But keep in mind, most offers that seem too good to be true are just that.

People are still falling victim to online scams like buying a fake digital gift card or making a purchase from what turned out to be a fake companyIn fact, one in four have admitted to buying an item and receiving something that didn’t match the online description at all. Imagine thinking you’re getting the most popular toys of the holiday season only to get something that is more scary than merry.

And if you think that email offering extreme discounts or availability for an item that is sold out everywhere else seems a bit fishy, you may be right. Before you click, hover over any suspicious links to see if the web address matches what’s mentioned in the message. Look for any weird spellings, extra letters, or other telltale signs. When in doubt, go to the retailer website directly and see if the offer checks out.

7 top tips to avoid email scams

Hackers often send emails impersonating well-known retailers and online services, intending to trick you into revealing your password or credit card details.

Here is how to avoid becoming a phishing victim:

  • Inspect the sender’s email address closely. Look for small changes signalling a fake identity.
  • Be wary of emails that utilize a generic greeting, asking you to act urgently
  • Look for verifiable sender contact information. If in doubt, do not reply. Start a new email to respond.
  • Use the phone to convey private information. Never send sensitive information via email.
  • Avoid clicking on unexpected links. Go to the official website and log in instead.
  • Avoid opening email attachments from unknown senders or even friends who do not normally send you attachments.
  • Install a phishing filter for your email client. Use the spam filter on your email account.

Learn more tips to spot phishing here:

More resources to keep you safe

To help you learn more about cybersecurity safety, visit Microsoft’s cybersecurity education resource centre.

Comments