Checklist 254: Every Day is Black Friday

The holiday shopping season is starting a little early this year, so on this week’s show, we’ll cover:

• Safe holiday shopping for 2021
• What to do after you buy

A safe shopping checklist

Supply chain disruptions are starting to make people nervous … and we’re not talking about semiconductor shortages. This year, holiday shoppers are getting an early start on gift buying, due in part to a fear that ordering later will be, well, too late. 

Because of this, we wanted to take some time to talk about safe holiday shopping (yes, even though pumpkins are still on porches!). So without further ado, here are some safe online holiday shopping tips for 2021!

1. Check for keyloggers

   If you’re a Mac user, make sure you run a good macOS malware detection and removal tool before you get started shopping. MacScan 3 is, of course, our personal favorite — but there are definitely other good options as well. Just make sure you’re scanning for keystroke loggers: a nasty type of malware that secretly logs every key you press on your computer. Keyloggers can be especially dangerous around this time of year, when people are online more and find themselves entering account details and payment info more frequently.

2. Shop from home

   The folks at GCFGlobal suggest shopping from home this holiday season, since public Wi-Fi connections are only as secure as the people who set them up. Generally speaking, you’re better off entering credit card numbers and so on from the safety of your home network, rather than using the connection at the local coffee shop or hotel business center.

3. Look for HTTPS

   In Chrome, Safari, and Firefox, look for the little lock icon in the URL bar to be sure the website you’re visiting is using HTTPS (and not the less-secure HTTP protocol). Also, note that HTTPS only refers to the security of the data transfer protocol — it has nothing to do with the trustworthiness of the people running the site. Alas, bad guys can and do set up scam sites that use HTTPS, so don’t check your common sense at the door when you see that lock!

4. Use secure payment methods

   Generally speaking, it’s best to shop using secure payment methods such as PayPal or credit cards, as these offer better buyer protection in the event of disputes or fraud. We usually recommend using a single credit card for all of your shopping, for the simple reason that it reduces the avenues of attack available to the bad guys. It’s also easier to spot suspicious activity or signs of identity theft later on if you only have one account to review.

5. Keep a record

   We’re not saying you have to fire up QuickBooks here, but you should keep some basic records to document your holiday buying transactions. At a minimum, this should include a receipt, order number, product description, price, and any correspondence between you and the company you’re buying from.

6. Don’t reuse passwords

   Sometimes, you have to make an account with a retailer in order to buy from them. If you’re doing a lot of holiday shopping, you end up making several new accounts. The temptation is to use a single password for all of them, but don’t do it! Retailers suffer data breaches all the time. If your password is lost by one of them, the threat is far worse if you’ve also used that same password for other accounts. Your best bet is to simply use a password manager (or even just iCloud Keychain if you’re exclusively on Apple platforms) to do the work of creating and remembering strong, unique passwords for each and every account.

7. Do your homework

   Before you buy from anyone online, do some research. If it’s a small or a local vendor, that’s perfectly fine — but make sure they’re legit by checking out product reviews on Google or Yelp, or seller feedback if you’re using a platform like eBay.

8. Don’t fall for scam emails

   During this time of year, you may get emails from scammers who are pretending to be a trusted seller (usually a large, well-known company) and offering special deals and coupons. If you know how to spot a phishing email, that’s good — but by far the safest option is simply to skip the email and go directly to the source. In other words, if you get an email with an amazing offer from Best Buy or Guitar Center, don’t click on the link in the email, just navigate to the company’s website and look for the deal there. If it’s legit, you’ll find it. And if it’s not, you’ve just avoided a scam!

The wait … and looking ahead to 2022

If you follow the tips above, you’ll have a good chance of staying safe when you’re shopping online this holiday season. But what happens after you buy, when you’re waiting for your purchases to arrive? Here are three tips to get you safely to the new year and beyond.

1. Watch for tracking scams

   The pre-holiday season means lots of people waiting on lots of deliveries. This gives scammers a golden opportunity to send out phishing emails disguised as tracking notifications. Sometimes these look legitimate, and appear to come from large delivery services like FedEx or UPS, or from Amazon and other large retailers. But alas, they’re not, and you definitely don’t want to click that “tracking link” or enter your account information for the bad guys.

   The good news here is that there’s a very simple way to deal with this threat. As with special deals and offers that come in via email, don’t click on anything, just go directly to the source. For example, if FedEx (or maybe just someone pretending to be FedEx?) sends you an email with a tracking link, especially if they’re warning you about some delivery issue, don’t click on the link. Instead, navigate to the FedEx site in your browser and enter the tracking number that you received when you first ordered. If there’s really an issue, you’ll be able to see it here and take steps to fix it.

2. Plan for safe delivery

   People are still stealing deliveries off of porches, and alas all of those Ring security cameras won’t deter every would-be thief. To prevent loss, your best bet is to have your packages delivered to a safe location (e.g. an office or an address where you know someone is almost always at home).

   With many online vendors, you also have the option of scheduling deliveries for a time when you’ll be home, or of requiring a signature for delivery. Failing that, you can always opt for in-store pickup if that’s an option where you live.

3. Make a New Year’s resolution

   After the holidays, it’s always a good idea to check your accounts for signs of suspicious activity and to perform a full credit check to make sure that nobody has been opening up new accounts in your name with stolen data.

   The problem is … this is probably going to be the very last thing on your mind during the holidays, and it’s easy to forget after all the fun is over. So right now, before you get into all the busyness of the season, set a calendar reminder to do this so that it doesn’t slip your mind. For a full discussion of the issues around identity theft — and for what to do if you think you’ve been a victim — see Checklist 47: 5 Things To Know About Identity Theft.

That brings us to the end of this week’s Checklist. We love hearing from our listeners, so if you have a comment, a security question, or an idea for a future show, please write to us and let us know!