Digital safety this holiday season

Many shoppers are planning to rely on e-commerce for a significant amount of their holiday shopping.
Digital gift card sales are also likely to increase.
However, given the spike in digital activity predicted over the holidays, cybercriminals, too, will make their lists and checking them twice.
It’s a risky time of the year as shoppers of all ages (including some with less experience recognising digital threats) flock to search engines and online channels to place orders before holiday delivery date cutoffs.
And opportunistic hackers know just how to create enticing, seasonally appropriate lures and even some of the simplest scams can fool adept online shoppers.
Online holiday gift scams
If you ever received a strange email urging you to help a friend or family member with an emergency and that email led you down the path of providing a gift card as payment, that email was almost certainly a scam.
Gift cards are a common vector for cybercriminals and scammers, since stealing the money loaded onto them is like stealing cash: once it’s taken, there’s virtually no way for a victim to get it back, unlike credit card transactions, which allow chargebacks.
Around the holiday season, when gift card purchases spike, thieves are on the lookout for easy ways to take advantage.
Some will manipulate gift cards sold in stores, scratching off the layer of protective coating to write down PINs, and then “replacing” the coating with a sticker so it looks brand new.
Scammers will plug those PINs into software that sends an alert once someone has purchased and activated their gift card and then drain all its funds.
Another common gift card-related ploy is the account takeover attack (ATO). These attacks spike around the holidays.
A cybercriminal first uses credential stuffing or password spraying tactics to get account credentials for a particular e-commerce platform.
They then use this information to make purchases on using that account information, often buying high-value electronic gift cards in bulk before promptly spending those gift cards to avoid being tracked down.
The best way to avoid becoming the target of gift card scams is to remain vigilant and follow the best practices listed below:
• Set a strong password for every online account, making sure not to repeat the same password across any two platforms. Use a password management app to keep track of different accounts.
• Don’t forget to use random, non-duplicate User IDs as well if the site allows. Unique usernames with unique passwords are better than just unique passwords.
• Regularly update your login credentials and monitor your payment accounts for signs of unusual activity.
• If you purchase gift cards in stores, visually inspect them for signs of tampering before loading funds and stick with retailers who keep their gift cards secured behind a checkout counter.
• Never agree to pay for online purchases in gift cards when prompted via email—in these instances, the item you’re trying to “purchase” probably doesn’t exist. Stick with retailers you know and trust, and make sure the site’s checkout system is secure.
• Credit cards are the best way to pay since most offer some level of fraud protection. Remember, peer-to-peer transaction apps such as Paypal, Venmo, CashApp should only be used when transactions occur between people you know and trust.