Posted: 10 Min ReadResearch Group

Keep the season merry: 7 online security risks to watch out for this holiday season

You might spend more online and on social sites. That could expose you to hackers and scammers

COVID-19 cases soared across the country just in time for the holidays. And while there’s plenty of optimism that a vaccine might be approved by the FDA by the end of 2020, and shots might be administered to healthcare providers and the elderly before the calendar flips, there’s no denying that COVID-19 will change this holiday season.

While families wrestle with the tough decisions on how to celebrate this year, they’re also checking off their holiday shopping lists. This year, it’s not surprising that families are spending big on electronics and new devices to help pass those stay-at-home hours during what could be a long, challenging winter.

But while filling your home with new devices this year could bring plenty of holiday joy, it also leaves you more exposed to phishing attempts, malware, and social media scams. And all that extra free time you have during the holidays, especially this year when you might not be commuting to work? Spending that time online and on social media sites could expose you to hackers and scammers, too.

That’s why it’s so important to be aware of online security risks this season. Here are five threats to your online privacy to watch out for this holiday season.

1. Gaming scams might rise this holiday season
Two of the hottest gifts this holiday season will undoubtedly be the Sony PlayStation 5 and the Xbox Series X
. These are the latest home gaming consoles from Sony and Microsoft, and if you have gamers in your household, they've probably put one of these consoles on their wish list.

There are online security risks that come with any new gaming consoles and gaming accounts and with all the extra time gamers will be spending on them this holiday season. As with all new gaming consoles, you can connect to the Internet with these devices and create gaming accounts. That leaves gamers open to phishing attempts.

Phishing attempts are scams in which con artists reach out to victims, usually by email but also by phone and text, with the goal of tricking them into giving up their personal or financial information. Once criminals have this information, they'll use it to break into victims' online bank accounts, run up charges through their online credit card portals, or even sign up for loans in their names.

In a phishing attempt, a con artist will usually send an email that looks like it's coming from a legitimate company, perhaps even Microsoft or Sony. This email might say that recipients need to verify their gaming account information. Others might say their gaming accounts have already been suspended. To keep their accounts active, gamers are encouraged to click on a link that takes them to a spoof website.

That spoof site will ask victims to provide personal and financial information such as their full names, address, Social Security number, credit card number and even the passwords and usernames they use to log onto their credit card and banking portals.

Other times, phishers will attempt to sell gamers free in-game currency, weapons upgrades or uniform enhancements. This is often a scam, too. Gamers will send these con artists money through PayPal or other online payment systems. Once they do, the scammers disappear, without providing the game currency or enhancements they promised.

Scammers might also ask gamers for the log-in information for their gaming accounts before they'll send them these free game enhancements. If gamers provide this information, the scammers log into their accounts and access any credit card or financial information tied to them. These criminals can then run up fraudulent charges with these victims' credit cards.

The key to avoiding these gaming scams? Caution. If someone promises you something for free, you can bet that person is a scammer. As the saying goes, if something sounds too good to be true, it probably is.

It's important, too, to recognize the signs of a phishing attack. The most obvious? When an email asks for your financial or personal information, you're probably being phished. Companies will not ask for credit card numbers, Social Security numbers, or other personal information through emails, texts or phone calls. Your best move is to erase these emails or texts, or hang up the phone, when someone supposedly calling from a gaming platform asks for this information.

2. As online shopping soars, so do the online cons
Online shopping has steadily grown in popularity. The COVID-19 pandemic has provided another boost to ecommerce, as consumers hesitant to go into stores have relied heavily on online shopping to buy everything from toilet paper to exercise equipment.

And this holiday shopping season? Retail experts are predicting even more online sales. Adobe Analytics reported that online sales this November and December are expected to rise 33 percent when compared to the same two months last year, hitting a record $189 billion

All those online shoppers are tempting for scammers. Gamers are frequent phishing targets. So are consumers checking off their holiday shopping lists.

You might receive an email from what looks like one of your favorite retailers promising a deep discount on the most popular holiday gifts. These emails might also promise you free merchandise. The catch? You'll first have to complete a survey or log onto an outside website to claim your discounts or free items.

You can guess the rest: The survey might ask for your personal information, maybe even your Social Security number. That registration website might ask for the same sensitive financial or personal data. Once you provide it, the scammers can use this information to access your bank accounts, run up charges on your credit card, or apply for loans or additional credit cards in your name.

The advice is simple: Never provide any retailer certain personal or financial information. Retailers never need to know your Social Security number, bank account information, or even your personal address. Be wary of providing any of this information to a retailer that contacts you through email, text or a phone call.

Monitor your credit card and bank account statements, too. If you notice suspicious charges on your credit card statement, contact your provider immediately. If you spot suspicious withdrawals from your online bank account, call your bank, too. The faster you act, the less damage cyberthieves can cause.

3. Public Wi-Fi isn’t always a gift
You probably won’t head out to the stores as much this year. But if you do, you might be tempted to log onto the public Wi-Fi offered by stores and malls while taking a break from hunting for bargains. Be careful, though: Public Wi-Fi is notoriously insecure. Sophisticated hackers will have little trouble spying on your web surfing activities if you’re using public Wi-Fi.

This isn’t so bad if you’re browsing Twitter, reading your favorite online news source, or checking the weather. But if you’re logging onto your bank account or opening your online credit card portal? That could be dangerous: That hacker might nab your log-in information.

To be safe, then, avoid using public Wi-Fi — whether at a store or while taking a break in a coffee shop — to access important financial sites. Wait until you get home, to your more secure online connection, before checking your balances or paying your credit card bill.

4. Protect your privacy on Facebook, Twitter, Instagram, and the rest
It’s natural to spend more time on social media during the holidays. After all, you get all those days off work, why not post photos of that perfectly cooked turkey, send a few Facebook posts from that secluded cabin you rented, or tweet out holiday wishes to the friends and family members you might not be seeing this year?

And if you’re working from home and not spending time commuting to work? You might be spending even more time on Facebook, Twitter, Instagram, and other social media sites.

That puts you at risk of surrendering your online privacy to the most cunning of snoops and scammers. Why? Too many people post too much personal information on these sites and share it with too many people.

You might tell the world through Facebook that you are spending the holidays at a secluded cottage far away from the crowds. A thief might see that and view your home as a good one to rob while you’re away. Don’t give away too much information in your tweets and Instagram posts, either. Your address, birthday, or the city in which you live may give the most resourceful of scammers enough information to steal your identity.

The holiday season, then, is a good time to boost your privacy options on the social media sites you use. For example, on Twitter you can switch from a public account to a protected Twitter account. Protected tweets are visible only to followers whom you have first approved. With this setting, you can send tweets to friends and family members without also broadcasting them to complete strangers.

You can also change your Facebook settings so that your posts are only visible to approved followers. First, click on the "Privacy Settings and Tools" section of Facebook. Then tweak who can see your posts under the "Who can see my stuff?" option.

You can also control who can send you messages and friend requests by restricting your friend requests to the "Friends of Friends” setting. You can find this tool in the "Who can contact me?" header in Facebook's privacy settings.

You can boost your privacy on Instagram, too. Again, this means changing your public Instagram account into a private one. Once you make this change, only you can decide who sees your Instagram photos and who doesn't

To change your account, first click on the person icon on your Instagram home page. Next, click on the gear icon that appears next to your name. This brings up Instagram's settings tool. Click on "Privacy and Security" before selecting "Account Privacy." You can then click the checkbox for "Private Account." Once you do this, your Instagram photos can now only be seen by followers you approve. Others who want to see your photos will have to send a "follow" request, which you'll have to approve.

5. Stay safe on all those video calls
The holidays might look different for many of us this year. Instead of gathering with extended family in person, many will rely on video calls to connect with family members while staying safe from COVID-19.

If you plan on spending more time on video calls this season, there are certain steps you need to take to protect your privacy. Skilled hackers can access some video calls, listening in on your conversations and then using any information you might disclose during these calls against you later. Others might take control of your webcam, spying on you

To help prevent this, it’s important to create a password for your meetings that all participants must enter. When creating a video call meeting, for instance, you have the option of either creating a password or letting guests log onto your meeting without having to enter one. Always go with the password-protected option. This will help keep unwanted guests from accessing your call.

Don’t let guests join a call before you, the host, has logged on. Preventing guests from accessing the call before you arrive also provides protection from hackers and other unwanted visitors. For example, on Zoom, you can set this option under your Zoom “Account Settings.”

Make sure, too, to turn off participant screen sharing. As the name suggests, this option allows guests to your call to share whatever is on their computer screen. You don’t want this. If scammers hack into your calls, you don’t want them to share any objectionable or pornographic material as a joke.

6. Working holidays could pose risks
This year, “home for the holidays” might also mean working from home for the holidays. Sometimes it seems like remote work never takes a vacation.

With that in mind, it’s a good idea to remember that all those devices you use for work could be vulnerable to cyber threats in your home setting.

That calls for protecting your devices and data, just like you would in the workplace. If you’re working with company-supplied laptops and smartphones, be sure you use employer-approved and -supplied security software, collaboration tools, and VPN. Avoid the temptation to download other programs and tools. They may not be as secure.

Watch out for phishing emails, too. Cybercriminals send fake emails with dangerous links to employees. For instance, an email message may appear to be a holiday greeting coming from a company executive. The email might advise you to click to learn the amount of your cash bonus. If it’s a phishing email and you click on the attachment or embedded link, you’re likely to download malware onto your device. Instead of clicking, report the phishing attempt to your employer.

7. Don’t forget to mind an offline security threat
Here’s something to think about after you are done shopping online: making sure your purchases are delivered and in your hands before someone swipes them from your front porch.

There’s a name for people who do that — porch pirates — and those packages left at your front door could be a target.

You can take steps to help fight this offline security threat. For instance, a security camera, video doorbell, or lockbox might help deter would-be thieves.

You might also have your packages delivered to a safer location. That could be your workplace or the home of a nearby relative who’ll be there to scoop up the package.

It’s also a good idea to sign up for delivery alerts where you can track your package and find out when it’s likely to be delivered. That way, you stand a better chance of getting your online bounty before a porch pirate does.

The bottom line
This holiday season stands to be a challenging one. But you can help protect your online privacy during the season. Remember, just because you might be taking a break from work doesn’t mean that scammers and hackers aren’t busy. Take the simple steps to protect your privacy this year. It’s a great way to get 2021 off to a good start.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners

About the Author

Norton Labs

Office of the CTO

Norton Lab’s research on Cyber Safety influences future technology and impacts the consumer cybersecurity industry worldwide. The Labs team includes top threat and security researchers who work to protect consumers from known and new threats.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.