Staying Secure Through the Holidays

Saturday, December 18, 2010

Guy Pace


This is the time of year where people tend to get very busy, distracted and stressed. It is also the time when people become victims to scammers and criminals who capitalize on the distractions and stresses of this time of year.

Here are a few quick tips to help reduce the potential for becoming yet another holiday victim.

Online Shopping

The key to online shopping is knowing your online retail site. Never connect to retail sites through links in email and avoid connecting to online retailers through search engines unless you can verify the URL.

Of course, before starting online shopping, make sure you have all your operating system and application updates installed, make sure your firewall is on and working, and your browser is up to date.

Most of the current browsers also have the capability of checking sites against “blacklists” of compromised or questionable sites. This is probably a good time to turn on that feature. it will slow down some browsing, but may prevent you from hitting a bad site.

Always check that you are connected to an HTTPS (SSL) web site (check the address field) before entering private information or credit card numbers.


Beware of “special offers” in email, or claims that your mailbox is frozen or other similar messages. If they do not come from someone you know or do business with, you probably should just delete them. Whatever you do, do not click on links in email and do not reply with personal information, IDs or passwords.

Much as we wish spam filters and other tools can filter out spam, phish and other malicious email, they are not 100% effective. The few that manage to slip are usually very good and manage to snare a lot of people.

Keep a healthy skepticism.

Using credit/debit cards

Credit and debit cards are so convenient and handy. You don’t need to carry cash or get cramps writing all those checks. And, almost all retailers you would deal with, brick and mortar and online, accept them.

The trouble is that the card data can be quickly captured by simple technologies. One is the card skimmer criminals place on gas pumps and ATMs. These devices are made to look like the card reader part of the pump or ATM and capture the mag stripe data for criminals. Not only do some capture the mag stripe data, they record you pressing the keys for your PIN.

The key here is to pay attention. Notice where you put the credit or debit card. Does anything look out of the ordinary? If not, don’t use it. Report it to the store, bank or law enforcement.

In restaurants, keep your eye on your card. If a wait person takes it to pay for your bill, make sure it is the same person who has been waiting on your table. Don’t allow someone else to grab the card and ticket.

Of course, keep tabs on your credit or debit card balance and report suspicious transactions immediately.

Christmas computers

If you buy a new computer or receive one as a gift, take some time to set it up carefully first before getting online. I like to set up a Family account with no password that has very limited access or resets the account on logoff. This is what I let the kids or visitors use when they need to look up something or check email.

Create standard user accounts for yourself and any other family members who will use this system on a regular basis. Keep the administrator account and credentials secure and only use them for the monthly updates or if you are making significant changes to the system.

Strip out all the sample or evaluation software.  If you won’t be buying the evaluation of the anti-malware suite that comes with the system, take it out, too. Then download and install Microsoft Security Essentials.

Then, connect to the Internet and run all the updates necessary, turn on the system firewall and set updates to automatic.

Merry Christmas and Happy Holidays.

Keep yourself, family and friends safe and secure. We’ll explore more in the next year.

Cross-posted from Rapier57

Possibly Related Articles:
Security Awareness
Email SSL scams malware crime Credit Cards
Post Rating I Like this!
Jo-Mar Inciong I like topics here. I wanted to send it to all employees in our organization as part of my work and for them to be aware of treats like this. Sadly, my boss did not approve it. :(
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.