PHOENIX – A significant expected increase in online holiday sales is good news for retailers, but it may present increased opportunities for cybercriminals.

Online sales are expected to reach $236 billion this holiday season, an increase of more than 15.5 percent over the same period last year. Sparklight encourages all consumers to be vigilant about their online safety when cybershopping this year.

“Given the pervasiveness of cybercrime, it’s always very important to be cautious when sharing any personal data online,” said Ken Johnson, senior vice president of Technology Services. “However, with the expected significant increase in holiday purchases made via websites, apps and social media platforms this year, it’s more important than ever that shoppers use caution online during this holiday season.”

Think before you click

Scammers and hackers have multiple methods for obtaining shoppers’ financial and confidential information. Three of the most common methods used by cybercriminals to target online holiday shoppers include “phishing” emails, “smishing” text messages or “vishing” voice calls, all designed to appear to be from a trusted source and to collect confidential account information.

Online shoppers should always look out for one — or more — of the most common warning signs of phishing or smishing attempts.

Indicators of attempted criminal activity often include a suspicious address from the sender, or misspellings and grammatical errors in the email or text message. Requests for personal information or to click on a link are also signs that the message may not be legitimate.

“Cybercriminals have multiple methods of trying to reach consumers shopping online, and they have become far more sophisticated in recent years in their efforts to obtain personal information via unsolicited email, text messages or voice calls,” Johnson said. “Consumers may want to increase their online safety by taking a few simple and effective steps, such as strengthening account passwords and updating computer software.”

Four simple steps to increased online safety

The federal government’s Cybersecurity and Infrastructure Security Agency (CISA) also urges online holiday shoppers to consider implementing four simple, effective methods to improve cybershopping safety.

These include:

  1. Multi-factor authentication (MFA) for online accounts. MFA is a system requiring more than one distinct authentication factor to gain access to the account, which can be achieved via several methods, including an SMS text message with a security code, a security badge or use of one of the many popular MFA apps, such as Microsoft Authenticator or Google Authenticator.
  2. Updated computer software. Ensuring a computer’s software is fully updated will make it more difficult for even sophisticated hackers to gain access to personal data.
  3. Remain on guard for unexpected or unusual emails. Most successful cyber attacks begin with a phishing email.
  4. Use a very strong password or consider utilizing a password manager to generate and store unique, individual passwords for each online account.

“Passwords act as gatekeepers, your first line of defense against online scammers,” Johnson said. “While it may be tempting to use the same password for multiple websites, doing so may allow a hacker who deciphers your password to gain access to many personal online accounts using that single password. The key ingredients of a strong password are length, randomness and uniqueness.”

A very strong password has between 16-24 random characters, and includes uppercase and lowercase letters, numbers and symbols, or four unrelated words strung together.

‘S’ is for secure

An important indicator of a website’s authenticity is its URL. Before completing an online purchase, confirm the website is security enabled by looking for the letters “https://” at the beginning of the URL.

The letter “s” stands for secure, and means the website is using encryption to help keep information protected. There will also be a padlock icon to the left of the URL in the address bar.

Never share personal information, such as credit card numbers, when using an unsecure server (http) or a public wireless network.

Shopping via mobile app

When shopping online, and particularly during the busy holiday season, only purchase items from trusted and reputable websites.

Cybercriminals have become more sophisticated and are very good at creating phony retail apps with logos that resemble legitimate businesses. Scammers often use these apps to steal identities or infect devices with malware.

Verify an app’s authenticity by downloading it from the company’s official website. If downloading from an app store, avoid being the first to download a new shopping app, keep an eye out for misspellings in the app description and read ratings and reviews prior to downloading the app.

Online vigilance is vital

While it’s always important to remain vigilant about online security, the need for caution when cybershopping is heightened during the holidays. Remember to keep receipts as well as shipping and tracking information, and regularly monitor credit card activity to ensure there are no fraudulent charges.

Online shoppers should also avoid using debit cards, because access to the card could provide a hacker with the immediate ability to empty a shopper’s bank accounts. By contrast, many credit cards have theft protection in case of unauthorized use.