With the upcoming Christmas season, it is important for consumers to begin thinking about their cyber risk potential and more specifically, the risk to their wallets.

In 2014, the massive security breaches at companies like Target, Neiman Marcus, Michael's, PF Chang's China Bistro, Home Depot, and Kmart took the country by storm and rocked the bank accounts of millions of consumers.  The Target breach alone involved 40 million debit and credit card numbers being stolen during the holiday shopping time last year.

I am encouraging all consumers to Think Before You Click or Swipe this holiday season.

So, what can consumers do this year to protect themselves?  Here are 11 tips straight from your favorite hacker's desk:

1. Beware of Emails that Claim to be From Your Bank - ALWAYS be suspicious of any correspondence claiming to be from your bank or retailers that you may have shopped with.  There is a high chance that this is a phishing attack used by a malicious hacker to convince you to share sensitive, personal information like passwords, social security numbers, or other personal data.  A research study conducted at Carnegie Mellon University in 2010, found that women are more susceptible than men to phishing[1].  Even more specifically, the study found that women between the ages of 18 and 25 were the most vulnerable.  You could be a target!
2. Beware of Links from Friends and Family - Be suspicious of links from friends and family claiming to contain special discounts or sales promotions during the holiday season as these can be links to malicious software (malware) created by malicious hackers.  It is possible that your friend or family member was a victim of this attack and is unwittingly proliferating the bad link.  It may be a good idea to call them to inquire about the link before clicking it.
3. Sign Up for a Personal Finance Security Service - Recent research indicates that 85% of identity theft involves fraud on existing credit cards, debit cards, and bank accounts.  To combat this risk, it is important to consider signing up for a service that monitors both your credit profile and your credit card activity.  An example of a service like this is BillGuard.  I like services like these because they will alert you to credit card and bank account fraud, monitor your credit via all of the major credit bureaus, and let your know about data breaches at major retailers where you have shopped.  Another cool thing is that some of them will even search the dark web and hacker forums to see if your personal information is being bought or sold.  According to BillGuard, they have caught over $75 billion in fraudulent charges.  The credit bureaus also offers these kinds of services.  In some cases you can get these services for free, especially if you are the customer of a company that was recently breached, like the one that happened to Experian/T-Mobile.
4. Stop Using Bad Passwords - Be sure to change your passwords for all of the accounts that matter.  Ensure that your passwords include letters, numbers, and symbols to minimize your risk exposure.  Also, a good password should not be a name, birth date, or some other personal information that a hacker could have found from another data source.  In a recent study, my colleague Michelle Mazurek and other researchers, found that there are patterns and words that can make it easier for hackers to figure out your password[2].  Here are 5 tips for creating good passwords from The University of Maryland Computer Science[3]: (1) choose a password that is at least six characters long, (2) include a good mix of lower and upper case characters, numbers, and punctuation marks, (3) DO NOT write your password down, (4) take a phrase and try to squeeze it into eight characters as if you were trying to put it on a vanity license plate, (5) try to make it something that would only make sense to you.  But hey, for $2, you can let 11-year-old Mira Modi (http://www.dicewarepasswords.com) create a ridiculously hard-to-hack password for you. 
5. Shred Important Documents – Most hackers, and yes even me, have spent time trashing, where we go through your trash tocollect information from documents that targets should have shredded, such as financial statements, contracts, and other interesting documents that could include pertinent information.  Although we spend tons of time talking about secure electronic resources, sometimes hackers resort to stealing physical documents.  Keep all of your data secure, even the ones on paper.
6. Stop Leaving Digital Breadcrumbs – Online shopping retail sales are predicted to grow steadily to $370 billion in 2017[4].  With this substantial growth, retailers are avid at tracking consumers like you.  This is especially true when you shop via their web sites.  My colleague at the University of Maryland iSchool, computer scientist Jennifer Golbeck, recommends using sites like Do Not Track to help you opt out of this kind of tracking[5].  As a relatively paranoid hacker, I never want companies tracking my online behavior.  Services like Disconnect can block malicious ads and software for free.  Check it out at https://disconnect.me.
7. Always Select Credit - When using your debit card to make a purchase, select credit, NOT debit. Using your debit card and entering your pin on the key pad at retailers is not a good idea. Using your signature is always better than using your pin.
8. Pick a Card – If possible, try using one or two credit cards for all of your holiday shopping purchases.  This will substantially decrease your wallet’s risk exposure.  If one of the retailers where you’ve shopped has been breached, you only have to be concerned about cancelling one or two of your cards.  This will also keep your life from being totally disrupted by the breach.
9. Beware of Emails from Anyone Requesting Financial Assistance - Okay, all of us have seen the emails from the Nigerian prince, Chinese bank executive, or Russian oil mogul that have billions in the bank but need our assistance to help them get it out.  They always say that they are willing to give you a percentage of the billions if you do them a small favor.  This is a scam!  Another example is receiving an email from a friend that’s supposedly trapped in a foreign country and needs your assistance.  If it were real, your friend wouldn’t send an email for something so important.  This is a scam!  If you see an email like this, report it and delete it.
10. Use a Designated Mailbox – When signing up for retailer loyalty programs, use a designated mailbox instead of your home address.  Companies like the UPS store can provide you with a real street address which you can use to sign up for those loyalty programs that you love so much.  This way, you can still receive all of those amazing promotions without worrying about becoming the victim of America’s Next Big Data Breach!  The cool thing about these service is that they can also accept packages for you.  The next time your favorite retailer is breached, you don’t have to worry because the malicious hackers didn’t get your home address.
11. Use a Prepaid Credit Card – Really paranoid hackers, like some of my closest friends, prefer to use prepaid credit cards because they offer the benefits of a regular credit card and they are accepted at most retailers without letting the banks or financial institutions to track your purchasing habits.  But be careful which one you pick because some have fees.  I’m pretty cheap, so I like the ones with no fees.

Follow these tips and you will substantially decrease your wallet’s risk exposure during the holiday season!

Signed,

Your Favorite Ethical Hacker

;)

*The author receives no compensation of any kind from any of the services recommended.  I just think that they provide necessary services!

[1] http://lorrie.cranor.org/pubs/pap1162-sheng.pdf

[2] http://www.umiacs.umd.edu/~mmazurek/papers/chi2014-longpasswords.pdf

[3] https://www.cs.umd.edu/faq/Passwords.shtml

[4] http://www.cmo.com/articles/2014/5/6/Mind_Blowing_Stats_Online_Shopping.html

[5] http://www.slate.com/articles/technology/future_tense/2014/10/youarewhatyoulike_find_out_what_algorithms_can_tell_about_you_based_on_your.html