Holiday Privacy and Security
The holiday shopping season, kicked off by Black Friday, brings unique distractions that make us easier targets for criminals and bad actors. We're often preoccupied by personal and professional pressures, whether crossing parking lots, attending gatherings, or checking endless emails. Staying safe requires diligence.
Here are practical ideas for keeping yourself and your data secure this holiday season.
Physical and Behavioral Safety
These suggestions address heightened risks during the holidays. They may seem like common sense, but vigilance is key. The best part: these tips work all year long!
Phone Down, Head Up: Be Present
Using your phone in public has become second nature, but it creates a major blind spot. This is our top safety recommendation.
- Be Aware: Always be aware of your surroundings and the people in them. Keep your "head on a swivel" to scan your environment.
- Safe Spaces Only: Avoid phone use in transitional spaces, like parking lots or while waiting for public transportation. Wait until you are in a secure location.
- Avoid Distractions: Step away from sudden distractions or "accidental bumps." These are often tactics used by thieves to take your belongings.
- Device Security: Keep your phone safely put away. Always use all the security features like passcodes and biometrics to protect your accounts and data if the device is lost or stolen.
Don't Leave Your Car Running
Law enforcement universally stresses this point: never leave your vehicle unattended while it's running.
- Risk vs. Reward: The risk of your car being stolen skyrockets when you step out, even just for "one second" to run inside your home or a convenience store.
- Temperature Control: While you may want to keep the air conditioner or heater running, the temperature won't change drastically in the short time it takes for a quick errand. The risk is simply not worth the minor convenience.
Enjoy in Moderation: Lowered Defenses
Playwright George Bernard Shaw is paraphrased as saying "Alcohol is the anesthesia of life." Our tip: enjoy holiday drinks in moderation.
- Maintain Control: Free-flowing drinks can make it easy to overindulge, which lowers your defenses and increases the chance of making poor decisions.
- Protect Yourself: Overconsumption can be the difference between keeping your personal belongings safe, avoiding a call from Human Resources, or becoming a victim of a crime.
In-Store Shopping Privacy and Payments
These suggestions are always relevant, but they become even more critical when crowds increase during the holidays.
Make the Phone Go Dark
Your phone can be a double agent! Many stores employ technology to track your movements and activities inside.
- Tracking Technology: Stores track you using Bluetooth beacons, Wi-Fi triangulation, and even inaudible ultrasonic beacons to map your physical presence.
- Going Dark: The easiest way to block this tracking is to turn off your phone or place it in a Faraday bag . A Faraday bag blocks all incoming and outgoing wireless signals, taking your phone completely off the radar while it's tucked away.
- Advanced Controls: While some advanced mobile operating systems allow granular sensor control, a Faraday bag is the simplest and most accessible method for most people.
Costly Bumps: Ghost-Tapping Fraud
Authorities are warning about a sophisticated attack called "Ghost-Tapping," which exploits the popularity of tap-to-pay technology on mobile devices and cards.
- The Attack: Bad actors use small readers or modified terminals to capture payment details when they get close to a target's tap-to-pay phone, smart watch, or card. Crowded holiday shopping lines make it easy to get close enough for an "accidental bump."
- Protection: You can defend against this in two ways:
- Use RFID blocking sleeves for your contactless cards.
- Disable tap-to-pay on your mobile device.
- Safe Payment: Only pull the card out or enable the tap-to-pay feature on your device when the payment is due, not while the items are being rung up.
The Cash and Credit Card Rule
How you pay determines how much you lose if fraud occurs. Always follow these rules for transactions:
- Use Cash When Possible: Cash transactions are untraceable and cannot be skimmed, hacked, or charged back. For small, quick purchases, cash is the most private option.
- Credit Over Debit: Never use a debit card for holiday shopping unless you are actively taking cash out at an ATM. Credit cards offer stronger consumer protections and zero-liability fraud policies. If a credit card is compromised, the money stolen is the bank's, not yours. If a debit card is compromised, the thief drains your actual bank account, which can take days or weeks to recover, leaving you without access to your funds.
The Gift Card Rack Attack
Gift cards are a popular gift, but the racks they sit on are a prime target for thieves. This is also called "card draining."
- How it Works: Criminals often visit stores, record the card and PIN numbers off the back of physical gift cards, and then replace the card on the rack. They monitor the card online, and the moment a customer buys it and loads money onto it at the register, the thief immediately uses the balance.
- Protect Your Gifts:
- Inspect Carefully: Before purchasing, thoroughly check the card's back and packaging. The security strip covering the PIN should be completely intact with no sign of a scratch mark, peeling, or sticker tampering.
- Buy from the Counter: If possible, purchase gift cards from behind the main counter or directly from a trusted retailer's official website, not from open display racks.
- Treat Like Cash: Remember, unlike credit cards, gift cards have virtually zero fraud protection. Once the money is drained, it's gone.
Online Security and Privacy
The holiday shopping rush creates a flood of emails, texts, and ads. This year, bad actors are using Generative AI to craft scams that are nearly flawless, removing the tell-tale typos and bad grammar of the past. Your primary defense is skepticism and layers of protection.
The AI Phishing Epidemic
Scammers are using AI to create highly convincing phishing emails, fake websites, and smishing (SMS/text) attacks. These messages are personalized and look legitimate.
- Trust Nothing: Assume every email, text message, social media ad, or phone call related to an order, account issue, or delivery is a scam until you can verify it yourself.
- The Flawless Lure: AI eliminates spelling errors and can perfectly mimic the logo and tone of major brands like Amazon, FedEx, or your bank. You must look past the content.
- Verify Independently: If you get a delivery or payment alert, do not click the link. Instead, open a new browser tab and manually navigate to the official retailer's website or the carrier's official tracking page. Log in there to see your true status.
- Check the URL: Before entering any personal or payment information, always check the website address. Scammers use "typo-squatting" by changing a single letter (e.g., Amaazon.com instead of Amazon.com). A flawless-looking page is worthless if the URL is wrong.
Disposable Email: Your Inbox Shield
Stop giving out your real, primary email address to every retailer and website. Use a disposable email alias to compartmentalize your online life.
- How it Works: Services like SimpleLogin create unique, forwarding email addresses (aliases) for every online account. Emails sent to the alias go to your real inbox, but the sender never sees your actual address.
- The Core Benefit: If one retailer's data is breached, or if an alias starts receiving spam, you can instantly deactivate that single alias without affecting any of your other accounts or your main inbox.
- Stay Anonymous: Use a unique alias for online shopping, another for loyalty programs, and a third for newsletters. This makes it impossible for data brokers to connect your various online activities.
Virtual Cards: Your Transaction Firewall
When shopping online, you should never enter the 16-digit number, expiration date, and security code from your physical credit card. Use virtual debit or credit cards instead.
- What They Are: Services like Privacy.com or some credit card issuers like Capital One allow you to generate unique, temporary card numbers linked to your real account.
- Single-Merchant Use: You can create a card number that works only for a specific retailer. If that retailer is breached, the thief gets a card number that is useless anywhere else.
- Spending Limits: You can set a maximum spending limit on a virtual card, such as $100. If a fraudulent charge attempts to go through for more than that, the card is automatically declined.
- Disposable Power: For one-off purchases from a site you don't fully trust, create a single-use card that automatically closes and becomes invalid moments after the transaction is complete.
Delivery Security: Avoiding Porch Pirates
After you've successfully completed your purchase using your virtual card and disposable email, the final step is ensuring the package arrives safely and doesn't fall victim to a **"Porch Pirate."
Track Everything and Know What's Coming
Enroll in USPS Informed Delivery. This free service sends you an email each morning with grayscale images of the mail that will be delivered to your address that day.
Spotting Problems Early: Informed Delivery is your early warning system. You can see packages and envelopes expected, allowing you to quickly spot missing mail or an unexpected delivery from a vendor you don't recognize.
Managing Packages: The service also allows you to manage USPS packages, sometimes letting you redirect them to a Post Office for pickup.
Note: Other carriers, like UPS and FedEx offer similar notifications when a packages are to be delievered to your address.
Use Alternative Pickup Locations
Never let a package sit on your doorstep, especially during the holidays. Use these services to redirect deliveries to a secure, off-site location.
- Carrier Specific Lockers: Select a service's dedicated secure pickup spot during checkout or through your account management app:
- Amazon: Use an Amazon Locker or Amazon Hub (often at grocery stores). They hold your package for a few days, requiring a unique code for pickup.
- UPS: Redirect packages to a UPS Access Point or The UPS Store using UPS My Choice enrollment.
- FedEx: Redirect packages to a FedEx Office or FedEx OnSite partner like Walgreens, using the FedEx Delivery Manager service.
- Neutral Mailboxes: Rent a private mailbox at a location like The UPS Store. This gives you a secure street address that can accept packages from any carrier (USPS, UPS, FedEx, etc.) and hold them until you arrive.
Other Secure Delivery Tactics
If you must ship to your home address, minimize the risk with these steps:
- Delivery to Work: Ship packages to your office's mailroom or reception. This is typically the most secure option, but always check your employer's policy first.
- In-Store Pickup: When buying online, choose the "Store Pickup" or "Curbside Pickup" option at checkout. The item remains secure at the retailer until you pick it up.
- Secure Home Lockers: Invest in a physical, secured lockbox for your porch. Delivery drivers can place the package inside a secure, one-way slot, keeping it out of sight and locked until you get home.
- In-Garage Delivery: If available in your area and you trust the technology, services like Amazon Key allow drivers one-time, secured access to your garage to place the package inside.
Be the Hard Target
This holiday season, the most effective security measure is you. Criminals and scammers are looking for the easiest victims. When you adopt these behavioral and technological safeguards, you stop being an easy target.
Remember: We may not have anything to hide, but everything to protect.
