We live in scary times — at least from the standpoint of cybersecurity. According to a recent report, 3,676 breaches were reported in the first nine months of 2018, resulting in the exposure of 3.6 billion records. And although this marks an 8 percent decline in "data compromise events" from 2017, bad actors are getting savvier by the minute, and new threats are emerging before old ones have been fully addressed. It's important to stay vigilant as an individual — especially as we enter into the peak season of online giving.
There are tons of scams out there. But they shouldn't prevent you from giving a gift to a cause you believe in. And with giving season upon us, it's a great time to learn about some of these threats and the best practices for staying safe online.
Paige Hanson is chief of identity education at Symantec. She's been with Symantec for a little over 12 years and has a deep understanding of the ways that criminals use sneaky tactics to prey upon their victims.
Paige spent a decade traveling around the country training law enforcement on new and emerging trends in identity theft. She sat down with us and shared four things to be aware of to make sure that you and your personal information are as safe as possible this giving season.
1. Pay Close Attention to Hyperlinks
It's sad to say, but the time period directly following a catastrophic event — such as a natural disaster — is prime time for fraud. It's typical for momentum to build behind making donations to a relief agency or a cause supporting disaster victims, and giving is often heavily promoted on social media.
In some cases, cybercriminals make fake landing pages posing as a nonprofit providing relief to those affected. Sophisticated email campaigns can also be mounted to trick well-meaning would-be benefactors, pushing links to these fraudulent sites.
This same approach is used during other popular times to donate to charity, such as Giving Tuesday. Taking just a few moments to examine an email you receive in this context can really pay off.
"Hover your cursor over the hyperlink and see who the email is coming from," Paige explains. She uses the hypothetical example of an email from someone claiming to be from the American Red Cross. "Let's say I wave my cursor over the link, and the description box shows that 'Red' isn't spelled right, or the address has '.UK' — that is a red flag that it's likely a scam email that will take you to a different landing page that looks like the Red Cross, but isn't," she says.
Technically, this tactic is called "business email compromise," and Paige notes that it's a growing trend. It's not only prevalent in this context, but also in cases where an email appears to be coming from within your own organization. An example here might be a message from your "HR department" asking you to provide personal or financial data. In either case, the best rule of thumb is to always pay close attention to links in any email that involve the transfer of sensitive information and not to click on any links that look suspicious.
2. Take Extra Measures to Verify the Nonprofit to Which You Are Giving
Check out the validity of an organization asking you to give. This is especially important for smaller or seemingly "new" nonprofits. Again, it's not uncommon for a scammer to set up a private business claiming to be a nonprofit in the wake of a disaster or over the holiday season.
"It sounds really simple or even a bit silly, but be on the lookout for even misspellings on a website," Paige says. "Also, punctuation errors and dead links. Usually when you get an email from a legitimate organization and you click on a photo, it will take you somewhere. It's important to take an extra second to read through the email instead of just reacting. You may have been meaning to give back, and since it's Giving Tuesday, for example, you'll just do it really quickly. But you have to slow down."
Paige also suggests verifying a nonprofit's legal status using a database lookup tool such as GuideStar. Another savvy way to make sure you are going to the website you intended to is by typing in the nonprofit's name directly into your search bar. That method circumvents the risk of clicking a fraudulent link altogether.
3. Consider Using a Credit Card, Always Use a Secure Site to Make a Donation, and Be Mindful of Your Digital Footprint
Paige recommends using a credit card versus a debit card when you give to a nonprofit. "In case there is any fraudulent activity, you're using the credit card company's money, not your own. And if you notice any fraud at all, you want to notify your bank or credit card company as soon as possible to get those charges reimbursed, or at least to get the investigation started."
Also, whenever you enter payment information online, it's imperative to make sure that you are using a secure website. This is easy to verify. Just take a look in your browser and confirm that there's an "https://" in the search bar. HTTPS indicates that a nonprofit is encrypting its data on its end, thereby better protecting the information you give it from cybercrime.
Lastly, Paige says that even with verified, legitimate nonprofits, it's always important to take a moment and ask yourself, "Do I want to extend my digital footprint to this organization?" Be mindful of which personal information you are sharing. Make decisions with care when signing up for newsletters or giving out information needed for the purposes of a tax write-off.
"You might not want to be part of their email database. You need to take control of where your information is being stored," she says.
4. Always Be Aware of How You Connect to the Internet
This last one is perhaps the most straightforward piece of advice. It has to do with the security of your Internet connection itself.
"When it comes to connecting to the Internet, there's a good, better, and best practice," Paige says. When using public Wi-Fi, the "good" practice is never visiting a site that requires you to enter a username and password. In these cases, limit your Internet use to reading the news, looking at a map, or watching videos on YouTube.
She continues in saying that the "better" practice is to use your mobile data plan or create a mobile hotspot. "Let's say you log on at a coffee shop, but realize that it's Giving Tuesday and you're going to make that donation. At that point we suggest switching to your personal hotspot, if you're not on it already."
A mobile hotspot is more secure than public Wi-Fi, and it prevents an Internet service provider from selling your information and online activity to a third party. (In many cases, companies are legally allowed to do this.)
When it comes to connecting to the Internet, the "best" practice is to use a virtual private network (VPN). "A VPN can be an app or something that's installed on your computer. A VPN ... encrypts communications between your computer — or phone — and the Internet." And in some cases, a VPN can even prevent your Internet activity and personal data from being sold to a third-party company.
Keep these four tips in mind as you enter into the 2018 giving season — and any other time you make a charitable donation online.