‘Tis the season to be jolly … but it’s also the season in which identity thieves abound on-line. We spoke to Brian Krebs, cybersecurity expert and author of Spam Nation: The Inside Story of Organized Crime: From Global Epidemic to Your Front Door, to find out easy ways keep your personal info from getting stolen so that your holidays — and all your days throughout the year — are merry and bright.

Here are his top tips to keep hackers at bay.

First, why are people at higher risk of identity theft this time of year?

Hackers know consumers tend to let their guard down during the weeks leading up to the holidays. Everyone is busy, rushing to get their shopping done, using unfamiliar websites, and giving their personal information online in situations where they might normally be more cautious. That sort of high-risk behavior allows hackers a greater opportunity to go after what they want — your personal information, which they’ll use to make fraudulent purchases.

Is it risky to sign on to public Wi-Fi if you aren’t going to buy anything or enter account info?

Any time you are on public Wi-Fi, there’s a chance something or someone else is there watching all the traffic and trying to subvert it. So if you’re going to be doing any sort of personal business or exchanging sensitive information, it’s smart to wait until you’re at home or on a trusted Wi-Fi network. After all, why invite trouble?

Santa Online Holiday Security 604

In your book you warn readers: 'If you didn’t go looking for it, don’t install it.' What does this mean?

A huge number of computer viruses spread when people are browsing the web and a pop-up ad appears on their screen. In order to view whatever content that pop-up is promoting, they are asked to install certain software. Sometimes it’s a legitimate request, but often it’s a scam used by hackers to gain access to your computer. So if you’re minding your own business and a situation like this suddenly arises, don’t fall prey to it. And finally, if there is software you want to install, avoid getting it from a random site — go to the site that created it and download from there.

Speaking of installing software, many of us download programs but rarely update them. You say this is dangerous. Why?

Think of outdated software as a “hole” in your system. Hackers roam the Internet looking for these holes and, upon finding one, push malware into it. This corrupts your computer, finds your personal information and generally wreaks havoc on your life. So make it a rule to keep your software up-to-date — that way it’s harder for hackers to get to you. And if you’ve got old programs on your computer that you no longer use, it’s wise to delete them so there’s one less hole in your system.

Is it OK to shop or bank with you mobile phone?

Whether you’re using your cellphone or a computer there are many of the same vulnerabilities. If you aren’t keeping the apps and various operating systems on your phone up to date, it could lead to trouble. So be sure to update! It’s also important to be judicious about the downloads and exchanges you make on your phone. 

Many of us assume if we didn’t open a spam e-mail, we’re safe. But you say we need to do more. What are some examples?

Cybersecurity Expert Brian Kreb 300
Brian Krebs

Kristof Clerix

It’s certainly a good policy never to open spam. That said, if your inbox isn’t secure there can still be problems. The way to make sure yours is secure: Never use the same password across different accounts. If certain hackers determine your password on one platform they might very well try it on another, which leaves you open to risk.

I used to hear people say that Macs are hacker-proof. Is that true?

It used to be truer. However, increasingly, online criminals are infiltrating computers via third-party programs, such as Java and Flash. What they do is browse for sites that have been corrupted, then make their way onto your computer when you’re using the site. Unfortunately, that can happen on a Mac or a PC, so it no longer matters in the same way what computer you’re using.

When shopping online, is there any way to gauge whether or not a site is safe?

The best rule of thumb is to stick to reputable sites you know that have been around for a while. And beware during the holidays, which is when phantom stores start appearing online. These sites may look like real businesses selling real products but often they just take your information when you make a purchase then vanish. So if a site you’ve never heard of is offering products at prices that seem too good to be true, chances are it is too good to be true. If you’re unfamiliar with a site, go to domaintools.com or whois.net and do a quick record search of the domain name. You can usually tell a phantom site, since they’ve often registered only in recent months. If you see that sort of thing, I suggest you run the other way!

Some online stores offer to save your credit card to use next time. Is that a good idea?

If it’s a site you trust and that you’ve used frequently with no problems, I’d say it’s a pretty safe practice.