The Oakleaf

'Tis the Season to Protect your Assets

Posted by Tompkins Information Security on Nov 26, 2019 2:24:22 PM

With the largest shopping day of the year looming, and the holiday season about to be in full swing, we wanted to share with you some tips to help protect your assets, keeping your spirits bright along the way!  Thanks to our partners from our Information Security Team for helping compile this important guide to protecting yourself from holiday shopping scams.

Cyber SecurityCybercriminals are upping their realism game, attempting to trick the unwary public into accessing what they thought to be a legitimate website. So what are the hackers up to now?  Well, just in time for the holidays, they're making fraudulent websites look like the real deal.

The first half of their recipe is to count on visitors to popular sites accidentally hitting the wrong keys when entering the site name. For example, a user may type "Amazoon" instead of Amazon, or "Micrososft" instead of Microsoft. The criminals will then purchase Typosquatter domains (domain names containing the incorrect spelling) which they doctor up to look like the real deal, including legitimate looking graphics, and even security certificates. Security certificates bring you the tiny lock icon in the lower right-hand corner of a secure site. Sometimes this icon can trick you into thinking the site is legitimate.

So what can you do to avoid such sites?

  1. Use extreme caution when entering a website’s address, save it as a favorite in your browser, then always use that favorite to access the site(s).
  2. Use the site’s approved app from the Apple Store or Google Play to do your shopping.
  3. Enable 2-Factor (aka Multi-Factor) authentication whenever it’s an option (this goes for both browser and mobile access).
  4. Don’t use the same username and password combination on multiple web sites. If your login information is compromised on one site, criminals can use it to access your information elsewhere.
  5. Use complex passwords (password generator and password vault apps are commercially available to help with this).
  6. Don’t click on retailer links received within an email (see 1 & 2 above).

So while you’re doing some holiday shopping on Black Friday and beyond, be mindful of the sites you are visiting and always run through our checklist.

Want to learn more about cybersecurity, fraud, and protecting your data? Head on over to our cybersecurity education page and sign up for our free newsletter. 

Local is Powerful

We’re here to help our communities thrive and grow, and that includes you.

What are we all about?

  • Community – We’ve been here a long time, but we’re not stale. You’ll see us out there in the community rolling up our sleeves and getting involved where we’re needed most.
  • Passion – Look for updates and stories from the people who make it all possible. The power of local people and local decisions leads to a passion you never thought you’d get with a bank.
  • Innovation – Looking for an innovative solution to your financial needs? We may be community-based, but we are the best of both worlds!

Experience the power of local with us! Subscribe below for regular updates from your good friends at your community bank.


The opinions expressed and material provided are for general information only.

Subscribe Here!

Recent Post