Obama’s cybersecurity commissioner offers advice on how to keep safe when shopping online

cybersecurity amazon shopping

Shopping is a big part of the holidays, whether you’re heading to the grocery store for a festive feast, or trawling Amazon for last minute gifts. Online criminals are aware that people might let their guard down, given the many other stresses of the season, so they’re on alert for potential targets.

It’s not impossible to get through the end of the year without becoming a victim, but your chances of doing so are much improved if you take the proper precautions. Digital Trends caught up with former cybersecurity commissioner to President Obama, Eric Cole, to get some insight on the best ways to stay safe and secure.

Digital Trends: What sort of things can consumers do to stay safe while shopping online?

Eric Cole: First and foremost, use common sense. I know people are always wanting these crazy, high-tech pieces of advice from me, but they’re not practical. What I always say is that cybersecurity is not about doing crazy, complex things. It’s doing simple things in a consistent manner. If we just used basic common sense online, we would be much safer.

Cybersecurity is not about doing crazy, complex things. It’s doing simple things in a consistent manner.

For example, one of the big hacks we’ve seen this year is that adversaries will buy ads on search engines like Google. Now, you’re looking for that perfect gift, you go to Google and put in the search term, and the second, third item that appears up in that search shows the items for 80 percent off.

You can’t believe your eyes, right? This item is hard to get, nobody’s discounting it, and here it is for 80 percent off. You just can’t help yourself. You click on the link, and in those three seconds where you’ve clicked on the link, boom – your computer is compromised, your identity is stolen, your credit card information is gone. It’s that easy. One click is all it takes, so you want to be very careful about where you’re going.

Stick to those mainstream sites, and remember. deals that seem too good to be true are too good to be true. I’ve heard very, very, very few cases where seeing these crazy discount sites pays off for consumers. Be smart, look at the big sites, and be careful about giving out your personal information.

Is there a greater threat of being subjected to an attack at this time of year?

Yes, and there are three reasons. One, the adversaries are more active. Remember, adversaries don’t typically target an individual, they target a number. They don’t care if you’re Bill Gates or Bubba Gates, what they want is 10,000 credit cards. They want 10,000 identities . During the holiday season, because there are so many more people online, there’s a lot more people they can compromise.

cybersecurity dr eric cole
Former C.I.A. Technology Director, Dr. Eric Cole
Former C.I.A. Technology Director, Dr. Eric Cole (credit: Security Haven)

Second, people have such large amounts of transactions during the holiday that they don’t really check their credit card statements as closely as they should. At the end of the year, for Christmas, they might get two, three, or four pages. They’ll glance through it, but for most people, when they think fraudulent credit card activity, they’re looking for $20,000 purchases. That’s not reality. Most adversaries will do a $2 or $3 purchase here and there. So, if you just scan your credit card statement quickly, you will miss those fraudulent charges.

The trick with that is, contact your credit card company to do real-time alerting. I use this feature, and it’s awesome. Now, whenever my credit card is used for any purchase in a restaurant or in a store, I get an alert, and then I approve that this is authorized or unauthorized. A lot of people go, “oh, but Eric, that’s going to take two to three more seconds every time I approve a purchase.” Yes, but I will tell you that the probability of having credit card fraud is high, and that will probably cost you 300 to 400 hours. Do you want to take two seconds now, or 400 hours later, when your credit card gets compromised?

Does the Equifax breach demonstrate that we need to be less trusting of how others use our data, as well as keeping an eye on our own activity?

Some people get upset with me when I say this, but security is your responsibility.

Yes! This is one that I’ve been pushing for a while, and some people get upset with me when I say this, but security is your responsibility. It’s terrible that our information was in Equifax, it’s terrible that it happened, but that is ultimately your responsibility. Cybercrime has a high payoff and very low risk, so this problem is going to get a lot worse before it gets better. You cannot rely on third parties to protect you.

If you want to make sure that you protected, you segment out your life. For example, I have six different credit cards. I have one just for gas, one just for Amazon, one just for bill paying. And by doing that, now if there’s an issue, it’s not only contained and control, but it’s much easier for me to go in and get a new card.

How much of an impact does a person’s digital footprint have on their tendency to be attacked? Does having a greater amount of active accounts equate to greater risk?

Having a bigger digital footprint does increase your tendency, but it’s basically your public digital footprint. Every time you go to a site and you want to download a document, or somebody’s gonna give you a free gift, or they’re gonna give you a PDF, and they say, “please enter your name, your email address, and your phone number,” those are the things that really increase your probability of being a target. Some of those are good, lots of them are bad.

cybersecurity craigslist

Adversaries will try every place they can to get that information. We’ve seen a lot of attacks where people on Craigslist will give their name, their phone number, and their email address. That’s public information, that anyone can see. Setting up an account isn’t really gonna increase your risk, if those are private accounts, if those are different passwords, if those are strong passwords. That’s OK. It’s the public information, the social media. The things you put out there that anyone can find will put a much bigger target on your back for a cyber criminal to come after you.

People often think about cybersecurity as someone taking control of an email account or similar, rather than compromising a physical token like an ATM card. How can we protect against credit and debit card fraud, whether online or in person?

First and foremost, repeat after me – credit cards are good, debit cards are bad; credit cards are good, debit cards are bad. You want to stay away from debit cards. If you want to use a debit card to go to the money machine and take money out, that’s one thing, but you do not want to use debit cards online, in stores or anywhere else.

There are laws that protect you on credit cards. Debit cards have no such laws.

The reason is, one, there are laws that protect you on credit cards. Debit cards have no such laws. Yes, many banks are usually nice about it, but they don’t have to be. If there’s a fraudulent charge on my credit card, it doesn’t come out of my account. It goes out of the credit card company’s account, and now if I debate it, or I contest it for six months while they investigate, they’re out the money and not me. If somebody uses your debit card, it immediately comes out of your bank account. Now, if you contest it for six months, you’re out the money for six months.

Also, be very, very careful of public wireless. Only use wireless in your trusted home. If you’re going to a store, what I do is, as soon as I leave my house, I just turn off wireless. It’s not worth the risk. It’s not worth that exposure. But once again, the most important thing is just common sense. Don’t trust anyone, and be careful of when and where you give out your information.

What are some of the similarities and differences of personal cybersecurity, compared with some of the other roles you’ve filled in your career?

Interestingly, in the last year, we’ve seen two things happening. One, more and more services moving to the cloud. Now that services are moving to the cloud, we can do some oversight of the cloud provider, but really, it’s all about the endpoint. Whether it’s a big company or a small company, or an individual, they all access servers from the internet, so it all comes down to making sure that endpoint is properly protected.

Second, adversaries are realizing that yes, there’s cases like Equifax where their servers were quite vulnerable, and it was very easy to break in, so they went after the servers, but in most cases the weakest link in any organization is the individual. So, the number one method of compromise for an organization is sending a legitimate-looking email to an employee and tricking them into opening an attachment.

Five, ten years ago it would have been extremely different. Today, because both attacks are on the individual, most services are being accessed from the internet, adversaries are doing phishing attacks that look legitimate to trick people. They’re much more similar than they used to be.

Responses were edited for length and readability.

Emerging Tech

Would you swap your keycard for a microchip implant? For many, the answer is yes

Put down your keycard! More people are turning to implanted RFID chips as their choice of workplace identification. Should we be worried about a world in which employees get microchipped?
Product Review

It's not a spy, but you still won't want to friend Facebook's Portal+

Facebook has jumped into the smart home game with the Portal+, a video-calling device featuring an Amazon Alexa speaker and a screen. While it has lots of cool calling features, we’re weary of Facebook taking up counter space in our home.
Product Review

Google’s Pixel 3 is a hair away from pocket-sized perfection

Google’s Pixel 3 smartphone is the best Android phone you can buy. It doesn’t have the best looks or the best hardware, but you’ll be hard pressed to find better software and unique A.I. functionalities.
Digital Trends Live

Singer Racella talks recording, drawing inspiration from trauma

On episode 15 of DT Daily, Digital Trend's daily morning show, host Greg Nibler talked to singer-songwriter Racella about her new EP, Waves, how to make music with an iPhone, and more.
Gaming

Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…
Computing

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.
Computing

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.
Deals

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Computing

Ditch the passwords and buy Xbox games with just your face

Passwords are the past. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey. 
Web

Canceling Amazon Prime is easy, and you might get a refund

Don't be intimidated. Learning how to cancel Amazon Prime is easier than you might think. You might even get a partial or full refund on the cost, depending on how much you've used it. Check out our quick-hit guide for doing so.
Computing

Editing a PDF is easy when you have the right tools in hand

Editing PDF files can be a real pain, but there are a few tricks to make the process a bit easier. This guide will give you three easy methods for how to edit a PDF, two of which work without needing Adobe Acrobat.