The holidays are maddening enough, but with credit card fraud, malware and identity theft added to the mix, your security deserves extra attention.

So, just how does one fraud-proof online shopping sprees with security in mind?

Many of us have been bumping along in convenience mode just fine for years. But now that needs to change. The first step in moving beyond that dusty and dated rationale is knowing the dangers that exist online and adopting a proactive stance in defending yourself against them.

Here are a few developments you should be aware of:

Lucrative shopping season predicted

Online sales are expected to soar as high as $117 billion this holiday season, up 7-10 percent from last year, according to the National Retail Foundation 2016 forecast. Department stores and online sites are the top pick for shoppers, up 6.8 percent from 2015.

While retailers and online stores are anticipating big money to roll in, cybercriminals are licking their chops at the prospect of gaining customers via mimicking legitimate business practices.

And today, the bad guys have become true professionals. Earlier this year, Robert J. McCullen of Trustwave said in a Forbes article that cybercrime startups are adopting mainstream tech business practices that include "integrated marketing campaigns, risk and cost analysis, research and development (R&D), even Black Friday deals – all of the things you would normally associate with any company trying to win over customers."

Crimeware-as-a-service is in vogue

The dark web is replete with illicit markets that sell copious automation tools such as CaaS (cybercrime-as-a-service) where even a middle-school script-kiddy could easily launch an online attack. These nefarious tools and technologies offer a vast array of services for cybercriminals to weave crimeware into the fabric of our digital lives, profiting immensely, while pumping up a burgeoning cybercrime ecosystem.

When you consider the painful monetary damage caused by most cyber attacks, many CaaS offerings can be seen as a bargain, according to a recent article in SC Magazine that spotlights a “Hacking Menu” compiled by network security firm WatchGuard Technologies.

Up-and-coming makers of mayhem can browse the dark web for virtually any hacking service one could imagine – often for no more than a few hundred bucks – that require absolutely no coding experience.

Earlier this year, Acecard Trojan malware stole login credentials from other legitimate apps that existed on Android devices while stealthily intercepting device messaging traffic. This is one catty example of a rogue app, where user-granted permissions enabled the malware to overlay banking and social media apps in order to steal sensitive data that the user entered into the app.

Rise of the variants

Recently, McAfee Labs’ Mobile Research Team spotted a new variant of Trojan Acecard malware, which is exceptionally cunning. Aside from requesting credit card information and two-factor authentication, this ignoble app requests a selfie from the user, along with an identity document.

McAfee said in their company blog “Trojans such as Acecard are constantly evolving and improving their social engineering attacks to gain as much sensitive and private information as possible.” In the world of variants, this bad boy is a game-changing cybercriminal maneuver skulking insidiously on the threat landscape—a conniving and clever approach in the ongoing exploitation of users.

How to get proactive with fraud-proofing

Merriam Webster defines proactive as "controlling a situation by making things happen or by preparing for possible future problems." Becoming proactive with cybersecurity is not an item that should reside on an annual security checklist. Rather, it involves an “every day” commitment—often assessing and reassessing device and app security several times a day—until it becomes second nature.

So, what can you do to proactively fraud-proof online shopping sprees? Here are a few easy tips:

  • Approach app downloads with caution (even those from trusted and reputable sources)
  • Know what permissions the app needs and read the online reviews
  • Carefully review each app Terms of Service (TOS) and privacy policies
  • Avoid “free” public WiFi
  • If you must use public WiFi, verify the network and use a Virtual Private Network (VPN)
  • Never shop (or conduct financial transactions) over free WiFi. Even if you are using a VPN, your secure connection can be dropped.
  • Turn off Bluetooth when you’re not using it
  • Use a password manager
  • Secure your device with a passcode
  • Keep your devices updated and secure
  • Only shop at reputable, trusted and encrypted (https, those with a padlock) sites

We have a lot to cover in the weeks ahead, so stay tuned for upcoming blogs on airline ticketing fraud, UK-related frauds and how to stay two steps ahead of cybercriminals.

In the meantime, be sure to check out our recent webinar, 'Tis the season: Combatting Online Fraud with Machine Learning.