Cyberattacks surge during the Christmas and New Year’s festive season due to more Rwandans spending their money during these holidays.

With many of us shopping online, users are encouraged to adopt the following best practices to keep their money and sensitive information safe during this period.

1. Check your bank or mobile money account statements regularly

Regularly check your account statements on internet banking platforms, transactions’ statements sent via email, or SMS’ sent by your mobile money service provider, to track and verify the authenticity of all reported transactions on your account(s).

Should you find suspicious activity (such as a charge or transaction you do not recognize) report the activity to your bank or mobile money service provider immediately.

2. Use trusted and official online sellers

During the holidays, fake websites that imitate legitimate brands or companies attempt to trick victims into providing sensitive information such as account credentials, One-Time Passwords (OTP) or credit card details.

Online users can determine the legitimacy of a website by evaluating it against the typical signs of a malicious site:

• Browser security warnings

• The URL does not use https encryption

• Automatic downloads

• A lack of contact options

• Spelling and grammar errors

• Unusual number of pop-ups and ads

3. Stay vigilant to strange calls, text messages or emails

Phishing attempts through phone calls, messages or emails are common during the festive season. This may take the form of a fake store order you don’t remember placing, or an impersonation scam concerning a trusted contact who needs help.

If someone contacts you claiming to be a trusted contact, verify with them personally through another channel (such as over the phone or in-person). If someone contacts you about an order you don’t remember placing, stop contact and reach out to the store using the details on their official website.

4. Avoid shopping on unsecure Wi-Fi

Public Wi-Fi networks will expose any information you send while paying online, meaning cybercriminals can intercept this sensitive information. Do your online shopping on a private Wi-Fi network secured with a strong password, or with a trusted VPN that encrypts your internet traffic.

5. Be alert to holiday shopping scams

Online deals that require some form of upfront payment should always be treated with great suspicion. These promotional deals may be the following scams:

• Travel scams

• Job scams

• Loan scams

• Scholarship scams

Users are recommended not to click on the shared links of these deals and to contact directly the institution said to be providing these kinds of opportunities through their toll-free numbers, website or email, to verify the legitimacy of these promoted opportunities.

6. Secure your online accounts

Protect your online shopping accounts through adopting:

• Multi-Factor Authentication (MFA)

Applying MFA will reduce the risk of an attacker gaining access to your account, as every attempt at access needs to be verified by the account owner. Read our story on How to set up MFA.

• Strong and unique passwords

Stronger passwords are harder to crack. All passwords should be at least 10 characters, include upper-case and lower-case letters and include numbers and symbols to be strong and unique. A password manager can help you to create and store strong and unique passwords for all of your accounts.

To report any suspicious online activity or receive guidance, an individual or an institution can reach out to NCSA through our toll-free number 9009 or by email to rwcsirt@ncsa.gov.rw.