Skip to main content

Obama’s cybersecurity commissioner offers advice on how to keep safe when shopping online

cybersecurity amazon shopping
Image used with permission by copyright holder
Shopping is a big part of the holidays, whether you’re heading to the grocery store for a festive feast, or trawling Amazon for last minute gifts. Online criminals are aware that people might let their guard down, given the many other stresses of the season, so they’re on alert for potential targets.

It’s not impossible to get through the end of the year without becoming a victim, but your chances of doing so are much improved if you take the proper precautions. Digital Trends caught up with former cybersecurity commissioner to President Obama, Eric Cole, to get some insight on the best ways to stay safe and secure.

Digital Trends: What sort of things can consumers do to stay safe while shopping online?

Eric Cole: First and foremost, use common sense. I know people are always wanting these crazy, high-tech pieces of advice from me, but they’re not practical. What I always say is that cybersecurity is not about doing crazy, complex things. It’s doing simple things in a consistent manner. If we just used basic common sense online, we would be much safer.

Cybersecurity is not about doing crazy, complex things. It’s doing simple things in a consistent manner.

For example, one of the big hacks we’ve seen this year is that adversaries will buy ads on search engines like Google. Now, you’re looking for that perfect gift, you go to Google and put in the search term, and the second, third item that appears up in that search shows the items for 80 percent off.

You can’t believe your eyes, right? This item is hard to get, nobody’s discounting it, and here it is for 80 percent off. You just can’t help yourself. You click on the link, and in those three seconds where you’ve clicked on the link, boom – your computer is compromised, your identity is stolen, your credit card information is gone. It’s that easy. One click is all it takes, so you want to be very careful about where you’re going.

Stick to those mainstream sites, and remember. deals that seem too good to be true are too good to be true. I’ve heard very, very, very few cases where seeing these crazy discount sites pays off for consumers. Be smart, look at the big sites, and be careful about giving out your personal information.

Is there a greater threat of being subjected to an attack at this time of year?

Yes, and there are three reasons. One, the adversaries are more active. Remember, adversaries don’t typically target an individual, they target a number. They don’t care if you’re Bill Gates or Bubba Gates, what they want is 10,000 credit cards. They want 10,000 identities . During the holiday season, because there are so many more people online, there’s a lot more people they can compromise.

cybersecurity dr eric cole
Former C.I.A. Technology Director, Dr. Eric Cole
Former C.I.A. Technology Director, Dr. Eric Cole (credit: Security Haven)

Second, people have such large amounts of transactions during the holiday that they don’t really check their credit card statements as closely as they should. At the end of the year, for Christmas, they might get two, three, or four pages. They’ll glance through it, but for most people, when they think fraudulent credit card activity, they’re looking for $20,000 purchases. That’s not reality. Most adversaries will do a $2 or $3 purchase here and there. So, if you just scan your credit card statement quickly, you will miss those fraudulent charges.

The trick with that is, contact your credit card company to do real-time alerting. I use this feature, and it’s awesome. Now, whenever my credit card is used for any purchase in a restaurant or in a store, I get an alert, and then I approve that this is authorized or unauthorized. A lot of people go, “oh, but Eric, that’s going to take two to three more seconds every time I approve a purchase.” Yes, but I will tell you that the probability of having credit card fraud is high, and that will probably cost you 300 to 400 hours. Do you want to take two seconds now, or 400 hours later, when your credit card gets compromised?

Does the Equifax breach demonstrate that we need to be less trusting of how others use our data, as well as keeping an eye on our own activity?

Some people get upset with me when I say this, but security is your responsibility.

Yes! This is one that I’ve been pushing for a while, and some people get upset with me when I say this, but security is your responsibility. It’s terrible that our information was in Equifax, it’s terrible that it happened, but that is ultimately your responsibility. Cybercrime has a high payoff and very low risk, so this problem is going to get a lot worse before it gets better. You cannot rely on third parties to protect you.

If you want to make sure that you protected, you segment out your life. For example, I have six different credit cards. I have one just for gas, one just for Amazon, one just for bill paying. And by doing that, now if there’s an issue, it’s not only contained and control, but it’s much easier for me to go in and get a new card.

How much of an impact does a person’s digital footprint have on their tendency to be attacked? Does having a greater amount of active accounts equate to greater risk?

Having a bigger digital footprint does increase your tendency, but it’s basically your public digital footprint. Every time you go to a site and you want to download a document, or somebody’s gonna give you a free gift, or they’re gonna give you a PDF, and they say, “please enter your name, your email address, and your phone number,” those are the things that really increase your probability of being a target. Some of those are good, lots of them are bad.

cybersecurity craigslist
Image used with permission by copyright holder

Adversaries will try every place they can to get that information. We’ve seen a lot of attacks where people on Craigslist will give their name, their phone number, and their email address. That’s public information, that anyone can see. Setting up an account isn’t really gonna increase your risk, if those are private accounts, if those are different passwords, if those are strong passwords. That’s OK. It’s the public information, the social media. The things you put out there that anyone can find will put a much bigger target on your back for a cyber criminal to come after you.

People often think about cybersecurity as someone taking control of an email account or similar, rather than compromising a physical token like an ATM card. How can we protect against credit and debit card fraud, whether online or in person?

First and foremost, repeat after me – credit cards are good, debit cards are bad; credit cards are good, debit cards are bad. You want to stay away from debit cards. If you want to use a debit card to go to the money machine and take money out, that’s one thing, but you do not want to use debit cards online, in stores or anywhere else.

There are laws that protect you on credit cards. Debit cards have no such laws.

The reason is, one, there are laws that protect you on credit cards. Debit cards have no such laws. Yes, many banks are usually nice about it, but they don’t have to be. If there’s a fraudulent charge on my credit card, it doesn’t come out of my account. It goes out of the credit card company’s account, and now if I debate it, or I contest it for six months while they investigate, they’re out the money and not me. If somebody uses your debit card, it immediately comes out of your bank account. Now, if you contest it for six months, you’re out the money for six months.

Also, be very, very careful of public wireless. Only use wireless in your trusted home. If you’re going to a store, what I do is, as soon as I leave my house, I just turn off wireless. It’s not worth the risk. It’s not worth that exposure. But once again, the most important thing is just common sense. Don’t trust anyone, and be careful of when and where you give out your information.

What are some of the similarities and differences of personal cybersecurity, compared with some of the other roles you’ve filled in your career?

Interestingly, in the last year, we’ve seen two things happening. One, more and more services moving to the cloud. Now that services are moving to the cloud, we can do some oversight of the cloud provider, but really, it’s all about the endpoint. Whether it’s a big company or a small company, or an individual, they all access servers from the internet, so it all comes down to making sure that endpoint is properly protected.

Second, adversaries are realizing that yes, there’s cases like Equifax where their servers were quite vulnerable, and it was very easy to break in, so they went after the servers, but in most cases the weakest link in any organization is the individual. So, the number one method of compromise for an organization is sending a legitimate-looking email to an employee and tricking them into opening an attachment.

Five, ten years ago it would have been extremely different. Today, because both attacks are on the individual, most services are being accessed from the internet, adversaries are doing phishing attacks that look legitimate to trick people. They’re much more similar than they used to be.

Responses were edited for length and readability.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more
You can get this 40-inch LG UltraWide 5K monitor at $560 off if you hurry
A woman using the LG UltraWide 40WP95C-W 5K monitor.

If you need a screen to go with the upgrade that you made with desktop computer deals, and you're willing to spend for a top-of-the-line display, then you may want to set your sights on the LG 40WP95C-W UltraWide curved 5K monitor. From its original price of $1,800, you can get it for $1,240 from Walmart for huge savings of $560, or for $1,275 from Amazon for a $525 discount. You should complete your purchase quickly if you're interested though, as there's no telling when the offers for this monitor will expire.

Why you should buy the LG 40WP95C-W UltraWide curved 5K monitor
5K monitors are highly recommended for serious creative professionals, such as graphic designers and filmmakers, for their extremely sharp details and precise colors, and the LG 40WP95C-W UltraWide curved 5K monitor is an excellent choice. We've tagged it as the best ultrawide 5K monitor in our roundup of the best 5K monitors, with its huge 40-inch curved screen featuring 5120 x 2160 resolution, 98% coverage of the DCI-P3 spectrum, and support for HDR10 providing striking visuals that you won't enjoy from most of the other options in the market.

Read more
Generative-AI-powered video editing is coming to Instagram
Instagram on iPhone against a colorful background.

Editing your Instagram videos will soon be as simple as typing out a text prompt, thanks to a new generative AI tool the company hopes to release in 2025, CEO Adam Mosseri announced Thursday.

The upcoming tool, which leverages Meta's Movie Gen model, will enable users to "change nearly any aspect of your videos," Mosseri said during his preview demonstration. Those changes range from subtle modifications, like adding a gold chain to his existing outfit or a hippo in the background, to wholesale alterations including swapping his wardrobe or giving himself a felt, Muppet-like appearance.

Read more