Avoid Scams With These Cyber Hygiene Tips

As temperatures drop, cyber scams rise. As artificial intelligence becomes more accessible, so does its ability to be used by online scammers. Protect your information and money this season by avoiding scams with these tips from Metropolitan Community College Cybersecurity Center Director Gary Sparks.

Think before you click

Scammers target online shoppers during the holiday season, sending text and email messages intended to make the recipient click harmful links, scan malicious QR codes or call phony numbers.

Sparks recommends always being suspicious of unexpected communication, such as a message about a delivery being delayed or an issue with a payment being processed. These messages are designed to create urgency for the recipient.

“If you get an internet link or a QR code, or an email that you weren’t expecting, don’t click on it. Don’t scan it — it’s most likely pointing to malware,” Sparks said.

Malware, which comes in many different forms, can help cyber attackers steal your data by gaining access to your devices. To verify if the information is trustworthy, open a separate internet browser and go directly the organization’s website to find the information referenced in the message. Sparks said companies like PayPal, whose names are frequently used in phishing scams, offer ways to verify the authenticity of email communications. Report suspicious emails to phishing@paypal.com and delete them.

Keep passwords in the past

There are more reliable ways to keep your information secure than the standard “strong” password. The longtime practice of changing your password every 90 to 120 days — using a special character and a combination of upper and lowercase letters — is outdated, Sparks said.

Instead, Sparks recommends using passkeys on websites and apps as safer alternative. Passkeys allow users to sign into sites using cryptographic keys (biometrics, face scans, PINs, etc.). In addition to making logins more secure — passkeys are unique to each site — they make logging in easier and faster.

When passkeys are not available, Sparks recommends using “pass phrases,” rather than single passwords. Password managers are also an effective way to store unique passwords for different providers.

“Pass phrases are easier for you to remember and harder for the scammer to steal because they allow for more complexity than the traditional password,” Sparks said.

Free Wi-Fi doesn't mean secure

As people travel for the holidays, using free, public Wi-Fi services at an airport, hotel, store or restaurant, may be seem convenient, but Sparks recommends using a virtual private network (VPN) or cellular hotspot for Wi-Fi.

Sparks said hackers can easily set up rogue wireless access points with small devices like “Wi-Fi pineapples” that help bad actors gain access to personal devices through unprotected networks.

“When an unsuspecting user connect to it, the hacker can take over that person’s computer,” Sparks said. “I always travel with a cellular hotspot.”

Educate as you give this season

Electronics, smart devices and online services that require good cyber hygiene are often near the tops of loved ones’ wish lists during the holiday season. Sparks said when giving gifts, the giver can also share what they know about how to protect their information and devices.

“The big thing for giving gifts to kids and teens especially is to educate them about the threats,” Sparks said.

Gary Sparks is a faculty member in the MCC Cybersecurity program, which was recently rated the No. 16 associate degree program in the nation for 2026 by Cybersecurity Guide. The MCC Cybersecurity program is a designated National Center of Academic Excellence by the National Security Agency. Visit mccneb.edu/Cybersecurity for more information about the MCC Cybersecurity program.