With Thanksgiving leftovers finally gone, we’ve officially entered into December. For many of us, December is a favorite time of year as we prepare our hearts for the celebration of Jesus’ birth. With December comes a lot of joy but if we’re honest, it can also bring a lot of stress and one of the areas of stress can be gift giving. Again, some may have this area under control and have planned and shopped throughout the year or maybe took advantage of Black Friday or Cyber Monday deals but I would suspect that most of us still have some gift buying to do.
In fact, in speaking with my parents the other day, my dad, who is 70 years old, mentioned that (although my mom is usually the shopper), he’d like to get me a little something this year. He asked me if there was anything that I really wanted, however, much to my surprise he followed that up with, “you know I’m buying items on eBay now, so it doesn’t have to just be something from a store”. My first thought was “wow, my dad is hip!” and then my second thought was “is he aware of the dangers of online shopping?”
Because the volume of people doing online shopping is so high during the holidays and because we have many “active” cyber-shopping days left before December 25th, the focus of the blog will be Tips on the ins and outs of online shopping from an Internet Security perspective. Due to the high volume of online transactions during this time, cybercriminals are out to capitalize. Right now Computer users are at the greatest risk of cybercrime, as attackers target online transactions during this season more than any other throughout the year.
Before jumping online and shopping away, I’d suggest the following preparations for a safe shopping experience.
(1) Make sure that the computer or mobile device (Smartphone, Tablet) you’re using for online purchases is well protected with a good and up-to-date anti-virus and/or total security solution (ie. Thirtyseven4 Antivirus). Here at Thirtyseven4 we are literally updating for tens of thousands of new malware each day. Having antivirus software installed is a start but it also needs to be up-to-date.
(2) Make sure that you have downloaded and installed all the latest system security updates (such as Operating System: ie Windows Updates, Browser: Internet Explorer, Chrome, Third Party Software: Java, Adobe, etc.). As Heartbleed and other recent website hacking breaches have shown, there is no longer such a thing as a “safe” website in today’s day and age. Regular software updates are frequently released for the OS and browser to patch for new exploits and vulnerabilities.
Decide your payment method beforehand:
The next bit of advice I’d like to offer is to use a credit card instead of a debit card for online purchases. Disputing a fraudulent credit card purchase with a major credit card company and getting that charge reversed will likely take as little as 5 days. However, you can expect the process for recovering lost checking account money with your bank to (usually) take 4 to 6 weeks for the entire process to complete. And this should not have to be said, but just in case … Never put cash in the mail.
Furthermore, I would recommend setting up a “dedicated” credit card to be used for your online purchases only. Have this credit card setup with a low purchasing (dollar) limit. Setting a low credit limit will minimize your exposure to financial loss in the event that you fall victim to a fraudulent scam.
One more thing, you also may want to consider setting up a Paypal account for online purchases where your purchases can be guaranteed.
Where NOT to online shop!
(1) Never shop online from an unknown or public computer (i.e. hotel business center, library terminals or from a “cyber cafés”). It’s always advisable to use your own secure computer for such purchases. As the saying goes, “There’s no place like home.”
(2) Never finalize your online purchase transactions using publicly available open Internet access or over an unsecured Wi-Fi. Do you know that Hackers intentionally setup non-encrypted hotspots to lure users to connect with the intent to steal your login information, banking information and credit card details? I am not saying never connect to a free Wi-Fi but I am saying don’t do your online shopping over an open one. Use public Wi-Fi to ‘window shop’.
(3) When making online purchases verify that the address of the payment webpage (ie. the Checkout page) starts with https. The “s” equals ‘secure’. This ensures that the browser is encrypting your data before sending it to their processing server. This means your information remains hidden and safe. Also, FYI: https sites will have a padlock next to the browser window as well. If the “s” or padlock is missing do not proceed.
(4) When purchasing the latest must have item for your loved one, avoid using completely new and unknown websites. If a deal appears to “good to be true”, it probably is. You need to trust your instincts. However, if purchasing from a smaller business (we certainly support purchasing at Small Businesses), I would suggest verifying that they have a working contact number. I’d also suggest checking out their return policy.
Scams and tactics to be on the lookout for…
Watch out for phishing emails and other online scams. Use your common sense and protect yourself against phony deals. As referenced in a previous blog, the term phishing refers to the technique used by cybercriminals to acquire your personal data by masquerading as a legitimate business entity. Not every email you receive pretending to be from a big box retailer like Best Buy or Target or Home Depot, will actually be from them. This brings me to the next point…
Never take advantage of the retailer’s offer by directly clicking on a link or an embedded button received within an email. It is always recommended to visit the website by manually typing in the website into the browser. The deal within the email, if legitimate, will most likely be seen from their home page as well. The same logic goes for banking emails. Many of these phishing emails claim your account has been compromised, etc.
Be careful what you ‘Like’ or click on Facebook. Many so-called amazing fraudulent offers are being posted on Facebook. These offers direct users to bogus websites or trick users into Liking their “must read” posts so that their scams can spread. This is a technique called Likejacking.
Tips when at the online Checkout.
When creating an online account through a retailer, take the extra time to create a Strong password. Strength of a password is measured by a combination of its length and complexity (mixing in numbers, letters, capitals, symbols, etc.). And believe it or not, length plays a bigger role in password strength than complexity. Passwords should be at least 8 characters in length but 12 characters or more should be the norm. Avoid creating common passwords (ie. 123456, password, etc.), personal passwords that can be easily guessed or using the same password on multiple sites.
If available through your antivirus vendor provider, it is always a good idea to use a safe banking or similar feature that runs your browser in a sandbox while completing the checkout. Such a feature prevent keyloggers from stealing your credit card details and password. For example, Thirtyseven4 offers a Sandbox Browser module.
Next, limit the information you supply in checkout forms to the required fields. Many times the information supplied in the optional fields are shared or sold to third parties according to their privacy policies. Be careful for ‘Form Grabbers’, malware created to steal and retrieve form information before it is submitted online.
From a mobile device side of things.
If purchasing App’s on your Smartphone, always make such purchases using the official App Stores (Android Market through Google Play, Apple Store, Amazon App Store, etc.).
If making purchases using your Smartphone, it’s highly recommended to use store specific and genuine app on your smart phone for online shopping. Most of the e-stores like Amazon, Best Buy have their own apps for Smartphone purchases.
Post online purchase advice.
Whether you’re making your purchases now or made them last week or earlier in the year, remember to regularly and carefully check your credit card and bank statements for any fraudulent activity. Secondly, print and save records of your online transactions. It is important to create and have a paper trial in case any transactions may have to get disputed in the future. Additionally, keep track of your online receipts and email exchanges with retailers.
Lastly, be careful of Voice Phishing using the telephone, a term called Vishing. These fraudulent calls many times trick a user into entering in their credit card number in response to a fake online transaction or because the person or automated voice disguised themselves as calling from a fraud department of a credit card company, or they may report that you have a malware problem due to a holiday purchase and remote connection is necessary. We received a message on our home phone just tonight that was a perfect example of Vishing. The message sounded urgent and she referred to an outstanding fee for our trash disposal. It said we owed money and wanted credit card information to pay it, unless we had paid it already within the last 48 hours. Don’t be fooled by messages/people like this. It’s a shame that they are making their living in dishonest ways, but our best defense is awareness and education. Don’t fall for it!
In closing, do not be discouraged from shopping online this Christmas season. Many of the deals are too good to pass up! Simply be smart in your transactions, and be informed about the pitfalls and the safest ways to handle online shopping. Simple steps can keep your Network, and your personal information/financials safe. And remember ultimately it is not the gifts or the glitter; Celebrate the true meaning of Christmas. Merry Christmas!