Getting Ready for the Holidays: Your Cyber Guide to Safe Holiday Shopping

istock 873879216

Whether you are buying gifts for those on your holiday list, spending year-end budget on new technology for your company or home office, or have employees who will likely be doing some of their online holiday shopping at work, it always pays to be careful. While retailers are gearing up for the biggest shopping season of the year, they aren’t the only ones getting ready. The holiday shopping season is also a big event for cybercriminals. 

80% of computer users with an Internet connection have purchased something online in the past month. That number is likely to go up between now and the end of the year. And cybercriminals are ready with fake shopping sites, phishing and email scams, infected web links and applications, and techniques to steal personal and financial data. Which is why it is always worthwhile this time of year to review safe cybershopping tips with your employees. 

- Pay attention to where you are. 

WPA2, the protocol used to encrypt data moving between a computer and wireless access points, was recently broken. Which means you may want to think twice about doing your online shopping using the public Wi-Fi at your local coffee shop. 

There are a lot of ways for someone to intercept a connection and use it to steal personal information. It can happen when someone broadcasts his or her device as “Free Coffeshop Wi-Fi” and you connect to that fake access point. The hacker then connects you to the Internet through his device and then captures all the traffic moving between you and your online shopping site, bank, or social media accounts. 

- Use protection

  • Patch and replace. Make sure all connected devices are updated and patched. The same security concerns for laptops apply to mobile devices. Some believe that a mobile device is more secure, but that assumption is increasingly inaccurate. 
  • Watch for fake apps. Be careful when downloading new apps, especially on android phones, as there could be malware along for the ride – especially for apps not downloaded from the official Android apps store.
  • Limit your exposure. Consider setting up a VM on your computer just for shopping. That way, if you happen to get infected with malware downloaded from a compromised site it will be isolated to the VM and should not be able to access other sensitive data.
  • Use your credit card and not your debit card. Most credit cards have built-in fraud protection. Learn more about what protections your card provides, and consider adding things like two-factor authentication when accessing bank accounts online.
  • Make sure your connection is secure. Look at the URL bar of your browser and make sure that the address starts with https:// rather than http://, or look for the little lock icon on your browser. These mean that a transaction is protected using SSL encryption.
  • Use VPN. When possible, shop using a VPN (virtual private network) connection. If you are going to be online in public places frequently, there are a number of low cost/no cost VPN services that will ensure that your connection is always protected. 

- Know where you are shopping

  • Don’t click on links in an email or on a web site unless you check them first. Hover your mouse over a link to see the URL. Look at it carefully before you click it. Does it look normal? Is the name too long or does it contain lots of hyphens or numbers? Is it the same as the address at the bottom of your browser? Does it use the name of other popular brands or sites? Does it replace letters with numbers, such as amaz0n.com?
  • Look up the URL. Domain search sites like who.is can provide a variety of information, including when the site was first created, where they are located, and information about the owner. If in doubt, copy the URL of the site you are visiting and drop it into the who.is search engine. Be suspicious of anything that has only been online for a very short time or that is registered in another country.
  • Use your search engine to look for online reviews and ratings of an unknown or unfamiliar site before you shop there. Use words like fraud or scam in your search.
  • Look at the website design. Does it look professional? Are the links accurate and fast? Are there lots of popups? These are all bad signs.
  • Read the text. Bad grammar, unclear descriptions, and misspelled words are all giveaways that the site may not be legitimate.
  • Be skeptical. Unusually low prices and high availability of hard-to-find items are red flags for scam sites. Sure there are some good deals out there. But people invented the phrase “too good to be true” for a reason.
  • Make sure to use a secure checkout system that accepts major credit cards. Avoid sites that require direct payments from your bank, wire transfers, or untraceable forms of payment. 

- Track your purchases

  • Look at your bank and credit card statements online during heavy shopping periods, rather than waiting for your statement to arrive in the mail weeks later. The quicker you spot unauthorized transactions the faster you can get them resolved and limit your exposure. 

As our ability to purchase items, make online transactions, and connect to others through smart devices gets easier, we need to understand that these conveniences come with risks. Cybercriminals are determined and informed on the latest trends and how to exploit them. Which is why we need to take the time to educate ourselves - and our friends, family, and coworkers – about shopping carefully so we can have a happy, and safe Holiday season.


Copyright © 2017 IDG Communications, Inc.