Individuals and retailers aren’t the only ones getting ready for the biggest shopping season of the year. The holiday shopping season is also a big event for cybercriminals. Every holiday season, security researchers document spikes in online criminal activity, ranging from phishing scams, fake shopping sites, and credit card skimming software, to malicious and compromised applications being posted in online app stores.
Here are a few tips to help you have a happy – and secure – holiday shopping season.
• Start by making sure your devices, software, browsers, and applications have all been patched and updated to the latest versions.
• Make sure that your devices have security tools installed, such as antivirus and VPN, and that you know how to use them.
• Get your passwords under control.
o Update older passwords with newer ones that are harder to guess but easier to remember.
o Don’t use the same password for different accounts. If needed, use a password vault that keeps track of all of your passwords for you.
• Shop with your credit card and not your debit card. Many credit cards include fraud protection. They can also be turned off without freezing your other resources. Also, make sure that your credit card provider will alert you to suspicious card activity.
Go the extra mile
• Every browser supports secure transactions using SSL encryption. But to be safe, make sure your connection is secure before you push the “purchase” button. You can do this by looking at the URL bar of your browser and making sure that the address starts with https:// rather than http://.
• When possible, shop using a VPN (virtual private network) connection. That way, even if your communications are intercepted, they will be useless to cybercriminals because your data is encrypted. If you are going to be online in public places frequently, there are a number of low cost/no cost VPN services that will ensure that your connection is always protected.
• For more technical users, consider setting up a VM on your computer just for shopping. That way, if you happen to get infected it will be isolated to the VM and criminals should not be able to access other sensitive data on your device.
• You can also further secure access to sites by setting multi-factor authentication. Many online sites such as banks support two-factor authentication to doubly secure your financial data.
• Everyone has heard that you shouldn’t click on links in an email or on a web site unless you know they are safe. However, about 1/3 of users do it anyway. One way to conquer your curiosity is to know what that link leads to.
o Hover your mouse over a link and you should be able to see the URL either as a pop-up or at the bottom of your email or browser page.
o Look at it carefully before you click it. Does it look normal? Is the name too long or does it contain lots of hyphens or numbers?
• Look up the URL before you click on it. You can do this by copying the URL of the site you are visiting and drop it into a domain search engine like who.is. This will provide a variety of information, such as when the site was first created, where they are physically located, and information about the owner.
• Start by look at the website design. Most cybercriminals do not have the time or resources to make an exact duplicate of the site they are spoofing, or to develop their own fake shopping site. A little looking around can go a long way to helping you decide if you should stay or go.
• Next, read the text on the website. Bad grammar, unclear descriptions, and misspelled words are all giveaways that the site may not be legitimate.
• Remember that of it’s too good to be true, it usually is. Of course, there are sometimes really great deals for things on the internet. But in general, unusually low prices and high availability of hard-to-find items are red flags for scams and vendors selling knock-offs.
• Finally, make sure the checkout system accepts major credit cards. Avoid sites that require direct payments from your bank, wire transfers, or untraceable forms of payment. Where possible, use things like PayPal or Verified by Visa payment systems to protect yourself and your assets.
An ounce of prevention
People looking to take advantage of unsuspecting consumers have been around as long as there have been marketplaces to shop in. Today’s cybercriminals are no different. They are not only technically savvy, they also recognize the latest consumer trends, understand the underlying assumptions shoppers make, and know how to exploit them. However, by taking the time now to educate ourselves and others, we can have a productive – and safe – holiday shopping experience.
Information courtesy of Doros Hadjizenonos, regional sales director at Fortinet