Cybersafe Shopping Tips for the Holidays

Online thieves and attackers want gifts under their trees too!

As shoppers eagerly hit the Internet on Black Friday and Cyber Monday to score great deals, online crooks are not far behind lurking to victimize and get great deals too. According to TransUnion credit bureau, someone falls victim to online thieves every 19 minutes.  These online attackers will be out in full force to steal your money during the two busiest online shopping days of the year. Fortunately, there are a variety of ways you can protect yourself.

1. Steer clear of shady websites.  During the holidays, cyber-criminals lure gift buyers to fake website promising staggering discounts and rock-bottom prices. Be cautious when shopping on sites you haven’t used in the past. Opt for websites with an “https” prefix. The “S” stands for secure and signifies that the website is secure.

2. Look for green padlocks. The presence of a closed padlock icon in your browser’s window tells you the website’s owners purchased a digital certificate proving that they own the domain and it is not a fake. A gray padlock guarantees the domain is valid and the connection to it is encrypted. A green padlock indicates not only a secure connection, but also that the owners of the domain are who you would expect them to be. For example, XYZ.com is owned by XYZ Company. Clicking (or double-clicking) on a genuine padlock icon will display security information about the site. Note that some fraudulent websites display a non-functioning padlock image meant to fool you.

3. Beware of unsolicited emails.  You’ll  email messages with a too-good-to-be-true headline like “Insane Cyber Monday Deals: 80% off.” These emails are “to good to be true” and likely spam/phishing emails.  Phishing emails disguised as legitimate-looking messages from a trusted company may slip under your radar—and get you to provide requested information without thinking twice. It’s important to double-check the email address of senders with whom you did not initiate contact. With the exception of retailers whose email lists you subscribe to, send all promotional emails to your junk folder.

4. Be serious about your passwords. If you do a lot of online shopping, you likely have a number of online accounts. If you’re like many people, you use the same password for many or all of them. If your details are compromised on one site, criminals may have all the information they need to access the others—including your banking information. Create unique, complex passwords (if possible pass phrases) for all of your accounts.  If pass phrases are not possible, ensure you create a password that include a combination of upper and lowercase letters, numbers and special characters.

5. Take caution to free Wi-Fi. It’s tempting to make purchases while taking a break in a mall’s coffee shop, but it’s a bad idea. Public Wi-Fi hotspots are virtual playgrounds for cyber criminals who monitor the networks and capture unencrypted data sent to or from electronic devices. Even if you use encrypted communication like, HTTPS, cyber criminals will act as free Wi-Fi spot to insert themselves in the middle of web communications and trick you to go through their website go get to the site you were going.  For example, you surf to xyz.com but in fact, because you connected to the criminal’s Wi-Fi, you went through badguy.com to xyz.com but you know no better because it looks just like xyz.com.  The attacker will then take whatever action it wants during your web-surfing (information gathering, traffic alteration, etc.), re-write the webpage request, then send it to the intended site, xyz.com and then back to you.

Use public Wi-Fi for general Web surfing, but don’t enter sensitive information while using them. Wait until you are on a protected network to make online purchases or log into your bank’s website.

5. Security at home and on-the-go.  Installing and keeping antivirus, spyware protection, anti-malware and firewall software on computers, cell phones and tablets makes life difficult for cyber-crooks. In addition, operating system (OS) updates usually address known security vulnerabilities and typically include enhanced security measures to protect mobile apps and data, too. Make use of these tools and make sure all are up-to-date.

6. Beware of fake apps. An app may display a reputable company’s logo, but it doesn’t necessarily mean that it was created by that company. For example, a study by Trend Micro found that there are fake versions of 77% of the top 50 free apps in Google’s Play Store. The phony versions often mimicked the real ones and functioned like them. However, many contained malicious code capable of harvesting banking credentials and credit-card information.

7. Limit app permissions. Mobile apps often request permission to access information on your device. Some apps access only the data they need to function, while others mine data that isn’t related to the purpose of the app. Whenever you provide information, you never know who is collecting it: an app developer, app store, advertiser, ad network—or a cyber-criminal. Don’t install apps that require excessive permissions to your personal data. Instead, search for alternative apps that provide the services you want without requiring you to name your next of kin.

Sources: onguardonline.govconsumer.ftc.govic3.gov