From phishing attacks to open WiFi networks, it’s important to know the risks. Keep in mind the following advice then, and stay safe at the checkouts this season.
Beware of unknown stores
You may see a good deal on the website of a travel agent, a retail shop or maybe even a DIY store. However, before proceeding, your first question should always be ‘do I trust this business?’
Why should you ask yourself this question? The simple answer is that there are a number of insecure – and even malicious – websites on the internet and you need to be sure you can trust them, before sharing your credit and debit card details.
For example, in the past there have been ecommerce vendors that took payment, but which never shipped the goods, or those which delivered defective products and without a warranty or guarantee.
Meanwhile, while the business may be reputable, the website may be insecure. A number of ecommerce websites have been infected with malware down the years, while it’s not uncommon for the same said sites to also have an invalid SSL certificate – increasing the chance of a third-party pretending they are the legitimate site.
In addition, some of these websites might store customer passwords in plaintext – rather than hashed and salted as recommended. This is bad news as an attacker gaining access to that company’s database would have direct access to customer accounts – they wouldn’t even need to crack the encryption or guess the passwords.
This is why it’s always worth looking around, checking privacy policies and vendor terms and conditions before buying with a store you don’t know. If you don’t like the look of the site you’ve visited, leave it, and shop elsewhere.
Get ready for phishing offers
Phishers will always try and catch out unsuspecting victims with an attractive email or link, and this is especially true at summer, a time when consumers are on the lookout for a good deal.
Criminals might, for example, send you an email promising a discount at your favorite retail store, or an all-inclusive package on a holiday. They might also try and tempt you with eye-catching links shared on Twitter and Facebook.
To avoid the lure of a phishing email, look out for emails and tweets from people you don’t know, check the content carefully for any inconsistencies, and if in doubt, search the deal or store online using a recognised browser.
Use respected (and secured) payment methods
Wherever you are shopping this summer, pay close attention to the payment methods and how secure they are.
Ideally, you should look for vendors to use known secured payment platforms, if paying by credit card on a website.
You should always shop at websites that are encrypted – the ones which start with ‘HTTPS’ in the address bar. This ensures that the connection is only between you, the buyer, and the selling company and that it can’t be intercepted by a third-party.
Be careful on Facebook
Facebook is increasingly a place to trade goods and services, but that doesn’t mean it’s free from dangers.
The social media platform will often serve ads to unknown or suspicious websites, offer links to others with no or invalid digital certificates and more. And obviously, avoid sharing your payment details directly via a message– you don’t know who has access to the receiver’s Facebook account.
Always shop on trusted networks, avoid open WI-FI
You need to think carefully not only on how you shop online, but also where you do this – is it at home or over a public and unsecure Wi-Fi network?
You’d be surprised by the number of people who share all kinds of information over an unsecured coffee shop or hotel Wi-Fi hotspot. This is dangerous because attackers can conduct a Man-in-the-Middle (MiTM) attack on these unsuspecting users to sniff their traffic, steal credentials and more.
If shopping at home, you are not immune from attack although the risks are lower providing your machine is up-to-date and you have a security solution. But you could also improve your security posture by disabled adds-on and plug-ins before shopping, as this lowers risk of unauthorised access to shopping habits and payment details.
Use strong passwords or a password manager
Studies have shown that people who have more than 20 online accounts and who are very active on the Internet are more likely to reuse passwords, and this – according to a Javelin Strategy and Research report makes them 37 percent more likely to have those accounts compromised.
As a result, you should always look to use strong passwords, with upper case, lower case, numbers and symbols. You should also look to change passwords for each account, avoiding using the same password twice. If you’re struggling to do this, you may want to consider downloading a password manager.
Be smart about phones
If you’re shopping on a smartphone or tablet you might think you’re immune from attack, but this is not the case. Cybercriminals are increasingly targeting mobile devices, so you need to ensure your security is as good on mobile as it is on desktop/Mac.
For mobile shopping, there are a few things you can do to reduce the likelihood of attack.
For starters, you should only ever shop with apps downloaded from authorised app stores. Third-party stores are less common these days, but they do still sometimes host malicious apps designed to steal personal data.
You could also delete apps you don’t use and turn off wireless networks when shopping in a public location, using just cellular data instead. This last point is to prevent an attack, which could see criminals direct you to a spoofed Wi-Fi hotspot name in order to steal your credentials, and then your bank details.
You might also want to turn off Bluetooth and Wi-Fi to reduce the chance of a retail store tracking you so they can send you spam.
Use your credit card
Credit cards should be used when shopping online. Not only are they disconnected from your main bank accounts, but they they are also insured against fraudulent charges. There’s also less chance of identity theft and a better chance of getting a refund in the case of illegal activity.
You might also want to consider getting a single-use credit card. Most banks offer these with customisable time frames and money limits, to protect real credit card numbers from the criminals.
Get the basics right
It sounds tedious, and is often-repeated, but before shopping online at any time, you really must make sure your IT security is up to scratch.
This involves doing a lot of the basics, such as installing a security solution, and regularly updating software. You should also look to add passwords for your desktop lock screen and a PIN for your smartphone, while considering a password manager, two-factor authentication (2FA) and maybe even a VPN for more private browsing.
One PC or two
The more computers, tablets and mobile devices you use with your credit card information, the more you’re at risk for fraud. Stick to just one or two machines if you can.
Author Editor, ESET