The holidays are approaching quicker than we think. Soon aisles in your Wal-Mart will have a certain level of cheer to them, the local radio station will be a lot more festive, and your email inbox will be swarmed with online deals to get you to spend those holiday bucks.
However, cyber-crime is never on holiday.
Any time of the year can be a ripe time for a cyber-criminal to steal your financial information when you’re browsing online for sweet shopping deals. Online shopping activity is stronger than ever, so hackers and thieves are on the lookout for mistakes just as much.
In the spirit of National Cyber Security Awareness Month, here are 10 ways to protect yourself while online shopping.
1. Ensure the website you’re visiting is secure and legitimate. It may be easier to click on a link rather than type a web address out when your shopping online. However, as fake websites masquerading as a legitimate source are becoming more frequent, it’s more secure to type the website address directly than to click on a potentially malicious link. Similar to how you spot a phishing attack, warning signs such as bad grammar, questionable URLs, and unprofessional design can be a giveaway. Having your favorite trusted websites bookmarked in your web browser is also a good tactic to stay safe.
Check the address bar for a lock icon and that the address begins with https://, instead of http://, to confirm the website is SSL encrypted. You can also customize some web browsers such as Google Chrome to force HTTPS to block unsecured websites from loading. While it is not foolproof, it's a much safe site to visit than one that is not encrypted.
2. Be careful about clicking links in emails for “hot deals.” If the deal is too good to be true, there’s a good chance it’s false. In the high amount of emails that hit our inboxes every day, catching an email about a “hot deal” can be very enticing. If you aren’t careful though, that link to a hot deal could lead to malware. Look at the sender carefully to ensure it is the correct sender and mouse over the link to verify where it goes to. An even stronger tactic would be to visit the website directly and search for the deal yourself.
3. Don’t divulge more than you need to. Like an app’s permission on a smartphone, think twice about allowing access or divulging more information than is necessary when shopping online. There is no way that something like a shoe shopping website should require your social security number or birth date. Only download shopping apps from trusted sources like the Apple App Store and Google Play Store and watch out for sites that use your bank account information rather than a debit card as that is unusual. For more information about app permissions and safety tips, visit our previous blog.
4. If possible, use a credit card instead of a debit card. Using credit cards can be a tricky endeavor for some, but it can be a way to protect yourself further if you happen to be compromised. Most credit cards have a $0 liability for unauthorized charges to your account and tend to be rectified quicker than debit card disputes. Keep an eye on your banking activity daily, and if you see any unusual activity, report it to your bank immediately.
5. If a site you use suffers from a data breach, change your login credentials IMMEDIATELY. Sometimes a company that gets data breached may state that the attack did not affect your login credentials. However, that doesn’t mean that there aren’t other vulnerabilities still open in their infrastructure left to be exploited. Regardless of what the company may say, if you have a login for a website that has been publicly cited as being the victim of a data breach, change your login credentials no matter what. Password managers are also a good way to keep your passwords safe and easy to update. For more tips about password managers and other ways to protect your passwords, visit this previous blog.
On-Demand food delivery service DoorDash recently was the victim of a data breach, affecting nearly 5 million customers nationwide. Though the company stated they will be contacting all users that may have been affected, if you have an account with DoorDash, change your password as soon as possible.
6. Avoid public Wi-Fi. Black Friday can be a hectic day for shoppers, many times opting to stop at their local coffee shop to open their laptop and see what other deals they can snag online while taking a breather. If you’re connecting to a public Wi-Fi hotspot to browse though, you may be a sitting duck for someone to intercept your online activity, including your login and credit card information. If you’re connected to a public Wi-Fi, do not log into ANY website, unless you are utilizing a VPN, or Virtual Private Network, to encrypt your connection.
7. Any shopping emails with attachments should immediately be trashed. Any shopping emails that come with an attachment, especially if it is a Microsoft Word document or PDF, do not click on it. Legitimate shopping venues wouldn’t ever send an attachment for you to download. Most retailers will provide coupons within the email to print (or to show on your mobile device), or a link for you to visit. However, any links need to be verified by hovering over them and ensuring the link is to a trusted site.
8. Keep your operating systems, web browsers, and mobile apps up to date. Hackers tailor many of their malware attacks to exploit vulnerabilities within outdated software. Keeping your Windows/macOS computers, iPhones/iPads, Android devices, as well as your mobile apps and web browsers patched and up to date keep your security at a high level. Many of these software updates are purely for squashing bugs and do not affect functionality of the device. This goes double for PC users still on Windows 7, as Microsoft will be dropping security support for Windows 7 in January 2020. For more information about the Windows 7 End of Life (EOL) initiative, download our whitepaper on the Windows 7 deadline.
Windows 7 EOL is coming. Make sure you are prepared to upgrade, or face losing Windows security updates if you are still on Windows 7.
9. Lock your screen when you walk away. It’s one of the easiest tactics that you can do to protect yourself not just when you are shopping, but for any online activity. If you are working on your device and must walk away to take care of something, always lock your device. For computers, here’s how to lock your screen:
- For Windows PCs: press the Windows Key + L.
- For MacBook devices: press Control + Command + Q.
10. Do not use any sensitive email addresses for online shopping. It may be safe to say that nearly everyone with online activity has at least two email addresses: one for your sensitive emails, and one for “spam.” When you are online shopping, consider using a spare email address, or even create a new one just for the occasion. You reduce the risk of compromising your email account containing sensitive personal information through this effort, since you may be more aware about opening or clicking on a link in a spam email. Plus, if that spare email is compromised, your contacts and other personal information from your main account is not affected.
No matter what time of year it is, every day is cyber security awareness day. So, when you’re looking online for that perfect gift for your friend’s birthday, take the time to thoroughly pay attention for any abnormalities before you divulge your credit card details.
neoRhino’s Security Awareness Team, certified IT consultants, and 24/7 helpdesk squad are here to help strengthen your online defenses. You can visit our homepage, see more about The War on CyberSecurity, or give us a call at (281) 779-4850, and we can manage your technology so you can manage your business.
