Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. Online shopping offers convenience and comfort not available from other shopping outlets. From the comfort of your home, you can search for items from multiple sellers, compare prices with a few mouse clicks, get great deals, make purchases without waiting in line, receive your receipt via email, and have them delivered to your front door. The increase in online shopping coincides with an increase in mobile device use, and more shoppers will be using specialized holiday mobile device applications to find the best deals.
Online shopping also makes it lucrative for attackers to trick buyers into paying for goods they will not receive or to obtain their private information for financial gain. The Internet is convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who can obtain this information may make purchases themselves or sell the information to someone else.
It is essential to take steps to protect yourself when shopping online. So, how can you defend yourself? Start with taking security precautions and thinking about the consequences of your online actions. Then you can enjoy the conveniences of technology with peace of mind while you shop online. Before you purchase that must-have item on your holiday list, make sure you that are doing everything that you can to avoid becoming a victim of cybercrime by checking out the following tips. You might think that these tips are apparent, but many consumers do not use them.
1 Select reputable sellers
Attackers may try to confuse you by creating malicious websites that appear to be legitimate. Fake websites can infect you the moment you arrive at them by way of drive-by-downloads, display malicious links, or expose you to a fraudulent checkout process.
- Select proper sellers: Limit your online shopping to sellers that are reputable and established. Such sellers usually have more robust online security. Verify the legitimacy before providing any personal or financial information. When you have questions about a seller, check with the Federal Trade Commission or the Better Business Bureau.
- Check website certificates: To make a website appear more authentic, attackers may obtain a website certificate. So, carefully review the certificate information, particularly the “issued to” information.
- Locate contact information: Confirm the physical address and phone number of the sellers in case you have questions or problems with your transaction or invoice.
2 Use a secure website connection
Many websites encrypt information via secure sockets layer (SSL). Look for a website address that starts with “https” instead of “http”. And look for a padlock icon that is closed instead of open. The location of the icon varies by web browser (for example, next to the address bar or at the bottom of the web browser window). Attackers may try to confuse consumers by adding a fake padlock icon. So, ensure that the padlock icon is in the appropriate location for your web browser. Use a web browser extension (such as HTTPS Everywhere) that attempts to connect securely to websites.
3 Understand what you are purchasing
- Understand the product: Read the seller's description of the product carefully, especially the fine print. Name-brand items with bargain basement prices could be counterfeits, out-of-box, damaged, or used. Compare the product descriptions of the sellers with the product descriptions of the manufacturers.
- Understand what it will cost: Check out websites that offer price comparisons. Factor shipping and handling cost into the total cost of your purchase.
- Read seller and product reviews: Read reviews to learn whether other consumers have had a positive or negative experience with the website and its products. Do not rely entirely on company or seller review information. Beware of fake customer review.
- Compare delivery dates: Add the delivery dates to your calendar. A Federal Trade Commission rule requires sellers to ship items as promised, or when no specific date is indicated within 30 days after the order date.
- Compare tracking options: Many sites offer tracking options so that you can see exactly where your item is located and estimate when you will receive your item.
- Compare return policies: Read return policies and other website information so that you know what to expect when the purchase does not work out as planned. Can you return your item for a full refund when you are not satisfied? When you return your item, who pays the shipping costs? Do you need to pay restocking fees?
4 Safeguard your personal and financial information
Once attackers gain access to your personal and financial information, they can do a lot of damage. So it is imperative to prevent this from happening, as fixing any problems afterward can be time-consuming and costly.
- Limit the amount of provided information: Be alert to the kinds of information being collected to complete the transaction. At checkout, you only need to fill out required fields. To shop online, you need to provide shipping location and payment information. Be suspicious of websites that ask for additional information (such as date of birth and social security number). Sellers do not need such information to sell you their products.
- Check your mobile shopping application: Only use mobile shopping applications that explain what they do with your private data and how they keep it secure. There is no legal limit on your liability with funds stored in a mobile shopping application. You are responsible for all charges made via your mobile shopping application unless the terms of service state otherwise
5 Use credit cards
Credit cards are protected by laws that limit your liability for fraudulent credit card charges. However, you may not have the same level of protection for your debit cards and other forms of payment.
- Stay within spending limits: Credit cards have spending limits, but debit cards do not. Use a single credit card with a low credit limit to make all of your online purchases. Because debit cards draw funds from your bank account, unauthorized charges could leave you with insufficient funds to pay other expenses.
- Use one-time credit card numbers: Use virtual credit cards that are specifically designed for online shopping. Many credit card providers provide on their website or via a mobile application one-time credit card numbers for each online purchase.
- Benefit from additional protection benefits: Some credit cards provide extra warranty, return, and purchase protection benefits. For example, use extended warranties, protection against damage to products immediately after purchase, assistance with claiming refunds, and identity theft protection.
- Contest fraudulent transactions: With credit cards, you are not liable when someone executes fraudulent credit card transactions, as long as you report the fraud promptly.
- Dispute disappointing transactions: Credit cards give you leverage when disputing transactions with a seller. Credit cards enable purchasers to request a credit from the credit card issuer when the product is not delivered or is not what was ordered. When using credit cards, the money you paid for a product is not counted against you until due process is complete. In contrast, with debit cards, you can only get your money back after due process is complete and you cannot get your money back unless the seller agrees to it.
- Use credit cards for payment gateways: When you use payment gateways (such as PayPal, Google Wallet, and Apple Pay), use credit cards rather than debit cards or bank accounts.
- Do not send cash, checks, or money transfers under any circumstances.
6 Do not respond to suspect messages
Emails, texts, social media posts, and pop-up windows are a popular means for attackers to install malware on devices or steal your personal and financial information. Attackers may create messages that seem to originate from legitimate sellers. Often, such messages tell you that need to take action immediately because something is wrong with your device, account, or transaction.
- Do not click on suspicious hyperlinks: When you receive a message that you did not expect, do not click on any of the provided hyperlinks. Instead, navigate to the homepage of the relevant website to login to your account and look for the relevant message, or contact customer support directly.
- Do not unsubscribe from suspicious emails: A significant source of click rates is the “Unsubscribe” button which will not stop the email spam. Instead, just mark the message as spam yourself.
- Do not submit personal and financial information via email, text, and social media: Attackers may attempt to gather information by sending messages via email, phone text, and social media posts. Such messages may request that you confirm purchase or account information. Legitimate businesses do not solicit this type of information through messages. Email, text, and social media is not a secure method of transmitting personal and financial information.
- Do not respond to suspicious pop-up windows: When visiting a website and a pop-up window asks for your private information or promises rewards for answering a question or taking a survey, close it immediately.
- Be aware of common scams: Information on many current scams can be found on the website of the Internet Crime Complaint Center which is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
7 Keep a record of your online transactions
It can be challenging to recall from which website you purchased a particular product. Keep saved and printed records of your online transactions in a safe location. Such records should include the product description, the price, the online receipt, and the e-mails you send to and receive from the seller. You may need these records to confirm your purchase, to track the shipment, and for warranty and return issues.
8 Verify your transactions
Even when you are careful, something unfortunate can happen at any time. Financial data leaks are not always your fault as many businesses are compromised, and their information falls into the hands of attackers. Always be suspicious, and always check the transactions that sellers and financial institutions report to you.
- Check your financial statements regularly: Carefully review your financial statements as soon as you receive them to confirm that all charges are legitimate.
- Setup activity notifications: Many financial institutions allow for setting up email, text, phone, and mobile application notifications of financial transaction and when specified thresholds (such as spend limits) are exceeded.
- Report suspicious activity immediately: Contact your financial company immediately when you have unauthorized charges on your account.
9 Be careful when shopping online in public settings
- Do not use public computers for online shopping: Public computers may contain malicious software that steals your payment information when you place your order.
- Be careful with public wireless hotspots: Open wireless hotspots are easily compromised. Criminals may intercept traffic on public wireless networks to steal personal and financial information.
- Limit online activities: Without using virtual private networks, limit the type of business you conduct over open public wireless connections, including logging in to critical accounts (such as email and banking).
- Use secure website connections: Refer to the section “Use a secure website connection” above.
- Use virtual private networks: Virtual private networks (VPN) establish a secure connection for all of your Internet traffic. In contrast, a secure website connection only protects traffic between your browser and that website. Your mobile device or computer may be sending private information via the Internet that you are not aware of and comfortable with. When selecting a VPN vendor, ensure that their software prevents all Internet traffic on insecure networks when no VPN connection is active yet or anymore.
10 Use dedicated devices for online shopping
Many viruses and malware are transmitted through casual web browsing. Use a separate device for online shopping, and other devices for email, social networking, banking, work, etc. Many major sellers now have dedicated mobile applications. Mobile applications are more secure online shopping channels than websites since malicious hackers need to create specific attacks for specific mobile applications.
11 Protect your devices
- Protect access to devices: Always assume that you may lose your mobile device the next day in a busy public place where it can fall into the hands of someone with ill intentions. Secure access to your devices via strong passcodes, biometrics (such a fingerprint and facial recognition), multiple-factor authentication, etc.
- Keep software updated: Unpatched software is a frequent cause of malware infections. Keep all operating system and application software up to date on devices that are connected to the Internet. On computers, install antivirus and antispyware software and confirm that your firewall is enabled. Use an updated web browser to help secure your cookies and cache while preventing data leakage.
12 Use strong authentication
Fortify your online accounts by enabling the most robust authentication tools available (such as biometrics, security keys, and multiple-factor authentication). Your usernames and passwords are not sufficient to protect critical accounts (such as email, banking, and social media).
- Select a secure password: A safe password is a sentence that is at least 16 characters long. Use a remembered phrase mixed with uppercase and lowercase letters, numbers, and special characters to create a password that is difficult to crack. Avoid using names of family members, birthdays, and anniversary dates.
- Use a unique password for each account: Select a different password for every account. At least separate your personal and work accounts, and make sure that your critical accounts have the most robust passwords.
- Use multiple-factor authentication: Major websites allow two-step verification. Such websites send a one-time personal identification number to your mobile phone coupled with a password while logging in. Or use an application on your mobile device that displays a personal identification number that changes once per minute.
And after you return from your Thanksgiving holiday, you may want to review the infographic “Protect your data with IDERA”.