Wednesday, November 25, 2020

Follow these online shopping tips to stay safe this holiday season


 Cyber Monday is right around the corner and cybercriminals are gearing up to take advantage of unsuspecting people during the biggest online shopping day in the United States.  It’s especially important this year, as many people will be foregoing their annual shopping trips to potentially crowded malls and stores to avoid the risks of contracting Covid 19.

As usual, cybercrooks will try to lure you into giving up your personal information like your credit card numbers, usernames and passwords, social security number and even date of birth by doing the following:

  • Creating fraudulent (but real-looking) web sites and email messages
  • Intercepting insecure transactions
  • Targeting computers that are not running the latest security patches, have minimal or no antivirus software on them or are already infected with malware.

Fortunately, with a little foreknowledge and some precaution, you can avoid many of these cyber-threats.  Think of these eight steps recommended by IT security professionals, as the same type of common-sense things you’d do when shopping in person: like locking the car and putting away your cash or credit card when you’re done with your purchase.

Shop reliable websites and get there safely

If an offer sounds too good to be true, it probably is. Don't be fooled by the lure of great discounts from unfamiliar websites or companies you may not have heard of.  Most likely they are fake! Use the sites of retailers that you know and trust, and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link. Also look closely at the names of the company and make sure they are who you think they are. Many scammers may try to fool you by misspelling or using a look-alike name of a better known company (for example Wallmart.com or Wal-Mart.com instead of Walmart.com or Amazzon.com instead of Amazon.com)

Beware of seasonal scams

Fake package tracking emails, fake e-cards, fake charity donation scams, and emails requesting that you confirm purchase information are another common tactic cyber criminals use this time of year.  Treat every message you get like this as suspicious and use known, trusted web address instead of clicking on the links in these messages. If you don’t know the URL of a charity or company look it up and confirm it across several websites. Which leads us to our next tip:

Graphic courtesy of Kaspersky Labs https://www.kaspersky.com/

Conduct research 

When considering a new website or online company for your holiday purchases, read online reviews of it on other websites to see whether others have had issue with them. Never trust the reviews on the company’s web site itself. You can use sites like Yelp.com, Better Business Bureau and Consumer Reports to help you rate shopping sites, while the Federal Trade Commission recommends using BBB Wise Giving AllianceCharity NavigatorCharityWatch, and GuideStar to check out charitable organizations .

And remember, if a site looks suspicious, avoid it!

Think twice before clicking on links or opening attachments

Even if links appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank, messages can easily be faked. Use known, trusted URLs instead of clicking on links. And only open known, expected attachments. If in doubt, use a phone number you know to call your bank, a store or your contact and find out if they really sent you that attachment. I you can’t do that and still are in doubt, throw it out!

Make sure your device is patched and up-to-date

Before shopping online at anytime of the year, you should always make sure your device, apps, browser, and anti-virus/anti-malware software are patched and up to date. Make sure automatic updates are turned on and periodically restart your devices to ensure that updates are fully installed.

Protect your passwords

Never reveal your passwords to anyone. Make them long, strong, unique, and use multi-factor authentication (MFA) wherever possible. MFA requires you to have a second device – most often a cell phone -- that a message can be sent to, to ensure it’s really you trying to log into some website and not someone who may have stolen your username or password.

Use different passwords for different accounts and don’t use the same passwords you use at home for work accounts and vise-versa. We IT pros know that doing that is cumbersome and it’s hard to remember all those passwords, but that is what cybercrooks count on! They know that if they crack one of your passwords they will often be able to gain access to all your other accounts as well!

To help you remember all those different passwords consider using a password manager such as LastPass or RoboForm to store all them. That way you only have to remember one master password. Better yet buy a small notebook like an old-fashion address book and write down all your usernames and password in that and always keep it in your desk at home.

And finally, don’t let your apps and websites remember your passwords. If your device is ever stolen or lost, whoever finds it will then have a record of all your usernames and passwords.

Check your credit card and bank statements regularly

These are often the first indicators that your account information or identity has been stolen. If there is a discrepancy, report it immediately.

If you have the option, turn on text alerts. Most banking apps and sites provide them and allow you to create alerts for things like transactions over a specified dollar amount or a daily text summary of your current balance. Getting these types of alerts can help you to spot signs of unusual activity before thousands of dollars are either charged or withdrawn from your accounts.

Lastly, check your credit report at least annually. The Federal Trade Commission provides information about getting free credit reports and what to do if you find discrepancies.

Secure your home WiFi

To prevent eavesdroppers and data thieves, ensure that you have a strong passphrase (12 characters or more with your wireless network set to WPA-2). Change your network’s name (SSID) from the default to something that does not obviously belong to you. Limit who has administrative access to your home network. Finally, log into your wireless router periodically to check for software updates (many home routers don’t auto-update).

Get savvy about WiFi hotspots and public computers. Treat all WiFi hotspots and public computers as compromised, even if they appear to be safe. Limit the type of business you conduct on them, including logging in to key accounts, such as email and banking, and shopping. And set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure or fraudulent hot spot.

Following all these tips may sound like a lot to remember, but they’re really no different than the precautions you’d usually take when planning a shopping trip to the mall during the busy holiday season. And they are certainly easier than trying to find that coveted parking spot close to the entrance in a crowded lot!

No comments:

Post a Comment