Reading Time: ~ 4 min.
The holiday shopping season is prime time for digital
purchases and cybercriminals are cashing in on the merriment. With online
shopping officially becoming more popular than traditional
in-store visits this year, all signs point to an increase in cyberattacks.
It’s more important than ever to be mindful of potential dangers so you can avoid
getting Scrooged when buying online. Follow these top tips for secure online
shopping.
Only use credit cards. If your debit card gets compromised, it has the
potential to cascade in catastrophic ways; automatic bill payments may bounce
or overdraft protections may drain secondary accounts. Some banks also have
strict rules about when you need to notify them of suspected fraud, or else you
could be liable for the costs.
On the other hand, the Fair Credit
Billing Act provides some protections for consumers from
unauthorized charges on credit cards. Additionally, it’s much easier to have
your credit card replaced with new, uncompromised numbers and details than it
is with bank account info.
Be
cautious of deal and discount emails. During the holidays, there’s always a spike in
physical and electronic mailers about special deals. At this point, we’re all
used to that. We might even wait to buy something we want, knowing that it’ll
probably go on sale during holiday clearance. Unfortunately, criminals use this
expectation against us by sending cleverly crafted phishing emails to trick us
into compromising our data.
Always be cautious about emails from unknown senders or even trusted
third-party vendors, especially around the holidays. Always navigate to the
deal website separately from the email — don’t just click the link. If the deal
link can only be accessed through the email, it’s best to pass up on those
supposed savings. It is also prime time for emails offering “free
giftcards” avoid those like the plague.
Never make purchases without HTTPS. Check the URL—if it doesn’t start with HTTPS,
it doesn’t have SSL encryption. SSL (secure sockets layer) encryption is a
security standard for sharing information between web servers and a browser.
Without it, your private information, including your credit card number, can be
more easily intercepted by cybercriminals.
Keep in mind: HTTPS only ensures that the data you send will be encrypted on
the way, not that the destination is legit. Cybercriminals have started to use
HTTPS to trick website users into a false sense of security. That means, while
you should never send private or financial data through a site that doesn’t
have HTTPS, you shouldn’t rely on the presence of HTTPS alone to guarantee the security of the page.
Don’t make purchases on devices you don’t personally
own. If you’re using a borrowed or shared device, such as a computer at
a library or a friend’s phone, don’t make any purchases. Even if it’s a
seemingly safe device that belongs to a person you know and trust, you have no
way of knowing how secure it really is. It’s pretty unlikely that you’ll encounter
a lightning deal that’s worth the hassle of financial fraud or identity theft.
So just wait on that purchase until you can make it on your own device.
Never use unsecured public WiFi for online purchases.
Many public WiFi networks, like the ones at
your local café, the gym, a hotel, etc., are completely unsecured and unencrypted. That means anyone with the know-how
can easily track all of your online activities while you’re using that network,
including any login or banking information. Even worse, hackers are capable of
dropping viral payloads onto your device through public networks, which can
then spread to your other devices at home.
Always use a VPN when you’re on public WiFi, if you have to use it
at all. Otherwise, we suggest using a private mobile hotspot from your phone
instead. (See our section on VPNs below.)
Use a password manager to create strong passwords.
You
can often stop a security breach from spreading out past the initial impact
point just by using a trusted password manager, such as LastPass, which will
help you create strong passwords. A password manager will create and store them
for you, conveniently and securely, so you don’t have to remember them or write
them down somewhere. Taking this step will help protect you from potential
third-party breaches as well, like the one Amazon
announced just before Black Friday in 2018.
Encrypt your traffic with a virtual private network (VPN).
A
VPN allows you browse privately and securely by shielding your data and
location in a tunnel of encryption. So even if you are unwittingly using a
compromised network, such as the unsecured public WiFi at your favorite morning
coffee stop, your VPN will prevent your private data from being scooped up by
cybercriminals. But be sure you’re using a trusted
VPN—many free options secretly collect and sell your data to turn a
profit.
Install antivirus software and keep it up to date. A
VPN will protect your data from being tracked and stolen, but it can’t protect
you if you click on a malicious link or download a virus. Make sure your antivirus
software is from a reliable provider and that it’s not only installed, but up
to date. Most antivirus products today will even update themselves
automatically (as long as you don’t turn that feature off), so make sure you
have such settings enabled. It may make all the difference when it comes to
preventing a security breach.
Keep a close eye your bank and credit accounts for suspicious
activity. The fact of the matter is that the holiday season
causes a peak
in malicious online activity. Be proactive and check all of
your financial records regularly for suspicious charges. The faster you can
alert your bank or credit provider to these transactions, the faster you can
get a replacement card and be back on your merry way.
Don’t fall victim to cybercrime this holiday season.
Be mindful of all the links you click and online purchases you make, and be
sure to protect your devices (and your data and identity) with a VPN and strong
antivirus software!
The post Cybersecurity Tips for Online Holiday Shopping appeared first on Webroot Blog.