Seamless and Secure Online Shopping – An extensive list of Tips & Practical guidance
Online shopping is easy and convenient specially during holiday season when many of us will be making purchases online to avoid large crowds and busy mall traffic. While it has made our lives easier, it exposes us to online risks too. As cyber-criminals see the Christmas & other festive celebrations as opportunities to capture, use & exploit the sensitive information that we share online for their profit as well.
Cyber-crime is a constant threat that imposes a greater risk during peak shopping periods, due to the high volume of digital transactions happening at these times. For e.g.
Phishing was third, but it was at an all-time high exploit according to the APWG's Phishing Activity Trends Report.
FBI's own Internet Crime Complaint Center says that one of the top most cybercrime is related to online shopping, either non-payment for or non-deliver of goods purchased.
A recent “PCMag” survey asked if people had experienced a cyber-attack like malware, credit card fraud, or ransomware— 25 % said they had.
While these stats are somewhat alarming, but it should not keep you away from shopping online. You simply need to use common sense and follow some additional practical advice. You’ve already being benefited from security features developed to help protect personal data like passwords, usernames and credit card numbers by websites designed by financial institutions, top & known retailers and government agencies.
As we go through this article, we’ll talk about the various methods cyber-criminals use to exploit unsuspecting shoppers and how you can protect yourself against them.
1. Dodgy-offers that are too good to be true - We have all come across a legitimately unbelievable offer and jumped on it with enthusiasm, glad to have been afforded the opportunity to purchase something at a fraction of its true cost. But that is rare, and caution is required because there are plenty of hackers looking to hook you in with tempting offers and/or infect your device. An online shop that has an iPhone 8 at 150$ is most likely trying to scam you. It is advisable to be doubly vigilant during holiday seasons, like Christmas, where there does tend to be a lot of amazing and genuine offers. The more reliable the brand and the more secure the URL, the more likely it is that it’s authentic. If not, then walk away.
2. Ensure it’s a real online address - One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of drive-by-downloads, or malicious links. However, the most dangerous aspect you should be concerned about is the checkout process which opens you up to identity theft, credit card fraud or social engineering attacks.
Here are some tips to identify that a shopping site is fake:
A strange selection of brands. For instance, the website claims to be specialized in clothes but also sells car parts or construction materials.
Broken language. Any self-respecting online shop will hire a specialized copywriter to come up with beautiful product descriptions. Alarm bells should go off in your head if descriptions don’t make sense.
Strange contact information. If the email for customer service is “email@example.com” instead of “firstname.lastname@example.org” then you can bet that online shop is fake.
3. Don't Overshare - No online shopping site needs your Social Security number or your birthday to do business. However, if crooks get them and your credit card number, they can do a lot of damage. The more scammers know, the easier it is to steal your identity. When possible, default to giving up as little personal data as possible. Even major sites get breached.
4. Look & verify the SSL Certification - This protocol is known as SSL — Secure Socket Layer — encryption, and it protects online transactions by keeping data in transit confidential by encoding it and hence making it invisible to cybercriminals. Look for the addition of an “S” to the “http://” at the beginning of a URL on pages where you enter a password or personal details. Some sites use SSL only on some parts of the site, like the homepage. But this doesn’t mean that the entire site is not secure. In addition, search for visual cues that indicate a secure site, such as a “lock symbol and green color” in the address bar before you enter a credit card number or any confidential information. This indicates that your shopping session is secure and that the site is using encryption to protect your personal data.
5. HTTPS Everywhere - To access secure websites, we recommend a useful browser extension like HTTPS Everywhere that encrypts connection to major sites and increases your information security. HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
6. Use the Phone instead of the Card - Paying for items using your smartphone is pretty standard these days and is actually even more secure than using your credit card. Using a mobile payment app like Apple Pay generates a one-use authentication code for the purchase that no one else could ever steal and use. Plus, you're avoiding card skimmers— as you don't even need to take your credit card with you if you only go places where you can see this symbol. Many online store app will now accept payment using Apple Pay and Google Pay, like Groupon, Airbnb, Staples, Ticketmaster, Starbucks, and many others.
7. Check Domain name - Often, phishing scams will copy popular domain names and their layout to try to get you to buy from their fraudulent website. For example, amaz0n.com rather than amazon.com. If you’re not careful, small details like that could easily be overlooked. Close the browser immediately, If the domain spelling seems a bit off.
8. Legit business details - Make sure that the business you’re buying from actually has a physical address, phone number, a return policy, privacy statements, etc. listed on their website. Reputable companies will always list some way for you to contact them on their website.
9. Consistent Website - Make sure your website looks professional, with engaging design and imagery that’s similar throughout. You should offer a consistent experience across your site – including on the payment page – and ensure your content is accurate and up-to-date. If it has any typing errors, or it seems not very well structured, get-off it.
10. Confirm the Payment Gateways You’re Using - Sometimes, hackers using bogus sites and pages for fooling you and thus stealing account info. In most cases, fake kinds of Payment Gateways are used to fool customers. So, for having the best level of Online Security, you should be conscious about the Payment Gateways you are using. First of all, you need to make sure that the connection is Secure and Private. To do that, you can check whether it’s HTTPS and secondly, you can check whether the Payment Gateway is using trusted forms of payment i.e. it should support Credit Cards, Debit Cards, PayPal and Net Banking.
11. Update your browser, antivirus and operating system - Unpatched software is a frequent cause of malware infections. Online shoppers are most at risk because of this, due to the sensitive information involved. Make sure you at least have an updated browser & antivirus when you order things online. This will help secure your cookies and cache, while preventing a data leakage.
12. Use an Ad-Blocker - You may wonder what an Ad-Blocker software can do about Online Shopping Security. In case if you did not know, ads are widely used to spread malware and install spyware on devices. So, if you manage to block such pop-ups, you are avoiding a big risk of being threatened by malware and spyware which could compromise the entire security setup of your browser.
13. Keep an eye on your bank account - Malicious hackers really want your credit card data, and online shops are the best place for them to get their hands on such information. Credit card data leaks aren’t always your fault. Often times, companies get hacked and their information falls into the hands of cybercriminals. Periodically review your bank account and check up on any suspicious activity.
14. Stay Track-free - Open a “private session” or “incognito window” in your browser when searching for airline tickets or hotel reservations. Once the site determines you’re interested in a particular flight or hotel, the prices may increase. The same goes for standard online shopping, so delete your browser’s cookies and cache regularly when shopping online.
15. Improving Password Security for Shopping Accounts - Often times, we do online purchases from multiple sites that specialize around a certain niche. But most people will simply reuse the same password for each account, and that in itself is a major security risk. Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember. There is simply no way to guarantee a bulletproof password However, such hackers are not that patient though, so any deterrents are usually enough to make them give up and find an easier target. Some best practices include:
Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Keep corporate & personal passwords separate and change your passwords often (ideally every month).Make sure password length is at least 8 characters, use both upper and lower case characters, Include numbers and special symbols when allowed, Don’t use personal data and Make patterns random and not sequential or ‘ordered’.Don’t write passwords down or store passwords on any device or share passwords in emails or IMs.
16. Use a credit card instead of a debit card - The Fair Credit Billing Act (FCBA) says if you report a credit card as lost or stolen, the most you’ll lose is $50. Credit cards have some extra-legal defenses built in that make them safer to buy stuff with compared to debit cards. For credit cards you aren’t liable if someone does fraudulent credit card transactions, so long as you report the fraud in a timely manner.
Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.
17. Spam or phishing emails - Phishing emails are so well optimized they often enjoy higher open and click rates than legitimate emails from trusted businesses. A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order product” or “Buy now”, and that’s when the malware attack starts. And a big source of click rates is the Unsubscribe button. A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam because malicious hackers don’t play nice. The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.
18. Safely use public Wi-Fi hotspots and add some ho-ho-ho to your holiday – A densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot is a prime target for a cyber-criminal who wants to blend in and go unnoticed. You should also never buy things online from an open Wi-Fi network with no password, no matter how few people are connected to it. It’s simply not worth the risk. Learn how to add some ho-ho-ho to your Wi-Fi hotspot while holiday shopping.
VPN over free Wi-Fi hotspots - One way to make sure your private information stays that way on public Wi-Fi is to use a VPN. Virtual private networks, create a secure tunnel for any data that travels to and from your device on a public network. With a VPN, you can check your credit card balance and your online wish lists without worry.
Don’t snooze on Wi-Fi safety during your coffee break - If you take a break from shopping to treat yourself to a holiday coffee, you might be tempted to use the coffee shop’s Wi-Fi. Before you connect to the café’s public hotspot, be sure you’re on the real network. Hackers can create their own rogue hotspots with similar-sounding network names to trick unsuspecting surfers and gain access to the information sent and received over the network. Always verify the
Wi-Fi network name with a shop employee and use a VPN to help protect your information.
19. Paper trail & other financial safety tips - Keep a good record of what you purchased and where. Check your credit card statement for any discrepancies and notify your card issuer immediately. Don’t keep your PIN number in the same spot as your credit card. Destroy and delete any bank statements you have read. Activate two-factor authentication payment methods. Immediately lock your credit cards if you lose them. Even if you’re sure you just misplaced them, it’s best to be paranoid rather than defrauded.
20. Additional steps to ensure security while shopping online - Here are some additional tips on how to be safer while spreading the holiday cheer by buying gifts online.
Don’t open emails from unknown senders or click on links to “deals” that seem suspicious or too good to be true.
Proactively monitor all of your financial accounts and sign-up for text and/or email alerts.
Checking with organizations like the Better Business Bureau (BBB) can also help weed out poorly managed online shopping sites.
Conclusion - Online shopping safety is a growing concern among both e-retailers and
shoppers. The former wants to protect their reputation and preserve consumer trust, while the latter wants to know their money is safe. A lot of progress has been done over the years, such as two-factor authentication and improved infrastructure. I hope this extensive list of tips & knowledge shared via this article would prove useful in keeping your personal information safe this holiday shopping season.
Shop Safe and Happy Holidays!
#holidayshopping #infosec #linkedin #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cybersecurity #security #cloudsecurity #trends #grc #leadership #socialmedia #digitization #cyberrisk #education #Hacking #privacy #datasecurity #passwordmanagement #identitytheft #phishingemails #holidayseason #bankfraud #personalinformation #creditfraud