By Julie Goldstein. In 2016, shoppers bought more online than in stores – and Cyber Monday was the biggest online shopping day in the history of the U.S!
Unfortunately, that means this is a perfect time of year for cybercriminals. Three common ways that criminals take advantage of online shoppers are:
- Creating fraudulent sites and email messages
- Intercepting non-secure transactions
- Targeting vulnerable computers
The good news is that you can avoid cyber-threats by following all of these safe online shopping practices:
Shop reliable websites, and get there safely. Don’t be fooled by the lure of great discounts from less-than-reputable websites or fake companies. Use the sites of retailers you know and trust, and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.
Conduct research. There are a lot of fake and malicious sites. When considering a purchase from an unfamiliar website, search for reviews to see if other customers have had positive or negative experiences with them. Verify the website has a legitimate mailing address and a phone number for customer service. If the site looks suspicious, call and speak to a human – or just choose another site for your purchase!
Check the address bar. Always look for https:// (not http) in the URL before using your credit card online.
Stay safe with text alerts. Set up alerts with your bank and credit card providers to get a message for any transactions over a set amount and/or a daily summary of your balance. Immediately report discrepancies you see in alerts or your monthly statements.
Avoid Wi-Fi hotspots and public computers. Treat all Wi-Fi hotspots and public computers as compromised, even if they appear safe. Don’t use them to shop or log in to key accounts, including email and banking. Set all your devices to “ask” before joining any new wireless networks.
Don’t click on pop-ups. Close all pop-up offers and deals, as well as any “warnings” that you need to update your virus software – these are scams.
Always think twice before clicking on links or opening attachments, even if they appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank. Messages are easily faked. Use known, trusted URLs instead of clicking on links. Open only known, expected attachments. Be especially wary of fake package tracking emails, fake e-cards, and emails requesting that you confirm purchase information. These are particularly common this time of year.
Keep clean machines. Make sure the internet-connected device you are using — whether a computer, smartphone or tablet — as well as your apps, browser, and anti-virus/anti-malware software are all patched and up-to-date.
Pay by credit card. Unlike most debit cards, credit cards offer protections that may reduce your liability if you’re a victim of fraud. Consider using a separate credit card for online transactions only.
Don’t auto-save passwords or credit card numbers. The inconvenience of having to re-enter the information is insignificant compared to the time you will spend dealing with the loss of your stolen information. And don’t ever provide your financial or personal information via email or text.
Be alert for charity donation scams. Criminals take advantage of people’s generosity during the holiday season. Don’t click on links requesting donations. Contribute by navigating to the trusted address of the charity.
Disable Bluetooth, wireless and Near Field Communications (NFC) when not in use. This will reduce the risk of your data being intercepted by thieves.
Secure your home wi-fi. To avoid data thieves, enable strong encryption — WPA2 is recommended. Require all users to sign in with a strong password. Check periodically for software updates (many home routers don’t auto-update).
Review privacy policies. Know what information any merchant you shop with is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.
Create passwords that protect you. Make them long and strong, use a different password for every account, never reveal them to anyone, and use multi-factor authentication (MFA, also called two-factor or two-step authentication) wherever possible. See https://www.lockdownyourlogin.com/ for additional tips on passwords.
Julie Goldstein is IT Security Analyst, UC Cyber-Risk Coordination Center, UC Office of the President.
Originally published in UCOP’s Link on November 20, 2017. Republished with permission.