Staying Safe Online – Holiday Edition

Many of us will hop online over the next few months to purchase gifts, plane tickets, admission to shows and games, and food in preparation for the holidays. However, with online convenience comes all kinds of security risks. Arm yourself by learning about safe online shopping so that you don’t spend any of your vacation time worrying about fraudulent charges or personal data leaks.

Why do online shoppers have to take special precautions?

There are three common ways that attackers can take advantage of online shoppers:

  • Creating fraudulent sites and email messages – Unlike shopping at brick and mortar stores, online attackers can “build” fake online stores or send fraudulent email messages. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
  • Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted.
  • Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. Reputable vendors work to protect their computers and systems to prevent attackers from accessing customer databases.

How can you protect yourself?

  • Keep a clean machine – Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.
  • Lock down your login – Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Create strong passwords – A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  • Remember: unique account, unique password – Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.

During Shopping

  • Do business with reputable vendors – Make sure that you are interacting with a reputable, established vendor. (See What the Phishing is all about and Understanding Web Site Certificates for more information.) Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the “issued to” information. If you’re using an unfamiliar vendor, locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
  • Look for the padlock symbol at the top of your browser or “https” in your URL bar – Many sites use secure sockets layer (SSL) to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
  • Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using a single, low-limit credit card to making all of your online purchases. Also use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
  • Never shop or log in to personal accounts when on public Wi-Fi or a public device – Public Wi-Fi can make all the personal information that you transmit visible to criminals. Public, shared devices, such as kiosks or library computers, can be infected with malware that will steal your information.
  • Do not use your work email address for retail accounts – By using a free webmail accounts, such as Gmail or Hotmail, it will be much easier to identify a potentially malicious email coming to your work email, since the online retailers should not know that email address. This can also help you prevent criminals from knowing where you work, which is information than can potentially use to hack into your work account!

After Shopping

  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. (See What the Phishing is all about) Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself. (See Recognizing and Avoiding Email Scams.)
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately. (See Preventing and Responding to Identity Theft.)

By following these guidelines and common sense during the busy holiday shopping season, you’ll be giving yourself the gift of knowing your personal and financial data is secure for months to come.