With Cyber Monday just around the corner, many people still wonder if it is safe to buy online during end-of-the-year sales events.
Of course it is safe in the sense that you won’t be pushed, hit, or crushed by other customers who also want to get their hands on the big deals. But is your credit or debit card information safe when you shop online? If you take a few basic precautions, you can enjoy the big discounts and not worry about getting into trouble.
Historically, November and December are the months with the most online transactions, and are therefore the months in which cyber-criminals are the most active.
We will enumerate the top five security threats you may encounter when shopping online and give you hints about how to shop safely on these dates.
The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an 18 percent increase in the number of unique phishing reports compared to the previous quarter, and that Retail/Service was the most targeted industry sector in the fourth quarter of 2014, with Payment Services close behind.
Phishing is possibly the most dangerous threat this season. Phishing occurs when cyber criminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may enter one of these sites by misspelling the site address, or by following links on forged emails, ads or posts.
Here are some tips to follow to make sure you don’t log into a phishing site:
- Double check the URL of the page you are on, making sure it has no typos before entering sensitive data. Forged sites may look exactly the same as the original ones.
- Look for the padlock. Whenever you are going to enter your information, be it your username, passwords, or your credit card data, verify that the site has a secure connection. The URL should start with https instead of http.
Additionally, you can get phishing filters as an additional measure to keep yourself protected against this threat. Modern browsers, such as Chrome, Opera, Internet Explorer, Microsoft Edge, and Safari offer built-in anti-phishing features. Furthermore, you can get specific anti-phishing software from the top antivirus and security companies, such as Avast, Avira, ESET, Kapersky and others.
Having a weak password
Big sites typically have strong security measures, but security is only as strong as its weakest link. Don’t let your password be your weakest link, especially if your password is for a site that contains sensitive information, such as your credit card information. Nowadays, several sites enforce the usage of secure passwords, but for those that don’t, you should be proactive.
Here are some tips to help you create a secure password:
- Don’t use information related to yourself that can be obtained easily, such as ID numbers, your nickname, your pet’s name and so on.
- Use lower and uppercase letters, numbers and symbols in your password. An easy way to get a secure password is to start with a phrase you know, or better yet, some random words, and replace some characters with numbers and symbols. For example: “I love donuts” can be converted to: Ilov3D0nuts, which is quite a strong password.
- Some sites have features to alert you (through email or text) when suspicious activity in your account occurs, such as failed login attempts, logins from a different country, or logins at unusual hours. If you have the choice, always enable this option.
Malware and social network spams
Malware and social networks scams are a latent threat, which is expected to increase during this season. Don’t trust unbelievable deals if they come from unreliable sources, such as email or social media, as they are probably not true. Fake deals will redirect you to phishing sites or trick you to download malware. With the uprise of social media, attackers are focusing on its users. Social media provides attackers a high propagation rate, as affected users will share posts and links to all their friends/followers without even knowing the danger they pose.
Here are some hints to help you avoid malware scams:
- If you see a suspicious post from a friend, don’t open the link. Tell your friend about it, ensure that your friend really published the post, and take action immediately.
- Keep you operating system up to date, as some security holes are patched as soon as they are detected.
- If you are using a retail store’s application, make sure you have the latest version, be it a mobile or desktop app. Just as with operating systems, application updates may fix detected security holes and improve stability.
- Install antivirus and malware protection software.
Using public terminals and networks
Never, ever enter your credit card number on a public Wifi network or terminal. Really, we cannot stress enough how bad an idea this is. Anyone can be in public networks, including attackers listening to the network traffic, and public networks offer no security. It doesn’t matter whether the site you are trying to access is secure, if the way you get there is not. Private networks, or even 3G/4G mobile networks are safer.
Shopping at unsecure sites
Maybe you want to buy something from a small site, or a new site. Maybe that little-known site is the only one that has the precious item you want. Well, you can do it if you trust the company, but you will be safest if you check to see the site meets the following security measures:
Ensure that the site protects the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts the information you input. You can verify this by checking to see that the URL of the website starts with https, and that the browser shows the padlock icon to indicate the use of SSL certificates.
Read the privacy and security information for the site to find out how it handles privacy and security. From this document, you can also learn whether the site takes security seriously. For example, you can find out whether it implements Brute Force Protection and IP logging, among other measures.
Some sites outsource their payment platforms to online payment services such as Paypal; in this way, these well-known services handle all the user’s data and typically have strong security measures in place.
Share only as much information as is necessary to make your purchase. For example, if a site asks you for your social security number, employer, relative’s information, and such, do not trust that site.
If you log in using a social provider, always verify the information that the site asks for. Often you will find that sites ask for information that they do not need, such as your friends list.
Diego Poza, technical writer, Auth0
Image credit: Shutterstock/Tashatuvango