Being a cyber secure shopper is more important than ever. I’m sure you’ve read the articles on maintaining your security, but the need to be proactive and intelligent in your online shopping activities only becomes more prevalent as the use and comfort with online shopping activity increases. To put it into perspective, during the 2017 holiday shopping season, November 1 – December 31, 2017, online sales were over $108B, an increase of 114.5% over 2016 sales over the same period. In 2018, it is expected that online holiday sales will increase an additional 15.5% for a total sales of 124.9B, due to consumer confidence being the highest it has been in the past 18 years. If online orders continue to hover around the same amount per order ($123/order in 2016 and $122/order in 2017) that equates to more than 10 million online orders are expected in 2018.
Beyond any of your personal and credit card information, each order carries a lot of value to hackers that help them establish a holistic profile of you – and your interests – to better become or exploit you. The more information that hackers are able to obtain, the more lucrative it is, as the information they steal will most likely end up being sold on the dark web. Experian issued an article in April of 2018 showing the type of information that hackers sell on the dark web, and what each record may be worth.
It’s important to remember that shopping or performing any activities online has its risks. Let’s face it, because of a combination of the convenience, ease of access, and savings, you are most likely going to be part of the online holiday shopping craze. But, just because you are involved does not mean you should become numb to the fact that data breaches are happening all around us. You need to protect yourself, so hopefully, you don’t become one of the unfortunate statistics in another category – identify theft victim.
As we enter into the 2018 holiday season, consider the following steps to help protect yourself during the holiday online shopping season, and every day after!
It’s the season for gift shopping! If you’re like me, and millions of other shoppers throughout the world, you prefer online shopping more than braving the long lines and the race to the most popular items in the mall and big box stores. But with the convenience, remember that there are risks to online shopping, so keep in mind these tips to help you become a cyber secure shopper this season.
You found a great deal on the latest 65” 4K TV, but this is the first time you came across this online store. Should you go ahead with the purchase? Is the deal worth the danger? When it comes to online shopping, always stick with reputed and trustworthy retailers. It is very easy for someone on the other side of the world to create a shiny web store to lure unsuspecting customers by “too good to be true” offers and defraud them by collecting their credit card payment information. If in doubt, a quick Google search about the website can help or better yet, just avoid the retailer in question altogether.
You’re surfing the web and come across that perfect gift in an ad window. You click on it, and a minute later, your order is placed, and that perfect gift is on its way….but little did you know that when you clicked on that link, it allowed someone to monitor the whole transaction. Now they have your information to do as they please, including to log directly into that online retailer and send that perfect gift and 100 more to all of their friends and family. Don’t trust links to retailers, as it may get you to the website to make your purchase, but allow someone to “watch” without you knowing. To combat this, when making online purchases go directly to the retailer’s site.
The only way to be sure that your credit card number or other payment information you are submitting is encrypted and secure while flowing through the internet is if the “padlock” symbol on your browser is in locked position or green. This is a visual indicator that your “session” with the website you are connected to is secured using SSL encryption. This SSL indicator can vary from browser to browser, so make sure you identify how it works for the browser of your choice and looks for it anytime you are making an online purchase.
Note: Just because the “padlock” is green doesn’t mean that the site is secure. Fraudulent websites support SSL too and can give you a false sense of security. Make it a habit to check the website address for any mis-spellings (e.g. www.walmaart.com) and then check for the “padlock”. Another way to check on your session to determine if you are on a website’s secure page when entering information is by looking at the web address itself. If the web address is “http:”, then the pages you are viewing are insecure. Web addresses with the added “s” (“https”), is another indicator that the session is encrypted to protect the transmission of your information.
The logic is simple. Reduce the number of times you end up keying in your credit card number and the number of places you save the numbers to reduce your risk of losing it. The easiest way to achieve this is by using services like PayPal (or Google Wallet, Visa checkout, etc.). You save your credit card number in your PayPal account and then use PayPal as your payment mechanism for all your online purchases. This way when you are ready to check out, instead of keying in your credit card number you can choose to pay using PayPal. You will be required to log into your PayPal account to authorize the transaction, but the process is seamless and very easy to use. This way you won’t need to enter your credit card number every time you checkout.
Better still, if you are a little paranoid, like me, configure your PayPal account for 22-factor authentication. With this setting enabled, PayPal will text you a one-time use code every time you pay using PayPal to further reduce the risk of someone getting ahold of your PayPal login information and misusing it.
Credit cards and debit cards are some of the most frequently used methods of online payments. While banks do provide fraud protection against debit card transactions, it makes more sense to use credit cards for online purchases. This way, even if someone gets ahold of your online payment information they cannot dip into your bank account and get away with your savings. Some credit card issuing banks offer users the option to create a virtual credit card number for online use. These numbers are typically one-time use only and can be created by logging into the bank website.
Over one in every three online transactions during the 2017 holiday season were made through a mobile device, such as a smartphone or tablet. This trend is expected to close to double in 2018, with approximately 60% of online transactions expected to be performed using a mobile device. Mobile devices can store credit card information to facilitate making transactions faster, as well as hold a treasure trove of other information about you, make sure that you protect your mobile device. At a minimum, your mobile device should be password protected.
Email drove over $3 billion of sales on Black Friday alone in 2017, and that trend is not expected to change. But be mindful of emails for phishing attacks. In addition to emails to lure you to sites with the latest gadgets at the year’s best prices, you are being bombarded with emails related to your online shopping activities – order confirmation, order shipped, tracking information, etc. A well-crafted phishing email appearing to be coming from Amazon, FedEx or UPS can be difficult to identify. So stick to the basic principles to protect yourself against “phishing attack”. Never click a link or open an attachment that you did not expect to receive. Go directly to the website instead of using the link in the email if you would like to check the status of your order or package. If you’re like me, you are looking for deals on 3rd party websites like dealsofamerica.com and you like something, avoid clicking on the link provided to make your purchase. Why take a chance? Put in the extra keystrokes to go directly to the retailer and be a cyber secure shopper.
Password protection is the primary means of securing access. Considering online retailers enable users to create a profile to provide ease of access for repeat transactions, having the means to protect that profile is essential. Password cracking technology can allow a hacker to attempt to crack passwords by running millions of potential passwords in a matter of seconds. Make sure that you use a password that is not only something that you can remember but something that is not easily deciphered. You can test your password using simple online tools, such as https://howsecureismypassword.net/.
Lack of patching is one of the leading causes of security issues for both computers and mobile devices. It leaves equipment to be susceptible to known vulnerabilities. The vulnerabilities vary, but some can lead to individuals taking over your machine, tracking all of your activity, or logging every keystroke you make. Understanding your vulnerabilities and keeping your computers and mobile devices patched with the latest patches or operating system updates will help to reduce the security risk at your end of the technology chain during the transaction.
Public Wifi and hotspots are beneficial and save us on using our coveted data; however, they create a significant risk to allow individuals to gain access to your device or trace your activities. Even if you think you know everyone as your local coffee shop because you visit it every morning, resist logging into their free Wifi.
If you do log in, limit what you do. Don’t log into accounting or make purchases that you wouldn’t want compromised, even if it’s just for a quick purchase that takes a few moments. Public Wifi and hotspots are prime locations for cybercriminals to sit and wait for you to log into a site and enter your details. This is not uncommon.
As we enter the prime shopping season, keep an eye on the emails and deals you choose. Cyber criminals have gotten very sophisticated over the years and are now capable of cloning the emails, web pages, links, and messages that you are used to seeing.
This holiday season, take the extra step to ensure you are a cyber secure shopper.
If you have any questions about these tips or would like to schedule a complimentary cybersecurity consultation, please contact a member of Withum’s Cyber Secure Services team by filling in the form below. The team is prepared to aid you in understanding cyber threats that exist, and is able to help you respond and recover should a breach occur and assist with the aftermath of a breach.