You found a great deal on the latest 65” 4K TV, but this is the first time you came across this online store. Should you go ahead with the purchase? Is the deal worth the danger? When it comes to online shopping, always stick with reputed and trustworthy retailers. It is very easy for someone across the other side of the world to create a shiny web store to lure unsuspecting customers by “too good to be true” offers and defraud them by collecting their credit card payment information. If in doubt, a quick Google search about the website can help or better yet, just avoid the retailer in question altogether.
The only way to be sure that your credit card number or other payment information you are submitting is encrypted and secure while flowing through the internet is if the “pad lock” symbol on your browser is in locked position or green. This is a visual indicator that your “session” with the website you are connected to is secured using SSL encryption. This SSL indicator can vary from browser to browser, so make sure you identify how it works for the browser of your choice and look for it anytime you are making an online purchase. But wait, just because the “pad lock” is green doesn’t mean that the site is secure. Fraudulent websites support SSL too and can give you a false sense of security. So make it a habit to check the website address for any mis-spellings (e.g. www.walmaart.com) and then check for the “pad lock”.
The logic is simple. Reduce the number of times you end up keying in your credit card number and the number of places you save the numbers to reduce your risk of losing it. The easiest way to achieve this is by using services like PayPal (or Google wallet, Visa checkout, etc.). You save your credit card number in your PayPal account and then use PayPal as your payment mechanism for all your online purchases. This way when you are ready to check out, instead of keying in your credit card number you can choose to pay using PayPal. You will be required to log into your PayPal account to authorize the transaction, but the process is seamless and very easy to use. This way you won’t need to enter your credit card number every time you checkout. Better still, if you are a little paranoid like me, configure your PayPal account for 2 factor authentication. They will text you a code every time you pay using PayPal and will further reduce the risk of someone getting hold of your PayPal password and misusing it.
Credit cards and Debit cards are some of the most frequently used methods of online payments. While banks do provide fraud protection against debit card transactions, it makes more sense to use credit card for online purchases. This way, even if someone gets hold of your online payment information they cannot dip into your bank account and get away with your savings. Some credit card issuing banks offer users the option to create a virtual credit card number for online use. These numbers are typically one time use only and can be created by logging into the bank website.
Remember this time of the year is open season for Phishing. You are being bombarded with emails related to your online shopping activities – order confirmation, order shipped, tracking information, etc. A well-crafted phishing email appearing to be coming from Amazon, FedEx or UPS can be difficult to identify. So stick to the basic principles to protect yourself against “phishing attack”. Never click a link or open an attachment that you did not expect to receive. Go directly to the website instead of using the link in the email if you would like to check the status of your order or package. If you’re like me, you are looking for deals on 3rd party websites like dealsofamerica.com and you like something, avoid clicking on the link provided to make your purchase. Why take a chance? Put in the extra key strokes to go directly to the retailer and be a cyber secure shopper.
If you have any questions about these tips or would like to further discuss your cybersecurity plan, please contact a member of Withum’s Cyber Secure Services team by filing out the form below or reaching out to Anurag Sharma directly (contact information below). The team is prepared to aid you in understanding cyber threats that exists, and is able to help you respond and recover should a breach occur and assist with the aftermath of a breach. This holiday season, take the extra step to ensure you are a cyber secure shopper.
|Anurag Sharma, CISA, CISSP, CRISC, Principal