Online Shopping Safety Tips: Protect Yourself from Cybercrime
Andrea ValenciaAdvisory, ACE®, ACES-DLPS, Lead, CFI/e-Discovery, IT / IT Security
Feb 24, 2021
It's late at night; you can't sleep, so you find yourself scrolling. Next thing you know, you've ordered online from various stores with items anticipated to arrive in the next few days. But what you didn't plan on receiving the following day was a notification that you're locked out of your email and that your bank account has a zero balance.
What is the new normal for online shopping trends for cybercriminals, and how do you protect yourself? The recent pandemic has accelerated the use of technology daily, not just at a business level but also at a personal level, with shopping habits shifting heavily to online retailers. In 2014, total online sales reached about $1.3 trillion, and now, it’s more than tripled to $4.2 trillion. U.S. e-commerce sales jumped 37% in Q3 of 2020 alone. By 2023, it is expected that 91% of the US population will consist of online shoppers.
Similarly, phishing, ransomware and malware attacks have also seen an increase – with a predicted $6 trillion in global damages related to cybercrime by this year. With increased online shopping and cyberattacks, its vital online shoppers take adequate precautions to safeguard sensitive personally identifiable information (PII). PII can include your social security number, financial information, telephone number, email address, account passwords, etc.
Following five simple online shopping cybersecurity tips can help protect your wallet and potentially your livelihood.
Five Cybersecurity Tips for Shopping Online
Protect your mobile devices: Malware or malicious code is designed to cause extensive damage to data and systems or gain unauthorized access to a network. A mobile device or mobile phone is a computer and is susceptible to attacks and malware. Malicious code placed on mobile devices is on the rise and presents a substantial risk to businesses and individuals alike. If you have financial accounts and/or are doing online shopping on your mobile devices, e.g., tablets, cellphones, or the like, ensure that your devices are protected:
Mobile antivirus/antimalware software: Most people do not have antivirus software on their mobile devices. Anti-malware software has many advantages. One of the benefits is that if the user clicks on a malicious app and/or opens attachments containing malicious code, the software detects and prevents the mallicious code from being executed on the device, thus blocking its intended purpose, e.g., scraping credentials to critical accounts such as banks, financial information such as credit cards and much more.
Avoid using public Wi-Fi: Public Wi-Fi / ‘Free Wi-Fi’ should not be used when doing your online shopping. It’s said, “Nothing in life is free, you always pay in the end.” Hackers want your data. How do they get it? Hackers are known for sitting on these networks and actively scanning them for data transmissions, e.g., credentials, financial information, etc. Further, hackers create fake irresistible Wi-Fi hotspots often called honeypots because they lure their targets in with something irresistible: Free Wi-Fi. Hackers even mimic public hotspots you may have used before, e.g., a local coffee shop. No matter where you go, free Wi-Fi hotspots are evident in nearly every public space from the local coffee shop, bookstore, restaurant, retailer, etc. If you are on the go and doing your online shopping, please use your cellphone’s network and avoid using public Wi-Fi. One way to prevent accidentally connecting to other networks while on the go is to turn off your cellphone’s Wi-Fi signal and use your mobile network. This would ensure you are using your network provider, like AT&T, Verizon, etc.
Ensure your device is up to date: Cybercriminals are always looking for new vulnerabilities in software. Ensuring your mobile devices are up to date prevents malicious actors from exploiting vulnerabilities in older software.
Ensure the websites you are purchasing from have an SSL Certificate: If you notice the website you are visiting has http instead of https, then the website is not secured. When correctly set up on a site, an SSL Certificate allows users to be redirected to https. When a website lacks this security feature, it will enable malicious cybercriminals to steal customers’ personal and financial information.
Site without an SSL Certificate:
Site with an SSL Certificate:
Caution: If you are untrusted network, e.g. free Wi-Fi, hotel network, etc., hackers can do a ‘man-in-the-middle’ attack, fake the website you intend to visit, and fake the security padlock or lock icon. Remember, use a trusted Internet connection or mobile provider, e.g. AT&T, Verizon, etc.
A padlock icon, or lock icon, displayed in a web browser usually indicates a secure mode where communications between a browser and web server are encrypted. This type of connection is designed to prevent anyone from reading or modifying the data you exchange with the website, i.e. for online shopping. This is a good thing and should be minimum expectations for secure online shopping.
Do not store your passwords or financial data on your browser: It is relatively common when users lack the appropriate security controls on their devices for their credentials to be scraped from their browsers. Instead of storing credentials locally on a machine, it is recommended that you keep your passwords and any other private and confidential information in a secure password management system with two-factor authentication or multifactor-authentication turned on.
Say no to debit cards.
Credit cards and debit cards are some of the most frequently used methods of online payments. While banks provide fraud protection against debit card transactions, it makes more sense to use credit cards for online purchases. This way, even if someone gets ahold of your online payment information, they cannot dip into your bank account and get away with your savings. Some credit card issuing banks offer users the option to create a virtual credit card number for online use. These numbers are typically one-time use only and can be made by logging into the bank website
Avoid phishing by going directly to the retailer’s website to check the status of your order.
In addition to emails that lure you to sites with the latest gadgets at the year’s best prices, you are being bombarded with emails related to your online shopping activities – order confirmation, order shipped, tracking information, etc. A well-crafted phishing email appearing to be coming from Amazon, FedEx or UPS can be challenging to identify. So, stick to the basic principles to protect yourself against a “phishing attack.” Never click a link or open an attachment that you did not expect to receive. Go directly to the website instead of using the link in the email if you would like to check your order or package’s status.
To demonstrate how easy it is for cyber criminals to steal information from non-secure websites; please see below for a quick video on how vulnerabilities on non-secured websites are exploited!
Applying these five cybersecurity steps to your online shopping habits is the first step in being a more responsible and cyber-secure online consumer. As online shopping continues to increase, more opportunities will exist for cybercriminals to compromise your PII. Ensure you’re staying one step ahead of any cyber threats by following the five steps above for safer online purchasing.
For any questions or further information, please contact a member of Withum’s Cybersecurity Team.