Palo Alto Networks Live Community provides 12 important tips for staying safe while online shopping during the holiday season. From making sure your software is up to date and not using public WiFi to password security and only opening trusted emails. Learn to protect yourself from cybercriminals.
It’s that time of year again! Online shoppers get ready for Thanksgiving, Black Friday, Cyber Monday, Christmas, and New Year's to find those perfect end-of-the-year deals and discounts. It's going to be chaos at the stores, and many people will prefer to do their shopping from the tranquility of their homes.
There's absolutely no need to go outside and fight traffic or fight other buyers for that last items that you both desperately want. ^_^ Many people prefer the convenience of making online purchases with just a few mouse clicks and having the package delivered to their door step the next day!
Online shopping has gained a lot of popularity over the years, and one must remain vigilant! Cybercriminals will try to take advantage of this shopping period and will prepare all sorts of scams to try and trick you. Scams like social engineering, phishing emails, and spoofed and malicious websites are amongst the most popular ways to trick unsuspecting shoppers all over the world!
It's important to stay alert and spot the red flags that could indicate scammers at work.
So what can you do about it?
Below, you'll find some tips (in no particular order) that can help you be smart and shop safe during the holidays.
Make sure that the software you're using is up to date. I'm talking about the OS, browsers, and all the applications you might be using on your endhost. This is not limited to your desktop of course! Since mobile shopping has become more popular, make sure your mobile devices have the latest patches and app versions installed. In doing so, you'll greatly reduce the risk of running into known vulnerabilities and get infected by malware.
Don't use free public Wi-Fi for shopping! Using MITM (Man in the Middle) methods, attackers might be listening in on your communication and intercept the traffic. It is best to use a trusted Wi-Fi connection like the one at home! If you aren't at home, then I'd recommend that you turn your smartphone into a hotspot to connect your laptop to the internet.
Make sure that your connection is secure! Identify the padlock icon next to the URL! If it's there, then it means that the communication between the client and the server is encrypted. A word of caution: The padlock guarantees privacy between client and server, but it does NOT guarantee that you can trust the site! It might very well be a fake phishing website designed to trick you into thinking that you are on an "official" site. That said, make sure that the URL makes sense and isn't some weird wordplay of well known websites. Criminals tend to use fake websites with URLs that are very similar to well known websites.
Use credit cards with online transactions, not debit cards! Debit cards aren’t covered by fraud insurance policies and provide direct access to the bank accounts they’re linked to. Credit card companies give insurance to buyers if the product isn’t delivered.
Be alert of the information being collected! Make sure you stay alert about the kind of information that's being collected when you make an online purchase!If you're being asked for personal data, like Social Security numbers or password information, then that's a definite red flag!
Be wary about pop-ups and ads in general. While some of them might seem legit, they are often a way for scammers to trick over-enthusiastic online shoppers into clicking them, in which case they can redirect you to malicious sites. Be wary of ads that seem too good to be true and just close them or block them out with an ad-blocker!
Don't trust every email you get! Phishing emails are used to trick shoppers to go to malicious websites and enter their CC information and/or install all sorts of nasty malware in the process. If you receive a suspicious email from an address you've never heard of, with a link to an unknown site, don't open attachments and don't go to the website because it can be malicious! By opening the attachment, you could be installing malware on your device. This is a very popular way that criminals try to steal your information or infect your devices. As in the previous tip, if the deal is too good to be true then just delete the email!
Avoid unknown websites and shop on sites that you trust only! That new gaming console might look very interesting when it's being offered for $200 cheaper than on other websites. But, at the same time, that shadywebsite.com will be stealing your CC information when you order something from them!
Avoid using the same password over and over again. If one of the websites gets compromised then all of your other accounts are at risk as well. Ideally, use a passphrase. They tend to be easier to remember and are nearly impossible to hack! Still having trouble managing different passwords? Then I'd recommend using a password manager tool to help you with maintaining your passwords! There are many available options out there (i.e., Keepass, LastPass, etc.).
Watch out for fake or compromised social media accounts! Fake or compromised social media accounts post links and too-good-to-be-true ads! Just because it's on Facebook or Instagram doesn't mean you can trust it!
Do some research and check for reviews! If you are buying on a new website, check for existing reviews. Scammers usually don't have reviews. Look to see if there are other customers that post their experiences with the website.
Your movements can be tracked if you have Bluetooth or Wi-Fi enabled. While you are within range, malicious users can track your location and could possibly verify your shopping habits and send you targeted advertisements. I would advise to disable Wi-Fi and Bluetooth when you're not using it.
Note: This list isn't limited to what I've mentioned above. I'm sure many of you can think of other tips and tricks that could help online shoppers get a much safer online experience!
Don't be shy! Please add your advice to the comments section below!