|Image credit: Pexels|
Always remember, the Internet is not a governed, safe environment. It’s the wild west. There really are no guarantees to security when shopping online and even big companies can be affected by security vulnerabilities. This blog covers some of the greatest security risks this Christmas season, and gives practical tips to help you shop safely online this year.
Phishing ScamsDuring promotional periods, such as Black Friday or Cyber Monday, you’re more likely to fall victim to phishing scams – attacks sent directly to people via email to steal your payment or personal information. Attackers send out phishing emails posing as large retailers with attractive discounts and – for many consumers – this is enticing enough to make a poor decision and click on a malicious link. This link may provide your personal and payment data directly to the bad guys, or infect your device with malware.
Even large companies can be susceptible to these attacks. In our own research, Positive Technologies found that 88 percent of employees open unknown files and links they receive by email. Earlier this year, Saks Fifth Avenue was a victim of one such crime, and five million credit and debit card numbers were stolen from their systems.
Phishing campaigns are designed to play to your emotions. Emails will attempt to convince you that they’re from a trusted source, and it can be hard to discern if an email is genuine or not.
Here are a few tips for spotting and avoiding phishing scams:
- Be wary of unwanted emails or emails from an unknown source. If a shop you don’t usually receive emails from is contacting you for the first time, it could be a fake.
- Look for misspellings in the email. Criminals don’t have a marketing department and a sloppy email might indicate a cheap scam.
- Is the email addressed to you by name? Criminals are unlikely to know your full name, so they may address you by Sir or Madam.
- Do not click on unknown links contained within emails. It may sound like a great deal, but in fact it could cost you dearly.
- Remember that the sender’s email address is not a guarantee that the email came from the person or organization that the message claims to be. If something seems fishy, check with the sender directly.
Compromised E-Commerce WebsitesCriminals don’t just target customers directly, they also target the retailers they use. If a website it compromised and you input your credit card details, you may be handing your banking information directly to cyber criminals and could see fraud on your account later on.
Of course, this isn’t your fault. However, customers should be vigilant and aware of this risk. On some websites, you may see visual indications of “security,” such as padlock icons which show that a website is using SSL, or Secure Sockets Layer – a protocol that encrypts information sent between a web browser, like Google Chrome, and a web server, such as those operated by the retail company you’re shopping from. However, this is no guarantee that your information is secure. We saw companies like Newegg, Ticketmaster and British Airways affected by malware over the summer that stole credit card data entered onto the websites – and they used SSL.
Customers, therefore have to take their own steps to protecting themselves online.
Here are our top tips to protecting yourself from compromised websites:
- Try free tools that help you distinguish risky websites from safe ones. For example, Web of Trust.
- Remember, even “safe” websites can be attacked so also consider using free malware blocking tools. NoScript, for example, is a free browser extension that will block the malicious code from loading during your checkout session.
- Use virtual cards for online shopping. These typically have a short lifetime and allow you set specific limits per transaction. This means if you are compromised, a cyber criminal can’t access your entire bank account. Some banks and credit providers, such as Bank of America (ShopSafe), Capital One (ENO) and Citi offer these but there are other dedicated providers, such as Entropay.
- If you have to pay online using your debit or credit card, choose your credit card. You are typically entitled to better protection over purchases so are more likely to be covered if you are a victim of fraud.
- Monitor your bank account thoroughly to spot fraudulent activity early on. Enable SMS notifications for your account so that you receive visual confirmation for the purchases you make. If your bank account allows you to set transaction limits, enable this feature as well. And of course, if you notice any suspicious transactions, inform your bank immediately and block the card.
Author: Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies