subscribe: Daily Newsletter

 

Tips for safe online holiday shopping

0 comments

The holidays are here and this means online shopping for those Christmas gifts.  This also means that cybercriminal scams are aplenty.  Carey van Vlaanderen, CEO of ESET, shares six top tips to help ensure that it is a fun and safe experience.

Spot those phishing e-mails
Phishing e-mails are often used by cybercriminals trying to steal your money and data, and this is especially true during the holiday season.
For example, a criminal may send you a phishing e-mail with a link to a ‘deal’, only for this to direct the wold-be-shopper to a spoofed or malicious web site.  They may then look to steal entered credit card details, or infect the user with malware.
They might even upload a malicious file with their phishing e-mail, claiming instead that it is a brochure or invoice.
Pay close attention to any spelling and grammatical errors in the body of the e-mail, and also look at the sender’s e-mail address.  If you don’t recognise the sender or did not sign up for e-mails from that address, do not respond.
You should always be wary of what files you download to your computer and what security software you are using.

Watch out for vishing
Voice phishing – or vishing – is the age-old-trick where criminals try to trick people into giving their personal or financial details by pretending to be a trusted source trying to help them.
They might pretend to be a bank, a big tech company, a reputable retailer or – as is often the case – a Microsoft support engineer asking for access to the user’s computer.
Most people have cottoned on to these attacks, but they haven’t gone away completely with criminals increasingly using this method to target elderly and other vulnerable people.
The lesson here is never to hand any personal details over the phone when someone calls you.
Instead, you should hang up, call the supposed supplier back (by searching online, not by redialling), and taking the issue with a customer representative from there.

Look out for suspicious deals on social media
Millions of people tweet on Twitter, post on Facebook and share snaps on Pinterest each day, but this doesn’t mean that all these people are to be trusted.
Indeed, some accounts aren’t even real – there are thousands of computer bots that are tweeting every day.
During the holidays, make sure that you are careful on what links you click on and where you buy products.  Pay particular attention to tweeted deals that look too good to be true with shortened links (as they might try to lure you to a malicious web site).
If you have never heard of the seller before, look into them online and study their terms and conditions carefully because, as mentioned above, you need to be careful who you are buying from.
There have been countless tales of Facebook sellers delivering counterfeit goods, poor quality items or even outright failing to deliver the products after taking payment.

Embrace HTTPS
In most, if not all cases, you should look to buy items from retailers that use HTTPS web encryption on their website.
This means that the credit or debit card details you send over to the seller’s computer server will be encrypted from end-to-end and thus very unlikely to be encrypted by criminals in a man-in-the-middle attack. (Where attackers grab details as they pass through to the supplier).
This isn’t to say that HTTP websites are insecure; it’s just that the HTTPS encryption adds a whole new level of protection.
You may also want to look for sites with additional security measures like verified by VISA and any other types of two-factor-authentication (2FA), which was recently advocated by former National Security Agency contractor and whistleblower Edward Snowden.

.     Stay away from search engine ads
You should avoid clicking on deals being advertised on search engine ads and there’s an extremely good reason why.
Ad servers are regularly being breached by criminals, who then misdirect people who click onto malicious sites where they try to steal credentials or infect users in a drive-by-download attack.
These malvertising attacks are on the rise, as evidenced by the attack against Yahoo earlier this year.
If the deal is attractive, and it looks authentic, play it safe by searching in detail online and going via official retail websites. It might take you a little longer to secure what it is you are after, but it will be worth the wait.

.     Be wary of fake coupons
Coupons aren’t as widely circulated as they once were, but that has not stopped fraudsters from seeing them as another vehicle to financial gain at the expense of shoppers on the hunt for a bargain.
In this case, they sometimes use fake coupons to lure would-be-shoppers to a website where they may be asked to input their credit card information. It may well be that the user has been offered a coupon, or seen one on social media.
As with voucher scams, the problem is spotting fake coupons from genuine ones.  The ability to duplicate brands with seeming precision is evident in many bogus schemes, which, when modified with a sense of urgency, can trump even the most vigilant of individuals.
If there is any doubt over the coupon’s authenticity, check official retail store web sites, and above all remain level-headed.