South African retailers are gearing up for another major round of Black Friday shopping later this week.
Nearly two-thirds of organisations, including online retailers, saw severe exploits targeting their networks during the past quarter. And the number of compromised web sites, charity scams, email phishing campaigns, malicious web access points, and even fake shopping sites will all explode over the next two months.
So, in addition to checking your credit card balances and making out your shopping lists, you also need to take precautions before doing any activities online. If done right, the Internet can be a safe and convenient way to enjoy shopping writes Doros Hadjizenonos, regional sales director at Fortinet in South Africa.
Here are four simple rules to follow this week:
Be careful how you connect to the Internet
Public WiFi sites are a haven for criminals looking to intercept your connection and use it to steal passwords, baking or credit card information, and other personal data. If you are looking to connect to Wi-Fi, for example, take a second and ask someone the name of the access point being sponsored by the store. Because not every open access point is safe to use.
Someone advertising “Free Wi-Fi” may be connecting you to the Internet through his device, which means he can see and capture all the traffic moving between you and your online shopping site, bank, or social media accounts.
And even if you are connected to a legitimate access point, make sure that the sites you are using are protected using SSL, or consider using a VPN service to protect your transactions. Unencrypted data, even if it is just moving a few feet from your device to a local wireless router, can be intercepted or compromised.
Manage your mobile devices
One of the most frustrating experiences mobile device users used to deal with was always having to negotiate a connection to the Internet, even when at home. Modern phones have addressed that problem by always actively searching for the wireless devices you usually connect to. And any access point you have connected to in the past, whether from a hotel or a coffee shop, is probably on that list of familiar devices. And once your phone finds a network it thinks it knows, it will automatically try to connect to it.
But there are tools available to criminals that can detect the name of the devices your phone is searching for and then pretend to be one of those devices. That means you may be connecting to a compromised access point even when your phone is in your pocket and you are browsing through Takealot. Which is why when you are away from home you should always disable the auto-connect service on your device.
Only download legitimate apps from legitimate sites
Recent reports show that mobile devices running an Android OS are a growing cybersecurity concern, and are especially susceptible to compromise, most commonly by downloading infected applications. According to one report, over 3-million new Android malware samples were discovered last year, and one of those malware apps managed to infect over 500 000 Android devices.
Many of these apps hide on a device and monitor web and application traffic. The chance that a compromised app can intercept your financial or other personal information is especially high.
To combat this challenge, only download apps from legitimate application sites and never allow installations from “unknown sources.” And second, download a security tool from a legitimate app store and scan your device to see if it has already been compromised.
Think twice before shopping at an unfamiliar online store
If you are shopping at an unfamiliar online store, the best place to start is to be sceptical. Unusually low prices and high availability of hard to find items are red flags for scams. Sure, there are some good deals out there. But people invented the phrase “too good to be true” for a reason. If you are going to shop at an unfamiliar online store, follow some basic strategies to protect yourself and your assets:
* Before you click on a link, hover your mouse over it. This should reveal the URL address it is connecting you to. Look at it carefully. Is the name too long or does it contain lots of hyphens or numbers? Does it replace letters with numbers, such as amaz0n.com? If so, don’t click on it.
* The better choice is to a) enter the name of the site into your search engine to see if anyone has complained about it, and b) go directly to the site rather than clicking on the link. A legitimate retailer will provide you with access to any authentic deals advertised online.
* Once you connect to the retailer, take a minute to look at the website. Does it look professional? Are the links accurate and fast? Are there lots of popups? These are all bad signs. Bad grammar, unclear descriptions, and misspelled words are other giveaways that the site is probably not legitimate.
* Before you start shopping, take a look at the checkout system. Avoid sites that require direct payments from your bank, wire transfers, or untraceable forms of payment. Then make sure that it accepts major credit cards. You will want to use your credit card and not your debit card if you decide to make a purchase as most credit cards have built-in fraud protection and they are not directly connected to your checking or savings account. Check with your bank or your card provider to learn more about what protections your card provides.
As our ability to purchase items, make online transactions, and connect to others through smart devices gets easier, we need to understand that these conveniences come with risks. Cybercriminals are determined and informed on the latest trends and how to exploit them. Which is why we need to take the time to educate ourselves – and our friends and family – about shopping carefully.