With the popularity of online shopping today, especially since everyone is staying home due to the pandemic, the importance of cybersecurity becomes even more essential to everyone. Shopping, even in the real world, involves money. And where there is money, there are criminals ready to take advantage of unwitting people. Since much (most?) shopping is now happening in cyberspace, these criminals wasted no time in following the money trail straight to a valuable and highly exploitable target: online shoppers.
Online shopping became fashionable when people discovered one is free from stress and fatigue caused by crowds and traffic. There is also the convenience of searching whatever it is you want from your home, at your most convenient time and paying for it without waiting in line. All of these with just a few clicks of a mouse.
How They Do It
The anonymity of the Internet and the ability to easily obtain easy to use exploitation tools provide an easy avenue for even unsophisticated or inexperienced cybercriminals to do their work. They can target online shoppers, fraudulently obtaining the information they can use for their own financial gains. Criminals use three common ways of attacking online shoppers. These aren't the only methods to be sure, but the three below seem to be among the most common recurring avenues to exploit the unaware online shopper.
Unprotected Computers
Unprotected computers are an easy target for viruses and other malicious codes used by cybercriminals to gain access to the information inside it. On the other end, online vendors have to protect their computers, too, against attackers who may access their customer databases.
Fake Sites and Email Messages
In the virtual online world, a site (or an online store) can be faked by these criminals, with no one the wiser. It isn't too difficult for them to get an email list of people who have shopped at a particular site and then send bogus emails to those shoppers. These fake sites mimic the legitimate ones and inherit the business, at least until they are caught or noticed. One way you can tell that these are fake sites is poorly worded language or improper formatting is seen in the email that they send you, the site descriptions, policy pages, and other parts of the website.
Playing on Consumer Emotion During Holidays or a Crisis
Charities have been misrepresented before, especially during natural disasters or holiday seasons where people pour in donation money and aid. Holiday shopping seasons, especially those times closet to the holiday itself, allow the criminal to play on the consumer's sense of urgency in buying last-minute gifts. Never click on a link sent to you in an email. Always go to the charity's website by typing in their known good URL in the web browser address bar.
Charities have been misrepresented before, especially during natural disasters or holiday seasons where people pour in donation money and aid. Holiday shopping seasons, especially those times closet to the holiday itself, allow the criminal to play on the consumer's sense of urgency in buying last-minute gifts. Never click on a link sent to you in an email. Always go to the charity's website by typing in their known good URL in the web browser address bar.
What YOU Can Do - Cybersafety Measures
Maintaining an up-to-date anti-virus program, a firewall and anti-spyware is always the three-pronged first line of defense in cybersecurity. They protect you against viruses and Trojan horses that may steal or modify your data and make your computer vulnerable. Spyware may also give the attackers access to your data.
Update Your Web Browser
Browsers are the gateway between your computer and the Internet. They must be kept updated with the latest security patches and software versions. Use automatic updates whenever possible that the operating programs and utilities are up to date. Microsoft browsers will usually update each month during the regular patch cycle. Browsers like Chrome and FireFox typically update when you open the browser after a new update has been released.
It is likewise important to check the default settings of your computer and apply the highest level of security. This will preempt the attackers to use the default setting of the programs. This applies primarily to browsers, email clients, etc. because these are the connectors to the Internet.
Only Visit Reputable Vendors
Cybercriminals are very good at mimicking the sites of legitimate vendors and make it appear genuine. You need to verify their legitimacy before supplying any information. Keep the phone numbers and the physical addresses of these vendors which you can use in case of problems. Again - Never click on a link sent to you in an email. Always go to the vendor's website by typing in their known good URL in the web browser address bar.
Personally, I use Amazon for just about everything. No, I don't work for Amazon, and this isn't a plug or endorsement for them. It's just that many of the things that I buy aren't even available at my local stores, Amazon carries nearly every product that I can find elsewhere online, and having an account at Amazon decreases the need to create many accounts at the many other vendors online.
Personally, I use Amazon for just about everything. No, I don't work for Amazon, and this isn't a plug or endorsement for them. It's just that many of the things that I buy aren't even available at my local stores, Amazon carries nearly every product that I can find elsewhere online, and having an account at Amazon decreases the need to create many accounts at the many other vendors online.
Security Features and Privacy Policies
As always, passwords and other security features add protection, if correctly used. Never use the same username and password over and over for every site that you have an account. A robust password management program can help you with this. Check the site’s privacy policy before giving out personal or financial information. You have to understand how your information is stored and used.
Encrypted Information
Make sure the information you give out is encrypted. To check if it is, see if it includes a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. Know where the padlock icon is located in your favorite browser because some attackers use fake padlock icons to trick users.
Use your Credit Card
Credit card charges have laws that limit your liability in case of fraud. This may not be the case for your debit card. Because debit cards draw money directly from your bank account, unauthorized withdrawals could leave you penniless. Needless to say, a record of your purchases should be kept aside. Report any discrepancies immediately.
Don't Give Them Unnecessary Information
When you do create an account at a vendor's website and fill out your profile, don't feel obligated to give personal information above and beyond that which is needed for them to properly process your order. For example, they may ask for your birthday, which is not needed to process your order, but to send you an email on your birthday to get you to shop there again. And unless you actually want to receive a barrage of emails from them, be sure to uncheck the box saying that you want to receive email from them in the future. This is one way to help alert you to suspicious emails claiming to be from that online vendor. If you opted out, but then receive a bunch of emails from them, either they are violating the law, or a scammer is using that business's image to try to attack you.
Log Out!
Don't just close your browser, log out of your account and then close the web browser. Logging out will close the open session, and if you have your browser set to delete cached sessions, closing the browser will delete all of your cached information. This is particularly important if you are using public computers, such as those found at a library or "cyber cafe" type of setting.
Don't Give Them Unnecessary Information
When you do create an account at a vendor's website and fill out your profile, don't feel obligated to give personal information above and beyond that which is needed for them to properly process your order. For example, they may ask for your birthday, which is not needed to process your order, but to send you an email on your birthday to get you to shop there again. And unless you actually want to receive a barrage of emails from them, be sure to uncheck the box saying that you want to receive email from them in the future. This is one way to help alert you to suspicious emails claiming to be from that online vendor. If you opted out, but then receive a bunch of emails from them, either they are violating the law, or a scammer is using that business's image to try to attack you.
Log Out!
Don't just close your browser, log out of your account and then close the web browser. Logging out will close the open session, and if you have your browser set to delete cached sessions, closing the browser will delete all of your cached information. This is particularly important if you are using public computers, such as those found at a library or "cyber cafe" type of setting.
Wrapping it all Up
Shopping online is truly a time-saving, hassle-free, and fun way of buying whatever you want on the Internet. The presence of the ubiquitous cybercriminals stalking at every cyber corner, however, necessitates the need for good cybersecurity and awareness practices as well. Pay attention to links sent to you in email. Ensure that you only visit reputable charities and online businesses. Use your credit card instead of a debit card. Use proper password security and ensure that you are only visiting encrypted websites. These simple ways will help you stay safe online, and help to keep you from becoming of these cybercriminal activities.
Stay Safe!
Stay Safe!
