‘Tis almost the season for online shopping…a time that has unfortunately become equally lucrative for both retailers and cybercriminals alike.
So before you go all-in on Cyber Monday (or any other online shopping day of the year), be sure you that you are taking steps to protect yourself online. Here are 6 tips way to stay safe while shopping online.
1 – Don’t enter personal information while using public Wi-Fi
As convenient as those public Wi-Fi networks are, one thing they generally aren’t is secure. And if your data isn’t being encrypted, then it’s possible for any smart hacker to simply plant himself (either in person or virtually) in a local establishment and steal your identify. So bookmark the things you way to buy on your device, but best practice is to wait until you are back on a secure network to complete any transactions.
Along these same lines, it’s wise to always use a little extra caution when using your smartphone for online purchasing. These devices are usually less secure than your desktop and due to the increased usage by consumers, they are good targets for criminals attempting to install malware that helps to steal your personal data.
2 – Look for HTTPS in the URL
Any time you are going to be entering personal information online, look first at the URL for the “https” – that added "s" verifies that the site is secure. Sites with HTTPS use Secure Socket Layers (SSL), which encrypts the information being transmitted, ensuring that only the intended recipient (the retailer you are purchasing from) can see the information. Other signs that a site is secure include a lock icon, or an unbroken key that appears at the bottom of the screen.
If a site does not have this, you should not proceed with any type of online transaction.
3 – Stay in control of where you land on the internet
Best practice online is to always stay in control of where you land. And that means that it’s always better to navigate to a website yourself, as opposed to blindly following a link in an email. By typing the known address directly into your web browser, you will avoid landing on a phony site whose sole purpose is to steal your information.
If right now you're thinking, "but then I'll miss out on that awesome deal" then understand that that is EXACTLY what the hackers behind that "buy now!" message want you to believe. This extreme sense of urgency is a giant red flag of a phishing email or text, and all the more reason to back away from the device.
Phishing emails are rampant and because hackers follow the news and trends, the holiday season provides a ton of great source material to lure people in. As cybercrime has evolved, so has the quality of these emails, meaning they often do a fantastic job of spoofing trusted retailers, banks, credit card companies, etc. A good rule of thumb is to avoid any emails promising unbelievable shopping deals that seem too good to be true…because they probably are.
Be especially wary of any emails requesting personal information from you – it has been confirmed time and time again that banks or other reputable organizations don’t ask for private information via email.
Another quick tip is to hover over a link (without clicking) first, which will reveal the actual destination – in a phishing email, the destination URL will not match the legitimate site. This is one more way that you can quickly (and safely) identify and avoid bad links.
And finally, remember that if a deal from a retailer is legit, you'll just as easily find it by navigating directly to their official site.
4 – Update your browser
A browser (or any software or operating system) that’s not up-to-date is like having an open-door policy for hackers. If you never really understood what those pesky “you have updates to install” messages were and have been ignoring them, then stop.
In a nutshell, the purpose of these updates – and why installing them is critical – is to apply security patches against known vulnerabilities. Microsoft, for example, pushes updates to the Edge browser. Or there was the recent iOS update that Apple urged users to install as soon as possible.
You can learn more about why patch management is a necessary step in good network security here. While these patches aren’t a guarantee against getting hacked, they do at least protect you from security holes that hackers know about and are actively exploiting.
So make sure that you are always running the most current version of your browser, your software, and your operating system, including your smartphone’s.
5 - Follow best practices for your password
It’s almost time to learn the worst passwords of 2016, and despite all of the sound advice around password management, there is a strong possibility that the list will closely resemble 2015's worst passwords.
The very first piece of advice we have? “Password” is NOT a good password.
As challenging as it may be to remember complex passwords, they are essential to your online security. If you want to avoid getting hacked due to poor password management, be sure to follow these best practices:
- Use unique alpha-numeric passwords (strings that combine both upper and lowercase letters, numbers and other characters)
- Use a minimum of 8 characters, though 12 is even better
- Do not use actual words that can be found in the dictionary – password-cracking algorithms can try thousands of common words and names within minutes
- Do not use simple keyword combinations like “qwerty” and “123456” – they are incredibly common and simple to crack
- Avoid using personal data like birthdate, SSN, names of family members or street address
- Change your password regularly – every 3 to 6 months is best
- Do not use the same password for every account…if you do so and one account gets hacked, then every other account is also vulnerable. One tip that we suggest is to the most complex passwords for your most sensitive accounts (banking, credit cards, etc.), and then have several other combinations (these can be less complex) for accounts that contain minimal personal data. In this way, you minimize the risk of exposing every account should one be hacked or experience a data breach.
- Don’t store your passwords in plain sight; writing them down isn’t the worst idea, but store that list in a place that isn’t easily accessible. One tip around this is to create a list for all of your online accounts, and then next to each one note your login name and a clue as to which password it uses.
Using a password manager is also an option. There are several online third-party vendors that provide this service, including LastPass, DashLane and 1Password. They work by securing all of your passwords in the cloud with one master password. Of course, that master password needs to follow all best practices. There are also local password storage programs available – this works by storing everything on your computer. Vendors include Roboform, PasswordSafe or Keepass.
Finally, you can also create your own list of passwords and password-protect or encrypt the file.
6 – Stay vigilant and stay informed
Perhaps the best advice we can offer around this topic is to stay vigilant, educate yourself and then trust your instincts. If something sounds too good to be true, it is. Understanding the social engineering tactics being used against you is your best defense, because when you know, you can react to phishing attempts or “deal of a lifetime offers” unemotionally. It allows you to avoid reacting emotionally, which is exactly the goal of these scams. If an online store seems questionable, then don’t shop there. If it appears you are being redirected to an unsecure webpage at any point in the checkout process, then abandon it and leave. Sites that look really old, are filled with pop-ups or are filled with spelling errors or things that just look “off” to you are not worth the risk.
It may be disappointing to leave behind that great deal, but more than likely in doing so you are actually saving yourself from a much bigger loss.
Want more great technology tips, alerts, and news on trends that can help protect your data? Sign up for our blog and you'll get all the tech news you can use delivered straight to your inbox each week.