With Autumn officially underway and the time for Christmas shopping fast approaching, it’s important to make sure you stay safe when buying things online.
Scammers love this time of year and will be primed and ready to take advantage of all the online transactions that are about to take place. Here are a few of our top tips for staying safe when shopping online.
Check for device updates before you shop
Computers, tablets, and smartphones that have old software are vulnerable. While you may not want to wait through a 10-minute iPhone update, it’s going to keep you more secure, as hackers often use vulnerabilities found in device operating systems. Updates install patches for known vulnerabilities, reducing your risk. Make sure to install all updates before you use your device for online shopping.
Don’t go to websites from email links
Yes, it’s annoying to have to type in “amazon.com” rather than just clicking a link in an email, but phishing scams are at an all-time high this time of year. If you click on an email link to a malicious site, it can start an auto download of malware. It’s best to avoid clicking links and instead visit the website directly. If you want to make things easier, save sites as shopping bookmarks in your browser.
Use a wallet app where possible
It’s always a risk when you give your debit or credit card to a website. Where possible, buy using a wallet app or PayPal, as this eliminates the need to give your payment card details directly to the merchant. Instead, you share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.) which are far more secure.
Remove any saved payment cards after checking out
There are many websites (including Amazon) that automatically save your payment card details. Yes, it may make the next buy more convenient, but it puts you at risk. A hacker with access to your device or account could make purchases using the payment detailed that are stored in your account. There is also the risk of a data breach of the retailer, leaving your bank account vulnerable. The fewer databases you allow to store your payment details, the better for your security. Immediately after you check out, remove your payment card from the site. You will usually need to go to your account settings to do this.
Make sure the site uses HTTPS (emphasis on ‘S’)
HTTPS has largely become the standard for websites now. This is instead of “HTTP” without the “S” on the end. HTTPS means that a website encrypts the data transmitted through the site. Such as your name, address, and payment information.
You should NEVER shop on a website that doesn’t use HTTPS in the address bar. An extra indicator is a small lock icon in front of the website address.
Double check the site URL
We all make typos from time to time, especially when typing on a small smartphone screen. One typo can land you on a copycat site (such as Amazonn.com). Hackers buy domains that are close to the real ones for popular retailers. Then, they put up copycat sites designed to fool users that make a mistake when typing the URL. Take those extra few seconds to double-check that you’ve landed on the correct website.
Never shop online when on public wifi
When you connect your device to public Wi-Fi, you might as well expect a stranger to be stalking you. Hackers LOVE the holiday shopping season and will hang out in popular public Wi-Fi spots. They spy on the activities of other devices connected to that same free hotspot, which can give them access to everything you type in, such as passwords and credit card information. Never shop online when you’re connected to a public Wi-Fi network. Instead, switch off Wi-Fi and move to your mobile carrier’s connection.
Be on high alert for brand impersonation emails & texts
Phishing scammers were very active during the holiday shopping season of 2021. There was a 397% increase in typo-squatting domains connected to phishing attacks. Attackers know that people are expecting retailer holiday sales emails, and they also get a flurry of order confirmations and shipping notices this time of year. Hackers use these emails as templates, impersonating brands like ASOS, Amazon, John Lewis and others. Their emails look nearly identical to the real thing and are designed to trick you to get you to click and/or log in to a malicious website. Be on high alert for brand impersonation emails. This is another reason why it’s always better to go to a site directly, rather than by using an email link.
Enable banking alerts & check your account
Phishing Check your bank account regularly. Look for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app.
For example, many banks allow you to set up alerts for events such as:
- When a purchase occurs over a specified dollar amount
- When a purchase occurs from outside the country
How secure is your mobile device?
Mobile malware is often deployed in holiday shopping scams. How secure is your device from malicious apps and malware? Contact us today for a security check-up.