Risks and Recommendations for Online Shopping
September 30, 2016
Today, online shopping is a multi-trillion dollar business that grows every day. But while the Internet offers shoppers convenience, it’s also extremely convenient for attackers—giving them multiple ways to access the personal and financial information of unsuspecting shoppers. The thieves who get your information can profit by either using your information to make purchases directly or selling the information to someone else.
Cybercriminals have multiple ways of intercepting your personal info when shopping online.
Shop only through encrypted sites and don’t give out personal info to suspicious sources.
How online shoppers are targeted:
- Fraudulent websites and email scams – Attackers use fake websites and emails to con unsuspecting shoppers out of their personal and financial information. (Learn more in the article about phishing here.)
- Intercepting transactions – If an online vendor does not use encryption on their website, thieves may be able to intercept your information as it’s transmitted over the Internet. This is called a “man-in-middle” attack. Victims are unaware the thieves are able to see all the details of the transaction.
- Hacking vulnerable computers – Just as in many other attacks, thieves use fake shopping websites that look like the real thing to inject malware onto a victim’s computers and gain access to private information.
Stop Think Connect
Tips for shopping safely online
Only buy or sell from reputable vendors – Before giving anyone personal or financial information, make sure you’re doing business with a reputable vendor. Check with the Better Business Bureau and research the company online to see if it has a good reputation.
Make sure the website uses encryption – Most ecommerce sites today will use encryption. The URL (the website’s Internet “address” such as “https://www.usps.com/”) of encrypted sites begins with “https:” instead of just “http:”. Look for a padlock icon in the address bar near the URL. If the padlock is “locked,” your information is encrypted.
Don’t answer emails requesting information – Attackers often attempt to get personally identifiable information (PII) via emails asking you to confirm a purchase or some other account information or activity. Legitimate businesses don’t collect info this way.
Use a credit card, not debit card – Credit cards today have some level of fraud protection so your exposure is minimized, whereas a debit card generally won’t cover you if you become a victim of fraud. Check with your card provider to be sure of your coverage and liability.
Research your apps – Only use smartphone shopping apps that explain clearly what they will do with your data and how they keep it secure. Unless stated otherwise, you are responsible for all charges made through your shopping app.
Check your bills and statements – Keep your receipts as well as emailed confirmation pages and compare them to your bank statements. If see something out of line, report it to your credit card company immediately.
Avoid shopping on public computers – Public computers should be generally viewed as unsecured and could have tracking software that collects any information you enter.
Check website privacy policies – Before giving any PII or financial information, make sure you understand how your information will be stored and used.