And so this is Christmas, we’re setting up our Christmas trees, hanging our lights, eating, drinking, and shopping furiously to get all our presents in time for Santa’s arrival. And the hackers, they love Christmas too, and are preparing just as much, setting up fake phishing sites, spreading malware, setting up ATM skimmers, harvesting credit card data and finding new vulnerabilities to exploit in shopping sites.
You may not be able to stop your credit card information from being stolen by a cyber thief, but you can limit the damage, and reduce your risk of this happening to you, so c’mon people, protect yourself over the holiday season!
Here’s my top safety tips to make your Christmas online shopping more secure:
1. Make sure your computer’s browser, browser plug-ins, software, antivirus and malware detection software are all patched and up to date.
2. Make sure you are using a computer that’s secure! How do you know your friend’s computer isn’t compromised and has a keylogger installed? And DON’T do any shopping from shared terminals such as internet cafes, and free public WiFi connections.
3. Type the web address of your favourite shopping websites into your browser. Search results, online ads and links in emails may direct you to bogus sites designed by cyber criminals to extract personal information.
4. Look out for phishing emails and scams, they are rampant this time of year, with content ranging from lost parcels or shipment tracking, through to holiday competitions and xmas shopping sales offering big discounts.
Don’t get fooled, don’t click on any links or attachments in these types of emails as they are often malicious. First verify with the sender that they actually sent the email. Webmail accounts get hacked all the time, just because the email came from a friend’s address, doesn’t mean that they actually sent them. These emails will often send users to malware infected websites that mimic the look of the legitimate website but secretly load malware onto the computers of users who visit the site. Same goes with ads that pop up on sites!
5. Ensure the information you type into a website is encrypted. To do this, look for the green bar below.
Or check to see that the URL address starts with “HTTPS” in the URL address bar, then click on the icon of the security lock, and then click “View Certificates”. In the window that pops up, make sure the certificate is still valid:
Just because the URL has an “S” after “HTTP,” making it read “HTTPS,” does not mean the site is secure. Validating the certificate can help mitigate security risks. Handy hint, if the domain ends in something like .ru (for Russia), .su (Soviet Union), or .cn (China) be wary, unless you are planning on buying goods direct from these countries there is a good chance you are on a fake site, where possible stick to your big retailers.
6. Be cautions of phone, email and/or SMS scams, this time of year these social engineering attacks are rampant, the call may claim to be from your bank or a financial institution, it may be a so-called secure alert indicating “fraudulent activity” on your account. Never give out any information, banks will never contact you via email and ask you to verify information or click on a link. If in doubt, call the bank directly.
7. Avoid using weak passwords for any online site. Use a different password for each site, store your passwords securely and auto-generate new, strong passwords with a passport management tool like LastPass or KeePass.
8. If a website looks too good to be true because the prices are so low, it may well be a scam operation vying to obtain your credit card information or to surreptitiously download malware onto your computer.
9. Make online purchases using a credit card with a small credit limit, or use a prepaid credit card. This limits your potential exposure to risk.
10. Beware of unexpected gift baskets that contain USB devices, CDs or anything else you might plug into a computer. Attackers often send devices as gifts or promotional items to organisations they are targeting. The devices may have malware on them, and when unsuspecting victims connect the device to their computers they become infected.
11. Check wireless hotspots with an entity you are visiting before signing on to a network you believe is theirs. Attackers often set up free Wi-Fi connections in locations that offer free Wi-Fi service. The attackers name their wireless network connection with a name that is similar to the business you are visiting.
For example, the Melbourne Airport customer Wi-Fi service might be called “Melbourne Airport,” but the attacker has created another Wi-Fi service called “Melbourne Airport Free WiFi.” If you connected to the “Melbourne Airport Free WiFi” service, an attacker could be tracking your every move.
12. Verify with other friends or associates, or through a search engine like Google, that people who are trying to connect with you on social media sites are legitimate people who want to become friends or business contacts. Some people who want to connect with you may be attackers that insert malicious code into links on your page. When people click on the link their computers could become infected and could allow an attacker to steal credit card information when online purchases are made. Popular attack avenues are fake LinkedIn and Facebook requests.
13. Use common sense, its amazing how many attacks can be avoided just by using common sense. If it doesn’t feel right, better safe than sorry, move on to your next store.
And lastly have a great holiday season!