With the rise of mobile and online shopping, shoppers are gaining plenty of convenience—and also taking on extra risks. Hackers are poised to steal the funds and identities of shoppers who don’t take steps to protect themselves.
LogRhythm, a cyber security company, points out that because so many people now shop from mobile devices, which are often less protected than computers, information technology workers expect a rise in cyber crime this holiday shopping season. IT workers surveyed by the company said they were most concerned with phishing attacks, where hackers pretend to be reputable companies and persuade victims to share their personal information, such as credit card numbers, with them.
One of the most common methods is for a hacker to send an email to a victim claiming to be from a bank, retailer, or other company that then directs them to another site, which then captures their personal information. (That’s one reason to avoid clicking on hyperlinks from inside emails, even if they appear to be from a recognizable company.)
To avoid that kind of scam and others, here are the latest tips on how to stay safe while shopping online:
1. Skip attachments and hyperlinks. LogRhythm warns that even attachments from people you know can be nefarious, since those acquaintances could be infected with a computer virus themselves. If the email contains unusual or scant wording, don’t open the attachment. The same logic applies to hyperlinks in emails (or requests for information received over text message); LogRhythm recommends first hovering over the link to make sure it’s going to direct you to a valid address.
2. Don’t make purchases over coffee shop-lattes. Any public wi-fi connection, such as those offered at coffee shops or libraries, carry extra risks, since they aren’t private. LogRhythm recommends against shopping online or engaging in any financial transactions, such as logging into your bank account, from such hot spots.
3. Protect your smartphone. Web browsers and retailer apps on mobile devices make it easy to shop on the go, but doing so can also expose shoppers to extra risks since many phones don’t have the same kind of data encryption that’s often installed on computers. Even taking a relatively simple step, such as enabling the password lock feature on your phone, will make it harder for a thief to access private data stored on the phone in case it’s lost or stolen. Computer security company McAfee also warns against downloading apps that might steal personal information.
4. Don’t trust your ‘friends.’ Hackers target social media, including Facebook and Twitter, because they know it’s easier to get people to click on a link that appears to be recommended from a friend. McAfee has identified dozens of examples, including free dinner offers at Cheesecake Factory and fake mystery shopper invitations. Offers that sound too good to be true, such as free iPads or free iPhones, are also a common lure. The company cautions against clicking on fake alerts from friends, who may have been hacked themselves, and avoiding shortened links on Twitter that claim to offer deals.
5. Open e-cards with caution. They can be cute, but they can also be malicious. McAfee warns that some e-cards download viruses onto your computer when you download them. To avoid that outcome, the company suggests only opening e-cards from domain names that you recognize as big e-card sites.
6. Upgrade your passwords. The holiday season can serve as a good reminder to give your passwords a makeover; security experts recommend changing them regularly as a precaution against hackers. Avoid common and simple words, use long combinations of words that also incorporate numbers or symbols, and never use duplicate passwords for multiple accounts.
7. Check up on an e-retailer before making purchases. Some fly-by-night operations take advantage of the uptick in shopping around the holiday season to collect cash without ever mailing out the goods in return, warns the Better Business Bureau. The same applies to in-person exchanges on Craigslist or other online sites. To protect yourself, the bureau recommends never wiring money or paying in advance, and bringing a friend to any in-person exchanges.
8. Review your statements. The first sign of identity theft is often an unfamiliar charge on a credit card or bank statement; reviewing those statements carefully and contacting your bank or card provider with any concerns can prevent a theft from expanding. Credit cards usually come with some measure of automatic protection, as long as you report the scam relatively quickly.
Following these tips might leave you feeling like the Grinch—be suspicious of friends?—but the real holiday downer would be dealing with a stolen identity when you’re trying to enjoy the spirit of the season.