The holiday season is fast approaching, and many individuals will turn online shopping this Black Friday and Christmas to take advantage of amazing deals and offers. In fact, 57% of holiday shoppers do so online as opposed to in store. While this may be more convenient and helps you skip the long lines, it may also put your personal data at risk. Here are several cyber risks to prepare for when shopping online, and how to avoid falling victim to a scam.
Theft of Unencrypted Data
When you shop online, you are constantly sending information back and forth between the seller and yourself. This information may include financial information such as credit card numbers and pins, or personal information like your address or phone number. You may think that your data is protected as it travels across the internet, unfortunately, that's not the case. Websites that operate on the insecure HTTP protocol or outdated certificates may not encrypt your data as they travel across the wire. This means that an attacker may be able to intercept your personal data as it travels to its destination. To avoid losing your private information, only visit websites that use the HTTPS protocol and have an up-to-date SSL certificate. You can also look for the small lock icon to the left of a URL to know whether or not the browser believes it's secure. While not fool proof, this is a basic step every individual should take when shopping online.
Spoofed Websites
It is fairly easy for cyber criminals to setup a false website in order to trick individuals into handing over their money or financial information. Many of these websites look very convincing and may even use graphics or assets from a legitimate website to lend credibility. These websites may be close recreations of actual e-commerce sites such as Amazon, Target, or Walmart, while others advertise fake products or insane deals. To avoid falling prey to these scams, always make sure that the website you're using is legitimate. Double check the URL to ensure it isn't misspelled or using .net instead of the traditional .com. It's also smart to bookmark your frequently visited sites so you aren't having to sift through the search results of Google. Additionally, if a website is advertising a deal that looks too good to be true, it probably is.
Identity Theft
When online shopping surges during the holidays, so does identity theft. Cyber criminals will often breach e-commerce websites or intercept an individual's data in order to gather login credentials, financial information, or other personal info to impersonate them. Using a person's identity, bad actors can make large purchases, trick other people, or sell said data off to the highest bidder. Avoid giving out personal information when you can, and ensure your data is encrypted when you must share data.
Social Engineering
Social engineering is always a threat to your security. Especially during the holiday season, it's important to watch out for phishing emails, messages, or social media posts that may be trying to steal your information. These scams may be out to directly steal your money, financial data, or contain links to install malware or other viruses. Often times, all it takes is one click for cyber criminals to infect your device and steal or corrupt your data. To ensure you don't fall victim to a social engineering scam, avoid following links to sites you don't recognize, always double check who the sender is, and remember that if a deal sounds too good to be true, then it probably is.
What Can You Do?
Users can enjoy the conveniences and discounts of online shopping in a safe way that protects their personal data. There are several, practical steps that everyone should take when browsing online this holiday season. Firstly, you should only visit and shop from websites you are familiar with. When possible, purchases your items from reputable sites such as Amazon, Target, Best Buy, etc. Make sure, however, that when you visit these sites, they are the real deal and not a spoofed domain. Always double check to make sure the URL is correct and that your traffic is encrypted. You should also be wary of emails or text messages you receive advertising outrageous deals and discounts. While many of these deals may be legitimate, attackers will lure victims in with wild discounts and sales on expensive items. If a deal sounds too good to be true, then it probably is. Ensure that you are always thinking before you click and exercising extreme caution when giving out personal information or financial details. Taking simple, practical steps are often the best way to protect yourself from cyber criminals.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services, including security assessment, cybersecurity penetration tests, managed services (MSP), firewall management, and vulnerability management. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
