7 Online Shopping Tips for the Holidays
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
Image Source: Adobe Stock: Pixel-Shot
Keep All Devices Clean
Before picking out that perfect present for a loved one, make sure all your Internet-connected devices ‒including PCs, smartphones, and tablets ‒ are free from malware and infections by running only the most current versions of software and apps, says Kelvin Coleman, executive director of the National Cyber Security Alliance (NCSA). As a general rule, he says, users should run antivirus scans either at the beginning or end of the day.
Consumers are notoriously bad at these basic cyber-hygiene practices, adds Alan Webber, program vice president for customer experience at IDC. He recommends turning on the auto-update feature on smartphones and all other devices. as well as turning on encryption.
Image Source: Adobe Stock: Thodonal
Form a Wi-Fi Strategy
While it's very convenient to use public Wi-Fi to shop online while out and about, it's not cyber-safe, says NCSA's Coleman. Don't make purchases via public Wi-Fi unless it's absolutely necessary, and if you have to use public Wi-Fi, make purchases over a VPN. You can also set up your phone as a local hotspot.
In addition, never use the default Wi-Fi password on your home router, and, says IDC's Webber, be sure to change Wi-Fi router passwords at least every four months. He also recommends keeping the firmware updated on the router. If you haven't done so in a while, make sure you update the router software before the height of the online shopping season. Another tip: Turn off "broadcast" on your home routers so strangers can't do a drive-by scan of your network.
Setting up a separate SSID for online shopping makes sense, too, says Derek Manky, chief, global threat alliances at FortiGuard Labs -- while acknowledging it may be too technical for many people. If you decide to take it on, consider making the online shopping segment separate from the SSID you use for gaming and other household IoT devices.
Image Source: Adobe Stock: Phonlamaiphoto
Have an Authentication and Password/Passphrase Plan
Create long and unique passwords/passphrases for all accounts and use multifactor authentication (MFA) wherever possible, NCSA's Coleman suggests. Most mobile apps offer an MFA option, so set that up on mobile and all other devices. MFA can fortify online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to a smartphone or mobile device.
IDC's Webber advises users to get craftier with their passwords/passphrases. One idea: Pick a phrase, such as, "I plan to travel to Hawaii next year," and each time you have to change your password, start with the second, third, or subsequent letter of each word in the phrase. So, once "ipttthny" expires, your second password under this scheme would be "iloroaee." Since most people have 35 to 50 passwords, if they create roughly 10 phrases and use the letters cleverly, they should stay safe, Webber says.
Another tip: According to new NIST guidelines, users should avoid complex passwords that use special characters (#, @, &, character space, etc.) because they can be used to execute certain attacks, like SQL injections.
Image Source: Adobe Stock: Andranik123
Beware of Fraudulent E-commerce Sites
Fraudsters typically go into high gear with setting up fraudulent e-commerce sites during the holidays, says NCSA's Coleman. Just do your homework, especially if you're unfamiliar with a site. For example, prior to making a purchase, read reviews to learn what other consumers have said. Also, see whether the merchant has a physical location or has posted customer service information. You might also want to call the merchant to confirm it's legitimate.
As for online offers during the holidays, IDC's Webber says never click on a link. Wherever the offer comes from, go to the site and see if you can find it. Bigger picture, it might not be best to shop on unfamiliar sites during the holidays at all.
Image Source: Adobe Stock: Stuart Miles
Only Use Credit Cards for Online Shopping Purchases
Consumers are always better off using credit cards for online shopping than a bank card. According to NCSA's Coleman, it's typically easier for a bank or finance company to issue a credit for a credit card loss as opposed to replacing money lost in a bank account. It's also a good idea to keep tabs on your credit card and bank statements during the holidays is case there are any suspicious charges. That's good advice all year-round, of course, but it especially makes sense to pay attention during the holidays.
Image Source: Adobe Stock: Mix And Match Studio
Don't Share Too Much Information With Charities
Charities often double-down on their efforts during the holiday season. It's great if you want to contribute, but don't feel compelled to provide all of the information they're collecting to complete a transaction. If they request more data than you feel comfortable sharing, cancel the transaction. Only fill out the required fields at checkout and don't save payment information in your profile, especially if it's a first-time contribution. If the account auto-saves against your wishes, after the purchase go in and delete the stored payment details.
Image Source: Adobe Stock: Rawpixel.com
Make Sure You Land on the Right Website
Fortinet's Manky says consumers should look carefully at the URLs returned by search engines and the websites they're taken to. Some could be compromised by attackers and lead you to equally compromised websites. Attackers pull this off a few ways, including malicious SEO, which not only harms a website's search ranking, but for shoppers can expose them to malicious code and take them to nefarious websites. Waterhole attacks are another tactic, in which attackers specifically target high-ranking, high-traffic sites. Bottom line: Make sure you land on the page you intended to go to, Manky says.
Image Source: Adobe Stock: Bilalulker
Make Sure You Land on the Right Website
Fortinet's Manky says consumers should look carefully at the URLs returned by search engines and the websites they're taken to. Some could be compromised by attackers and lead you to equally compromised websites. Attackers pull this off a few ways, including malicious SEO, which not only harms a website's search ranking, but for shoppers can expose them to malicious code and take them to nefarious websites. Waterhole attacks are another tactic, in which attackers specifically target high-ranking, high-traffic sites. Bottom line: Make sure you land on the page you intended to go to, Manky says.
Image Source: Adobe Stock: Bilalulker
Image Source: Adobe Stock: Pixel-Shot
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024