Online shopping can be a great solution to holiday shopping, allowing you to find the perfect gift and saving time; however, it also can end with identity theft, malware and other cyber unpleasantness.
Take a few simple security precautions to help reduce the chances of being a cyber victim during the holidays.
When purchasing online this holiday season — and all year long — keep these tips in mind to help minimize your risk:
- Do not use public computers or public Wi-Fi access for your online shopping. Public computers and wireless networks may contain viruses and other malware that steal your information, which can lead to identity theft and financial fraud.
- Secure your computer and mobile devices. Keep the operating system, software, and/or apps updated and patched on all of your computers and mobile devices. Use up-to-date antivirus protection and make sure it is receiving updates.
- Use strong passwords. The use of strong, unique passwords is one of the simplest and most important steps to take in securing your devices, computers, and online accounts. If you need to create an account with a merchant, use a strong, unique password. Use at least 10 characters, with numbers, special characters, and UPPER and lower case letters. Use a unique password for every site or a different password for each account.
- Know your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s physical address, when available, and the phone number, in case you have questions or problems. Do not create an online account with a merchant you don’t trust.
- Pay online with one credit card. A safer way to shop on the Internet is to pay with a credit card rather than debit card. Debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information is stolen or used improperly. By using one credit card, with a lower balance, for all your online shopping, you also limit the potential for financial fraud to affect all of your accounts.
- Check your receipts against your statements to make sure they are authorized charges. If anything looks fishy, report it immediately.
- Shred your old receipts, statements, expired cards and credit card offers to prevent “dumpster divers” from getting your personal information.
- Look for “https” in the Internet address (URL) when making an online purchase. The “s” in “https” stands for “secure” and indicates that communication with the webpage is encrypted. This helps to ensure your information is transmitted safely to the merchant and no one can spy on it. Alternatively, look for the lock symbol in the Internet address bar. (It is sometimes green.)
- Do not respond to screen pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close the window. These could be social engineering attempts designed to convince you to open malware or click on a malicious link.
- Never respond to emails asking for personal and financial information. Don’t give out your personal or financial information via email or text. Thieves may be attempting to capture passwords, logins, credit card details and other information.
- Do not auto-save personal information. When purchasing online, you may be given the option to save your card number and personal information online for future use. The convenience is not worth the risk. If the site is breached and the vendor has not done a good job protecting your card information, it could mean trouble. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you will spend trying to repair the loss of stolen information.
What to do if you Encounter Problems with an Online Shopping Site:
Contact the seller or the site operator directly to resolve any issues. You may also contact the following:
- Your state’s Attorney General’s Office or Consumer Protection Agency
- The Better Business Bureau – www.bbb.org
- The Federal Trade Commission – http://www.ftccomplaintassistant.gov
Information on many current scams can be found on the website of the Internet Crime Complaint Center: http://www.ic3.gov/default.aspx and the Federal Trade Commission: http://www.consumer.ftc.gov/scam-alerts.
Other Holiday Cyber Tips
- Change your coffee pot’s password. Connectable devices are a hot item for holiday gift-giving, whether it is a coffee pot you can turn on with an app on your phone or a drone or a smart light bulb system. These devices are hackable and most come with easy pre-set passwords that take hackers only seconds to get past. When you are setting up your new gadgets, take the extra time to reset the password they came with.
- Watch for scammers requesting donations for a charity, especially around the holidays. When in doubt, contact the charity using a phone number or email address you have obtained independently. A little investigation can make a difference.
- Who really sent the online holiday greeting card? Be careful about clicking links on holiday cards that show up in your inbox. While you may have become cautious of email subject lines like “Help…” or “Urgent…,” something that says “Happy Holidays from the Johnsons” might slip through your defenses. Do you know any Johnsons? Did you get a paper card from them already?
- Careful of package delivery notices. Fake delivery notices are on the rise. Phishing emails that try to get you to click on a link that can install malicious software on your computer are a potential problem.
- Watch for typo squatters. Review the URL you type into your browser. Make sure you are where you think you are. Cyber criminals know users make typing mistakes, especially when in a hurry during online holiday shopping. They register lots of typo-ridden addresses that take you close to where you meant to type. If you type AuntSalliesGiftShop when Aunt Sally spells the business with a “y,” not “ies,” you may end up at a perfectly-copied fake site.
Prevent Fraud when you Carry Cards
To protect your accounts and minimize risk of exposure:
- Carry only the cards you need. Leaving unnecessary cash and cards at home will help limit exposure to theft and fraud. The holiday season is a heightened time for pickpockets and stolen cards.
- Keep credit and debit cards close. Lock your vehicle doors. Never leave a wallet, purse or cell phone with a credit or debit card case visible in a vehicle or unattended. It only takes seconds for a thief to steal a wallet and all of the personal information it contains.
- Watch for “shoulder” surfers. Shield the keypad when typing your passwords on computers and at ATMs.
- Never let a salesperson take your card out of sight. Skimming devices, which record card information, can be hidden in a hand or under a counter.
- Don’t give your cards to family or friends to make purchases. It may be more convenient when trying to complete your holiday shopping list; however, once your card is out of your hands, it is out of your control.
- Make a list of your card numbers, expiration dates and security cards, including cards that are re-issued to you when they expire. Keep this record in a safe place, separate from where you keep your cards. Use this information, if you ever have to report your card lost or stolen.