Joseph Carson, Chief Security Scientist & Advisory CISO, Delinea, offers top tips to follow to keep you safe on your next online shopping free.
Consumers are always looking for a bargain and the best time of the year is just upon us with White/Yellow Friday enticing every excited shopper to look for the best deals ahead. However, it is also a time when cybercriminals are also looking for the best opportunity to exploit our trust and offer deals that are simply too good to be true. However hidden behind those fake deals, are attempts to steal identities, sensitive data and empty consumer wallets.
So, here’s top tips you should follow to ensure you don’t get more than you bargained for on your next online shopping spree.
1. Replace your password with a passphrase or even better a Password Manager
One of the most effective and simple security controls that an individual can implement this shopping season is the creation and use of strong passphrases. Most online retailers do not notify customers when their password is weak or needs to be changed. As a general rule, the same password should NEVER be used twice. Using a passphrase, a sequence of random words with a few symbols is an effective approach. The smart choice is to use a password manager to help create passwords that are unique, long, and complex to protect your digital life and help move passwords into the background. Let a password manager do the hard work for you so you can enjoy safer internet shopping.
2. Before “clicking” stop and think “PHISH”
The following “PHISH” acronym offers a fun way to remember simple best practices to deter even the most sophisticated cybercriminals:
· PAUSE: We’re all in a hurry but take a moment to examine every email before clicking on anything.
· HOVER: Hold your cursor over any link to make sure the destination matches and looks legitimate before clicking on it.
· INSPECT: Check the email and see if anything looks off, such as easy spelling/grammar errors, fuzzy graphics, etc.
· SOURCE: Rather than clicking on a suspicious link that requests sensitive information, go directly to the website, and confirm whether the requesting organization is really asking for it.
· HELP: If you aren’t sure if an email is legitimate or not, ask for help or call the person/organization directly to confirm it’s not a phishing request. Never be afraid to ask for help.
3. Limit personal information
Often, online retailers will require customers to create a user account before they can proceed with finalizing their purchase. In events where this is required, a user should only enter the basic information needed to activate such an account. Providing excessive information, such date of birth, identity document details and phone numbers can increase cybersecurity risks. If a user already has this information set with certain online retailers, it is important that it is hidden or removed from a profile. Where possible, it is best to proceed as a ‘guest’ when checking out. Only if you shop frequently should you consider creating a profile however always remember to use unique passwords.
4. Create several digital identities and avoid use of public Wi-Fi
The creation of multiple accounts can limit the amount of risk a user’s information is exposed too. Setting up a few email accounts, each with a different purpose, is a good security practice. For example, having individual accounts for making purchases, subscribing to newsletters, and using services that require an email address. Some solutions today help you create one time use email addresses.
Where possible, it is also best that people avoid using public Wi-Fi network without VPNs when making online purchases. If you do need to use public Wi-Fi, be aware of suspicious ads, be a least privilege user while browsing and always assume your data is being monitored. You should also be sure to disable “Auto Connect Wi-Fi” or enable “Ask to Join Networks” settings. Since cybercriminals often use Wi-Fi access points with common names like “Airport” or “café”, your devices could inadvertently auto connect without you knowledge. However, using your cell network personal hotpot over public Wi-Fi is always preferable.
5. Check for HTTPS sites
You should also focus on using websites that have HTTPS in the URL, where data transferred between the web browser and the website is encrypted for enhanced protection. However, it is important to know that HTTPS only means the traffic is secure and you want to be 100% sure that the website you are shopping at is also a trusted vendor.
6. Use credit card or secure payments versus debit card
When making online purchases, shoppers should use a credit card or secure payment capabilities. This should be done while also incorporating the aforementioned tips like using trusted vendors, HTTPS websites and avoiding public Wi-Fi.
7. Increase default security settings
Many websites’ privacy functions are basic or often turned off. Make sure to review what privacy and security options are available to you and enable them. Make your account less visible and make sure security measures are sufficient for the data or services you plan to use the account for. If multi-factor authentication (MFA) is available, use it. Also, make sure to enable alerts and notifications on all your accounts so to ensure you are apprised of any suspicious activity that arises. We must move from security by design to security by default.
8. Education and Awareness – A strong secure digital society
Education and Awareness is key to protecting you from cybercrime.
It’s important to build a culture around cyber security and awareness that enables you to seek help when you notice suspicious activities. The earlier, the better. Being vigilant online Flagging suspicious emails with attachments, hyperlinks, and unknown senders Identifying suspicious applications Avoiding clicking on ads or links from unknown sources Limiting activities that occur on insecure Wi-Fi networks helps you avoid breaches and identify them early before becoming devastating events.
9. Stay Patched and Update Software
All systems and applications must be patched to prevent cyber criminals and malicious hackers from exploiting existing vulnerabilities to access systems. Patches are excellent for identifying and correcting vulnerabilities in software and applications that could leave them vulnerable to cyber-attacks. Regular updates and patches can also fix bugs, improve features, or help the app operate more effectively. These measures don’t prevent all cybercrimes, but they make you a more difficult target.
10. Beware of the Secondhand Market
Many shoppers this year might be persuaded to save some money and opting to purchase secondhand tech goods. You should always take the same precautions when shopping online, but you must go one step further to stay safe. If you are selling your older or buying secondhand tech equipment such as phones, smart devices, laptops, computers, games consoles and even cars which today are simply computers with wheels then you should ensure you have taken steps to make them safe to give away or use secondhand.
1. Unsync your old devices from your accounts
2. Log out of your accounts
3. Delete any data or apps from the devices
4. Erase and format any hard disks (ensure you have copied or backed up any important data you do not want to lose.
5. Restore to factory settings before using or giving away
All too often it is common to find sensitive data on secondhand devices as users save passwords in the browsers or sync’d their smart phone with their car leaving all of their apps logged in, contact data and sensitive messages that might contain passwords and usernames. To ensure sensitive data is not lost or malicious apps are not hidden on devices reset them before use.