Shoppers gearing up for the holiday season should be aware of what they’re up against while doing their online shopping. The internet has always been an uncontrolled environment, but it becomes particularly rough during the holiday shopping season.
In preparation for the shopping frenzy, hackers have crafted specific social engineering scams, malspam, and malicious, spoofed websites in efforts to catch people who are expected to spend nearly $4 billion online this year.
It’s important to know the warning signs, so here is a guide to safe online shopping during the holiday season.
1. Go directly to a store’s website instead of using search engines to look for deals. If you find a deal using a search engine, try to verify it by searching for the exact name of the deal in quotes. If it’s a scam, it’s likely someone will have already put out a warning.
2. Don’t be fooled by pop-ups and other digital ads. Many pop-ups could contain fake coupons, redirect you to malicious sites, or expose you to cross-site scripting attacks. If a coupon seems to come out of nowhere with a too-good-to-be-true offer, don’t think twice. Just click the “x” and shut it down.
3. Watch out for social media scams, especially on Facebook. Cybercriminals are using fake or compromised Facebook accounts to post links to amazing deals that don’t actually exist. They’re especially prone to dropping links on the walls of open groups dedicated to shopping. During any given holiday period, there will be an excess of fake offers, deals, and supposed freebies. If you’re being asked to share something on Facebook to get something too good to be true, you can bet there’s probably a scam involved.
4. Delete any holiday-related emails with attachments. Emails with attachments, especially zip files, are suspect — it’s likely that they contain malware. Delete them immediately. If you get an email from a store claiming to have a deal, type the store’s URL directly into your browser instead of clicking on the link. If the site doesn’t verify the deal, you know it’s a fake.
5. Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL when you go to check out. If it’s there, that means the information passed between a store’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”
6. Do not use debit cards to shop online. Debit cards give cybercriminals direct access to your bank account, so it is safer to use credit cards or a PayPal account that’s linked to a credit card. While many banks are cracking down on fraudulent withdrawals, you’ll still have to wait for your money while they investigate the charges.
7. Avoid using public Wi-Fi to shop. If you are shopping and entering personal data, it’s safer to do it on your secure Wi-Fi connection at home or to make sure you are using a VPN on your laptop or mobile device in malls or coffee shops.
8. Watch out for malicious QR codes. QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to a phishing or malware site, printing them on stickers, and placing them on top of the legit QR codes.
9. Don’t give out extra info. If a site starts asking for out-of-the-ordinary personal data such as Social Security numbers or password security questions, close out of the site.
10. Tighten up security before you go shopping this holiday season. Make sure all the software on your computer is up-to-date, including your operating system, browser, and other apps. And if you don’t already have it, install an anti-virus program on your desktop or laptop. In addition, since mobile shopping is set to outpace desktop shopping for the first time this year, it’s a smart idea to download an anti-virus program for your phone if available.