One of the "not-so-merry" facts about the holiday shopping season is that cyber criminals are poised and ready to defraud online shoppers. Dell SecureWorks' CTU Security Research Team has put together this list of "10 Tips for Protecting Against Holiday Online Shopping Scams." These tips should be followed not just during the holiday season, but all year round. The CTU anticipates that most of this season's most successful schemes won't be from "smishing" and "vishing" scams, where hackers use text and phone messages to con their victims. Rather, hackers will compromise their victims via malicious links on social networking sites and in emails, hijacked Internet searches, fake ads, poisoned websites and phony holiday offers.
Top 10 Safe Online Shopping Tips:
- It is critical to always keep your browser, browser plug-ins (e.g.: document viewers, music and video players, rich content applications) and security software patched and up to date.
- Computer users, especially those who don't have their browser and security software up to date, should be wary of clicking on links posted on social networking and micro blogging sites. These sites have fast become a cybercriminal's playground. Shortened URLs make it easier to share, tweet, or e-mail links to friends but they also create a security threat. It is now much easier for cybercriminals to disguise the destination of their malicious links until it is too late and the victim lands on an infected site.
- Be wary of websites, online ads, or unsolicited emails touting FREE or heavily discounted prices on the season's hot toy or gadget. These "too good to be true" offers often lead to cyber fraud. If the emails contain links or attachments, DO NOT CLICK on them because they could infect your computer with malicious software. And if the FREE or discounted offer requires that you provide your bank account, credit card or social security number, then it is definitely a scam.
- When making online purchases, always use a credit card, which usually limits your personal liability. Avoid paying with debit cards.
- When visiting online retailers, be sure to type the actual website address into your browser. Do not follow links provided by email offers, other websites or pop-up ads. In some cases, these links could take you to phishing sites or sites designed to infect your computer, and yet they are made to look exactly like the legitimate retail sites.
- When making online purchases, always look at your Web browser for the https (as opposed to http) protocol that proceeds a Web address. The "s" let's you know that the Web site provides a layer of security for transmitting your personal information over the Internet.
- Be wary of unsolicited emails purporting to contain holiday greetings, current news, holiday pictures, etc. even from senders that you know, that include links or attachments. Before clicking on links or attachments, ALWAYS verify that the correspondent sent you the email. Your friends could have had their email address book hijacked by hackers, who then used it to send malicious emails.
- Be wary of emails notifying you that your banking certificate or token is out of date and asking you to download a new one. Before taking any action, call your financial institution using a phone number that is not provided in the email.
- Online computer users should avoid using weak or default passwords for any online site, and should use a different password for each site.
- When possible, use a computer that is dedicated solely for accessing financial accounts and doing bill pay. This computer should not be used for surfing the Web or for emailing, as these are the primary vectors for infecting your computer with malicious software. Check credit card and bank accounts at least once a month for suspicious transactions.