Skip to main content
0 Results Found
              Back To Results

                More People Shop Online for the Holidays… and Hackers Know It

                By: Doug Steelman

                Before you click, here are some home safety tips to make your online shopping more secure.

                You may not be able to protect your credit card information from getting stolen by a cyber threat actor, but you can limit the damage you incur. With the holiday season upon us, we’ve provided some tips below to help keep your credit card information secure.

                1. Make sure your computer’s browser and browser plug-ins (document viewers, music and video players and rich content applications) antivirus and malware detection software are all patched and up to date.

                2. Type the Web address of your favorite shopping websites into your browser. Search results, online ads and links in emails may direct you to bogus sites designed by cyber criminals to extract personal information.

                3. Ensure the information you type into a website is encrypted. To do this, check to see that the URL address starts with “HTTPS” in the URL address bar, then click on the icon of the security lock, and then click “View Certificates.” In the window that pops up, make sure the certificate is still valid. Just because the URL has an “S” after “HTTP,” making it read “HTTPS,” does not mean the site is secure. Validating the certificate can help mitigate security risks.

                4. Do not click on online ads or unsolicited emails with free offers or big discounts. These ads and emails often send users to malware infected websites that mimic the look of the legitimate website they are attempting to reach but secretly load malware onto the computers of users who visit the site.

                5. Don’t click on any links or attachments--both of which are often malicious-- in emails without first verifying with the senders that they actually sent the email. Tis the season for attackers to send out holiday greetings with malicious attachments. Your friends could have had their email address book hijacked by hackers.

                6. Be wary of holiday greetings, news and pictures, with links or attachments. Verify first that the correspondent sent you the email. Your friends could have had their email address book hijacked by hackers.

                7. Never respond directly to emails or phone calls purportedly from your bank or any financial institution that asks for updated information. To see whether the request for information was valid, call the financial institution using a number you have, not a phone number the person on the other end of the line gives you, and tell someone about the request you received to disclose information.

                8. Avoid using weak or default passwords for any online site. Use a different password for each site, store your passwords securely and auto-generate new, strong passwords with a passport management tool like LastPass or KeePass.

                9. When possible, use a computer dedicated solely for accessing financial accounts, online purchases and paying bills. This computer should not be used for surfing the Web or for emailing, the primary vectors for infecting your computer.

                10. When you shop online with a store that is in the U.S., you are protected by state and federal consumer laws. Companies in other countries may not give you the same protection.

                11. If a website looks too good to be true because the prices are so low, it may well be a scam operation vying to obtain your credit card information or to surreptitiously download malware onto your computer.

                12. Make online purchases using a credit card with a small credit limit. This limits your potential exposure to risk.

                13. Use a prepaid credit card or talk to your credit card company to see if it can supply you with a “virtual credit card.” A randomly generated number associated with your actual credit card allows you to shop online with a card that has a maximum amount and an expiration date you set. Ask your virtual credit card provider about the fees involved with this service.

                14. Beware of unexpected gift baskets that contain USB devices, CDs or anything else you might plug into a computer. Attackers often send devices as gifts or promotional items to organizations they are targeting. The devices may have malware on them, and when unsuspecting victims connect the device to their computers, they become infected.

                15. Check wireless hotspots with an entity you are visiting before signing on to a network you believe is theirs. Attackers often set up free Wi-Fi connections in locations that offer free Wi-Fi service. The attackers name their wireless network connection with a name that is similar to the business you are visiting. For example, the Chicago O’Hare customer Wi-Fi service might be called “Chicago Airport,” but the attacker has created another Wi-Fi service called “O’Hare Airport.” If you were to click on “O’Hare Airport,” the inauthentic Wi-Fi service, an attacker could be tracking your every move on your computer.

                16. Verify with other friends or associates, or through a search engine like Google, that people who are trying to connect with you on social media sites are legitimate people who want to become business or friend contacts. Some people who want to connect with you may be attackers that insert malicious code into links on your page. When people click on the link, their computers could become infected and could allow an attacker to steal credit card information when online purchases are made.
                Close Modal
                Close Modal