By Greg Young
The last quarter of the year means that the shopping season is underway around the world, and consumers are increasingly resorting to online shopping for its convenience. November is expected to see the bulk of 2018 online traffic and spending, thanks to Black Friday and Cyber Monday sales around which online spending peaks. The shift from retail storefront to online buying is happening at a greater rate than the shift of security dollars. Cybercriminals are expected to take advantage of the shopping season as well.
By Greg Young
We know that cybercriminals take advantage of the changes that this buying rush brings, from using spam email to exploiting electronic devices gifted to loved ones. The usual cautious and measured online shopping security behaviour of buyers can get sidelined by the urgency of a sale or having to complete a shopping list to ensure delivery before the big day. Here are just some of the most common threats and the best practices for defending against them.
Connected devices as gifts
From mobile phones to smart appliances, some manufacturers have yet to prioritize security features, which can expose users to various online threats.
Before giving them as gifts, it may be best to ask questions and follow certain guidelines:
- When planning to give smart devices to children and teenagers, check the information that it requests from users, how it affects its functions, and how the information is stored and protected. Buy the appropriate security software to protect the device, especially on behalf of recipients who aren’t as tech savvy as the gifter.
- Aside from giving these devices to younger users, remind recipients to use them responsibly, and to use them safely when connected to the internet. Consider enabling Parental Controls before giving them to children. Also preconfigure a “find my device” option on their behalf, or better yet have them watch while you do it.
- When registering accounts for smart devices, make sure to use strong credentials different from the rest of your online accounts. Update the firmware and with the latest patches from legitimate vendors, and connect to secure networks.
Consumers will likely receive purchase confirmation emails and cautionary alerts from companies this season. Cybercriminals can also craft legitimate-looking email messages that could redirect you to spoofed sites, or use bargains or urgent messages to phish for information.
A few reminders before opening those emails, clicking on those links, or sending any information:
- Do not immediately click on links embedded in emails. Bookmark your frequently visited websites or directly type the known URLs or email addresses of the companies’ representatives. Use a legitimate scam checker to scan questionable email. When you are most rushed, take a pause and re-read the email contents and sender info.
- Call the company or organization via known contact numbers and confirm if they have email requests, verifications, or if they have existing promos as advertised in the email. Beware of calls claiming to be from companies asking for your credentials. Legitimate organizations such as banks will never ask for your password over the phone or via email.
- Limit the amount of personal information you share online.
Mobile devices for shopping online
Mobile and smart devices are becoming popular means for customers to get their shopping done this hectic season. Over time, data collected, such as personally identifiable information (PII), are stored for faster transactions and easier advertising deployment. Meanwhile, cybercriminals are finding ways to exploit these new innovations to sift through information they can use.
While these mobile devices enable people to finish tasks faster than before, users should be aware of the increasingly complex ways cybercriminal attacks work:
- Review publicly posted PII. This information can be used as credentials to access your IoT and voice-enabled assistants without you knowing it, or craft socially engineered emails this season.
- Be mindful as you browse and buy online. Ignore ads, emails, promos and links with questionable offers from unknown sources. Rely on your bookmarked and frequently visited sites, as even search engine results can lead you to malicious spoofed shopping sites.
- Download online shopping apps from legitimate vendors to ensure secure transactions.
- Enable all security features on all your IoT and mobile devices before use.
Social media trends and scams
Businesses use social media marketing strategies to boost sales, and new entrepreneurs experiment and open mom-and-pop shops with social media as their starting point. Unfortunately, cybercriminals are also quick to recognize social media’s potential for malicious activities, from spoofing legitimate businesses to fake companies.
Here are a few ways you can protect yourself as you scroll through posts and timelines:
- Manage the information you share. Be aware of the permissions and information collected by your installed social media apps and visited websites such as your location, email address and contact information.
- Look for the verifier symbols (such as the blue check marks) beside the names of brands and retailers before interacting, shopping, or giving information. Most social media platforms now have these to reduce the number of fake pages to help protect consumers from online criminals.
- Be wary of clickbait and alarming headlines, shopping promos, and bargain offers. If the deal seems too good to be true, it probably isn’t real.
Online shopping safety
While stores are ultimately responsible for protecting their customers’ data, consumers should also protect themselves by taking some extra preventive measures this season. From your calls to your purchases, a few reminders and additional steps can ensure that you’re making the most of your online shopping experience. Here are some general online shopping best practices:
- Review and learn what you share online. Everyone in the family can learn and practice safer online habits. From avoiding oversharing of information to cautioning the children who they make friends with on social media, maintaining online privacy goes a long way in reducing risks.
- Use improved and compliant payment systems that entail more security measures in place. These new technologies have additional layers of protection for both companies and consumers, and banks have developed reinforced policies that protect their customers from cybersecurity fraud and threats.
- Install a security solution. Whether it be for your computer or mobile, security software can wade through and block malicious ads, emails and websites, reducing your risk of malware infection.
- Use browsers with updated security features, and regularly install official patches from legitimate vendors.
Understand the options and steps to contest a purchase via the various payment and web site shopping options you have, such as if the seller acted fraudulently or if the goods weren’t received. Track the expected delivery times and try and make arrangements to be there for the more expensive packages, or have them delivered to an alternative yet trusted location, such as your office or family member.
Greg Young is the vice-president for cybersecurity, Trend Micro (www.trendmicro.com).