Online shopping is a core part of American consumption, and many can no longer imagine their shopping routine without it. A couple of clicks, and a delivery guy is already bringing pizza, pet food, or a new computer straight to your door. Even movie and concert tickets and gift cards can arrive immediately in your inbox. Some households rely on online shopping for goods that aren’t even available in their local market.
However, as online shopping and e-commerce become such a typical means of shopping and consumption, many just assume that it’s safe. Its dominance, though, calls for more vigilance, not less. Online stores and services are not the only entities after your money; scammers are forever scheming to pick your pocket.
This week, the week of Black Friday and the week before Cyber Monday, let’s go over some cybercriminal tricks and how you can protect yourself while shopping online.
Threat actors are constantly on the lookout for user accounts in services related to online commerce. Should they gain access to your account, they will also have access to any payment methods linked to the account. This allows them to go on a nice shopping spree at your expense. While many credit cards cover fraudulent transactions, it is a headache of a process, and it eliminates the use of your card during a season in which you want to shop a lot.
There are, of course, more complex cases when hacked accounts are used in various fraudulent schemes to scam other users or online services, as well as to launder and cash out stolen funds. That is, if your hacked account is used for some illegal activity, it won’t necessarily result in immediate money losses. However, you might have the police knocking on your door eventually.
There are a number of ways that threat actors can attempt to access your account.
Have you ever received an e-mail about an amazing giveaway or a threatening notification about a suspended account? Whatever you do, don’t click anything: it might be scammers hunting for your information. For example, here’s how cybercriminals lured Amazon users to phishing pages using bonus points that had to be cashed out immediately or a gift card that was about to expire. If the user clicked the link and entered their personal data, these went straight to the scammers.
Phishing is not the only way to steal accounts and personal data. Using banking Trojans, cybercriminals can spoof the login screen and find out your credentials or redirect you to a fake site that hands over everything you enter.
In our current world, you can shop online from anywhere. It’s not uncommon, for example, for people to try a clothing item on in-store or find a product in-store with a lower price online, and then purchase the product from an online store. It’s also not uncommon for individuals to use the free store Wi-Fi when doing this.
The fact is that when you buy online, you send and receive a trove of valuable information, including account details. Anyone with the right skills and access to the same network can snoop on this data.
In the case of free Wi-Fi at a local mall, there could be scores of strangers connected to the same network and any given moment. Some of these strangers might be there for something a lot less innocent than shopping.
But even your home Wi-Fi can present some security issues, if you’ve never changed the router password and aren’t sure which encryption protocol your network uses.
Online store leaks
Sadly, there are yet more ways to lose your data. Online stores are not invulnerable and care sometimes the targets of their own attacks. While this is not something you can control, you can control whether or not you use the same password for that store as you do for other online stores and services.
Especially creative scammers make their own sites that mimic those of real online shopping services. Some of these fakes are scams used to take money from the victim without delivering the promised goods or services. And as an added bonus, they might steal payment card data too.
With all these threats lurking around, how can you shop online safely?
Here’s what we recommend:
- Use strong passwords: Sure, hardly anyone brute-forces passwords these days by entering them one by one. But even with modern methods of cracking, shorter and less complex passwords are more vulnerable. Generally speaking, the longer your combination is, the less likely cybercriminals will grab it. We advise using at least 10 characters, even for accounts of little importance. And for accounts you really care about, better to make the password twice as long. And, of course, use unique passwords every time. And so as not to forget them, you can store your credentials in a password manager, which typically include said password generator.
- Use a VPN to connect to public networks: A secure connection encrypts all traffic and therefore prevents attackers from intercepting your login credentials and payment details.
- Don’t link bank cards to online shopping accounts: As we said before, credit cards offer fraud protection. Most bank and debit cards do not. Additionally, only link bank cards on accounts that you use often enough that you’re checking them regularly. If you need to use a bank card, get a card separate from your main account and keep little money on it at a time. Doing this will ensure that no threat actor gets access to your primary source of money.
- If possible, pay with payment services: Payment services, such as Google Play, PayPal, or Amazon Pay, store your data in encrypted form on their secure servers. The merchant you buy from receives only the virtual account number assigned to the card by the service. Because your card data is not seen by the merchant, this keeps your finances safer from mysterious sellers, data leaks from the site, and data interception during transmission over the internet.
- Be smart: Use a reliable security solution that automatically detects and blocks phishing sites. These simple rules will help make your online shopping experience safe and secure. To learn more about e-commerce, consider checking out our other posts on Magecart, typosquatting, and phishing.
And, as always, if you need support in protecting yourself and your organization, contact Tigunia today.