Online Shopping Offers Convenience and Risk
The busy holiday season and all the online deals sometimes lead us to let our guard down when shopping online. Cyber-criminals are busy this time of year too. A few things to think about while shopping online:
Use a credit card instead of debit
If your card is compromised, you will not have to wait for your bank account to be credited.
Is checking that the website has the padlock or https address enough?
Basically no, as Brian Krebs
explains the “look for the lock” mantra has created a false sense of security for many Internet users, and has contributed to a dangerous and widespread misunderstanding about what the lock icon is really meant to convey.”Krebs explains further,
“To be clear, you absolutely should run away from any e-commerce site that does not include the padlock (i.e., its Web address does not begin with “https://”). But the presence of a padlock icon next to the Web site name in your browser’s address bar does not mean the site is legitimate. Nor is it any sort of testimonial that the site has been security-hardened against intrusion from hackers.
The https:// part of the address merely signifies that the data being transmitted back and forth between your browser and the site is encrypted and can’t be read by third parties. Even so, anti-phishing company PhishLabs found in a survey last year that more than 80% of respondents believed the green lock indicated that a website was either legitimate and/or safe.
Now that anyone can get SSL certificates for free, phishers and other scammers that ply their trade via fake Web sites are starting to up their game. In December 2017, PhishLabs estimated that a quarter of all phishing Web sites were outfitting their scam pages with SSL certificates to make them appear more trustworthy. According to PhishLabs, roughly half of all phishing sites now feature the padlock. “
The one successful phishing scam that works year round
Shipping notification spoofing emails are usually even more successful this time of year . These emails spoof shipping companies like FedEx, UPS and USPS and usually have a link to a tracking number. AVOID clicking on the link in the email. Instead go directly to the shipper’s site and manually type in the tracking number.
Don’t Forget Elderly Relatives and Friends
Check with older relatives and friends to see if they have an online presence. Actually not registering for online accounts with their banks, Social Security Administration, wireless phone and internet providers, leaves their account vulnerable to others opening the online account and taking control. Our blog Elderly are Easy Targets for Scammers further explains the need to “plant your flag” with online accounts.
To find more security tips, check out Krebs on Security blog How to Shop Online like a Security Pro