’Tis the season to shop online – and to be hyper-alert when doing so, according to security experts, who say spammers, online hucksters, and cyberthieves have shifted gears to target Cyber Monday shoppers.
For the first time, more people are expected to shop online on Cyber Monday than visit brick-and-mortar stores on Black Friday, according to American Express. Instead of fighting crowds, shoppers will spend an estimated $62 billion online this holiday season – up about 15 percent from 2012, says eMarketer, a firm that tracks e-commerce.
How all that online shopping gets done is changing, too. Mobile devices like iPads and smart phones are increasingly used to shop, with nearly $10 billion being purchased that way during the 2013 holiday season, eMarketer projects. Consumers are using their devices to do more research and product and pricing comparisons – then making purchases.
All this raises the question: How do you shop safely online and avoid becoming a victim of scams and malicious software? While there is no silver-bullet, online consumers can take a number of steps to avoid trouble.
One key problem for online consumers: knowing which "unbelievable, this week only" deals are real and which are fake, considering all the crazy discounts out there, Chester Wisniewski, an expert with Sophos, writes on the global cybersecurity firm’s blog.
“How can you tell the difference? Easy! Don't trust any of them,” he writes.
For example, when an e-mail or tweet pitches “Free iPads and $300 gift cards”: Just say no.
“Lots of people are looking to make money off of the Christmas giftgiving bonanza and many of them are scammers,” Mr. Wisniewski writes. “If you receive an email or online solicitation you are interested in, don't click any links,” even though that may seem counterintuitive.
Surprisingly, the volume of e-mailed malicious spam has actually fallen. But that’s because scammers are moving to social media sites like Facebook, where they can reach more people and cash in on the credibility that friends convey, Wisniewski says.
“When you see a post on someone's wall or a tweet from a colleague, treat it the same as an unsolicited email,” he notes. “Don't click it. Go to the real source and if necessary contact the sender to confirm its veracity.
Beyond that, here are some steps that the New York State Division of Homeland Security and Emergency Services (DHSES) and cybersecurity experts are recommending this year:
Secure your computer and mobile devices. Be sure the operating systems and application software of your computer and mobile devices are up to date. Antivirus and anti-spyware software should be installed, running, and receiving automatic updates. When using passwords, use strong and unique ones not used for any other accounts.
Use mobile applications with caution. Choose only the most widely used and well-evaluated apps. Seemingly legitimate shopping apps could download malware onto your devices, thereby stealing credit-card and other sensitive information for transmission to cybercriminals.
Disable Bluetooth. Shutting off Bluetooth and other near-field communication systems on your mobile devices when they are not being used limits the risk that credit-card numbers may be captured by another nearby device.
Know your online merchants. Limit online shopping to merchants you know and trust. Go to sites only by typing their URLs into the browser address bar. If you are unsure about a company, check with the Better Business Bureau or Federal Trade Commission.
Consider using a credit (not debit) card or an online payment system. PayPal and other online payment services keep personal card information stored on a secure server so a consumer can make purchases online without revealing credit-card details. If paying directly to a retailer online, use a credit, not debit, card to help reduce liability in the event that personal information is used improperly.
Even after Black Friday and Cyber Monday are gone, scammers are likely to jump right onto Christmas, Hanukkah, Kwanzaa, and New Year's celebrations. For all these days, you can take additional precautions, according to DHSES and cybersecurity experts. Such steps include:
Look for security symbols. Make sure the Web page address begins with "https” before you click "purchase." Also, a padlock or key icon in the browser's status bar indicates the transaction will be encrypted.
Don’t click on pop-up advertising. When a browser window pops up promising bargains, cash, or gift cards in exchange for filling out a survey, just close it by pressing Control + F4 on Windows devices or Command + W for Macs.
Don’t use public computers or public wireless. Don’t buy stuff while sitting at coffee shops, hotels, and malls. Public equipment is often insecure, and criminals may be capturing data on public wireless networks to steal credit-card numbers and other sensitive information. Be sure that your computer or device is set to prevent an automatic connection to Wi-Fi hot spots.
Be alert for potential charity-donation scams. Cybercriminals try to take advantage of holiday generosity and use fake requests as a way to access your information or device. If you see a charity pitch, don’t click on e-mails requesting donations or give out personal information through an e-mail or text message.
Instead, it’s best to contribute by going to the specific trusted Web address of the charity, cybersecurity experts say. That means never clicking on a link embedded in an e-mail that you’ve been sent. Moreover, visit the IRS website to find out if a group is truly eligible to receive charitable contributions.