Online Shopping Safety Tips

(Story by Pamela Busby)

AEP Security is providing this article on behalf of US-CERT to help you stay safe online. 

Why do online shoppers have to take special precautions?

The Internet offers convenience not available from other shopping outlets. From the comfort of your home, you can search for items from multiple vendors, compare prices with a few mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

In Store Shopping Safety Tips

• Try to shop during the day, but if you do shop at night, do not do it alone.
• Park in well-lit areas.
• Lock your car doors, close windows.
• Place valuables out of sight before arriving at your destination.
• Dress casually and comfortably.
• Avoid wearing expensive jewelry.
• Do not carry a purse or wallet, if possible. Consider bringing a security travel pouch instead.
• Always carry your driver’s license or identification along with necessary cash, checks and/or a credit card you expect to use.
• If you discover that a credit card is missing, notify the credit card company as soon as possible. Don’t assume that you misplaced it and will find it later.
• Keep a record of all of your credit card numbers in a safe place at home.
• Recognize when you are rushed, distracted and stressed out, and stay alert to what is going on around you.
• Be extra careful if you do carry a wallet or purse. They are the prime targets of criminals in crowded shopping areas, terminals, bus stops, on buses and other rapid transit.
• Avoid overloading yourself with packages. It is important to have clear visibility and freedom of motion if you are approached.
• Beware of strangers approaching you for any reason. At this time of year, con artists may try various methods of distracting you, including working in teams, with the intention of taking your money or belongings.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:

• Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites or email messages that appear to be legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
• Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted.
• Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It also is important for vendors to protect their computers to prevent attackers from accessing customer databases.

How can you protect yourself?

• Do business with reputable vendors – Before providing any personal or financial information, make sure you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the “issued to” information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
• Make sure your information is being encrypted – Many sites use secure sockets layer (SSL) to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
• Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
• Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases. Also use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
• Check your shopping app settings – Look for apps that tell you what they do with your data and how they keep it secure. Keep in mind that there is no legal limit on your liability with money stored in a shopping app (or on a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through your shopping app.
• Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.
• Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.