Security Tips for Online Shopping

It’s time for Holiday shopping. Those sleighbells you hear are also the alarm for cyber crooks and scammers to jump into high gear. They are all set and ready to take advantage of millions of online transactions.

Make sure you take the appropriate steps to protect yourself, your money, and your credit standing before you venture online during the buying frenzy that generally starts after Thanksgiving. An ounce of Cybersecurity prevention is definitely worth a pound of cure. It can also save you from a financial or privacy nightmare.

Since this issue is consumer based, you may not have IT help at your disposal, so here are some critical safety tips to protect your online holiday shopping:

Before You Shop, Check for Device Updates
Computers, tablets, and smart phones that rely on old software are easy pickings for crooks. Waiting through a 10-minute iPhone update is tedious, but well worth it if it’s going to keep you more secure. If you use a company owned device, check with your IT support. If it’s not up to date, they can update it for you.

Hackers often look for vulnerabilities found in a device’s operating system (OS). Updates reduce your risk by installing patches for known vulnerabilities. Install all available updates before you use a device for online holiday shopping.

Don’t Go to Websites from Email Links
It is an annoying extra step to type ‘amazon.com’ into your browser rather than just clicking a link in an email. But crooks use phishing scams where they ‘spoof’ or copy well known advertisers, so that email you see that makes you think, “Wow – that’s a great price!” may need a little more scrutiny. These phishing attacks are already at an all-time high – even more so every holiday season. If you click on an email link to a malicious site, it can start a download of malware or lock up your system and your data with Ransomware.

Use a Wallet App Whenever Possible
It’s always a risk to hand your debit or credit card over to a website – especially if you haven’t shopped there before.

Where possible, buy using a wallet app or PayPal account. This way you don’t need to give your payment card details directly to the merchant. Instead, you share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.). This eliminates the retailer as a potential weak spot.

Remove Saved Payment Card Info After Checking Out
Do NOT let websites like Amazon automatically save your payment card details. While it may make the next buy more convenient it puts you at risk. A hacker that gains access to your device or account could make purchases – which not only costs you money but can be difficult to explain to a spouse.

There is also the risk of a data breach at the retailer level. Customer data, including payment information, has been stolen from Neiman Marcus, Guess, CVS Health, and Forever 21 within the last two years – let alone the earlier massive thefts from Target, Home Depot, Saks Fifth Avenue, and eBay among others – and these corporations have top-notch internal IT services. Data breaches such as these are more common than you think. The fewer databases you allow to store your payment details, the better for your own Cybersecurity.

Do NOT Shop at Sites Without ‘HTTPS’ (Emphasis on ‘S’) in the URL
HTTPS has become the standard for websites these days. This is instead of simply ‘HTTP’ - without the ‘S’ (which stands for Secure) on the end. HTTPS means that a website encrypts the data transmitted through the site - such as your name, address, and payment information. Another ‘secure’ indicator is a small lock icon in front of the website address.

Double Check the Site URL
Everybody makes typos from time to time - especially if you’re typing on a small smart phone screen. One typo can land you on a copycat or ‘spoofed’ site.

Cyber crooks buy domains that are close to the real ones for popular retailers – usually with just one misspelling (such as Amazonn.com).  Then, they put up the copycat sites to fool users that make a mistake when typing the URL – and they use these sites in phishing emails.

Before you start shopping, take a few extra seconds to actually read the URL and double-check that you’ve landed on the legitimate website.

Never Shop Online When Using Public Wi-Fi
When you connect your device to public Wi-Fi it’s like leaving all your house doors and windows open for burglars. Crooks love the holiday shopping season because people tend to be in a hurry and they will hang out in popular public or free Wi-Fi spots – like outside of a Starbucks.

They spy on the activities of other devices connected to that same free hotspot. This can give them access to everything you type in, such as passwords and credit card information.

The best rule of thumb is to NEVER shop or engage in business on free or public Wi-Fi. Switch the Wi-Fi OFF and use your mobile carrier’s connection. If your device is company owned, your IT services team should have put in strong safeguards – but these will not protect you when you go on public Wi-Fi.

Be On High Alert for Brand Impersonation Emails & Texts
During the holiday shopping season of 2021 there was a 397% increase in copied (spoofed) domains connected to Phishing attacks.

While you need to be careful all the time about phishing, the holiday season is like blood in the water for cyber sharks. Scammers know that you are expecting to see retailer holiday sales emails. As a result of online shopping, you will also get plenty of order confirmations and shipping notices – all of which can be spoofed and loaded with malware.

Hackers already have pre-made templates for phishing emails, impersonating brands like Target, UPS, Amazon, FedEx, and others. Their emails look nearly identical to the real thing. The trick is to get you to click on a link or log onto a malicious website.

Enable Banking Alerts & Check Your Accounts
Count these steps as the Due Diligence you should already be doing on a regular basis. Check your bank and credit accounts for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app.

A Simple Conclusion:

Unless all your devices are looked after by a qualified IT services crew, take the time for these extra steps. It’s your money – don’t just hand it over to crooks.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and Cybersecurity assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed IT Services firm to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract (which is virtually non-existent in the IT support world), our clients can fire us at any time with 30 days’ notice. We have to be good.

Need Mobile Device Security Solutions?

No matter what size company you have, mobile device management is vital. Contact IT Support LA to learn more about our endpoint security solutions.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:  818-805-0909