TechWeek has teamed up with Trey Ford, global security strategist at IT security firm Rapid7, to bring you 8 top tips for shopping safely over the Internet this Xmas
1. Email accounts were one of the items targeted during this year’s surge of high-profile retail breaches. Given this, we expect even more malicious phishing campaigns than usual so do not open any unexpected emails, especially from third-party vendors. Specifically, be wary of unsolicited emails, phone calls or SMS messages offering deals, giveaways, promotions, charities or other shopping incentives. Fraudsters are better equipped this Christmas season, they will start their campaigns building on all the data they’ve collected through this year’s breaches – they will exploit anything they can.
2. Take care when clicking on sponsored advertisements or banner-ads when trying to visit an online store. These ads can be hijacked by attackers for nefarious purposes, such as redirecting users to bogus sites posing as legitimate stores, or malicious sites rigged with exploits and spyware. Visit legitimate sites directly rather than through third-party ads or URLs.
3. If possible, use only ONE credit card for all your online purchases. This will make it easier to monitor your balance for any unusual transactions while limiting the amount of exposure of your banking and credit card credentials on the Internet.
4. Avoid using a debit card for online shopping and in-store purchases. Debit cards give attackers a direct line to your bank account while typically not providing the same standards for fraud protection and liability compared to credit cards.
5. Ensure each site is encrypted with HTTPS and has a valid certificate authority (CA) before entering any payment information online. The CA can be checked by clicking on the green lock symbol in the URL bar to see if the identity is verified. It should also provide the encryption strength under the “Connection” section.
6. Avoid installing mobile apps for shopping programmes or anything ‘temporary’ for the Christmas season – such as events or shopping programmes – as these applications could have access to all kinds of things in your phone and you have no real idea what they’re doing with the data.
7. Practise good password hygiene. Update your accounts with new unique passwords that are long and complex, with a mix of lower and upper case letters, numbers, spaces, and symbols. Passwords should be more than 8 characters long – length equates to randomness, making longer passwords harder to crack. Sites such as howsecureismypassword.net allow you to test the strength of your passwords.
8. Do not use the same password for more than one account. Use a password manager application if you’re having trouble remembering all your unique passwords across accounts.