How to Shop Safely Online This Holiday Season

Each year, the holiday shopping season is a gold rush for online scammers and identity thieves as more people hop online to complete their shopping lists.

In fact, this year’s Cyber Monday grossed $1 billion in online sales--the biggest online shopping day ever and a 16% increase over the same day last year.

So how can shoppers stay safe online?

It’s important to know the new risks facing us. Phishing e-mails are no longer the greatest threat. Instead, Wi-Fi hackers, smartphone hackers, fake Facebook friends, and bogus Web sites are becoming increasingly common.

With this in mind, here are several tips to stay safe online during the shopping season.

Before You Shop:

If you’re shopping online, you need to make sure your computer is updated. That means updating your operating system, Internet browser, anti-virus, and anything else that is regularly used – especially Adobe products. A lot of updates are specifically geared toward security, so you need to keep your browsing safe.

BONUS TIP: If you don’t already have antivirus software running or you’ve let your subscription lapse, take advantage of a free one. There are plenty of free antivirus packages out there that will help safeguard your computer. Go with the big companies--Symantec, McAfee, AVG, Trend Micro, Sophos, and Panda are just a few.

Be careful of deals that seem too good to be true. More than likely, it’s just a scam to get your credit card info, or other information that could be used to rob you. There are some great deals going on this holiday season, but don’t get taken for a ride.

Avoid links in e-cards, strange text messages and other e-mail attachments. Unless you’re absolutely positive of the sender, don’t trust them. Often, the first thing a computer or smartphone that has been compromised does is send out phishing messages. Many times the messages contain tiny URLs, this can make it hard to see where the link is actually pointed. Look into a URL expander for your browser. It will let you see where URLs shortened with TinyURL or are actually taking you.

When You Shop:

Never shop on public Wi-Fi. A good rule of thumb to use is that if you don’t have to login with a password, then the Wi-Fi is not encrypted – meaning a hacker can snoop into your Internet browsing and steal passwords for unprotected sites. If you have to use public Wi-Fi, look into using a Virtual Private Network (VPN), that should keep you more safe. Wi-Fi hacking has become infinitely easier to accomplish in the last few years, with free tools and kits distributed over the Internet. Almost anyone can do it. Don’t be another victim.

But public Wi-Fi isn’t the only threat, the Wi-Fi you have at home is also potentially at risk. Make sure to turn on encryption and do not keep the default password. This happens more often than you would think. Also, when you’re setting up your home Wi-Fi network, try not to use your last name or address as your network name.

When you are shopping online, a good way to avoid problems is  to use trusted online vendors and not “Google” shopping. Don’t just type in a phrase, like “cheap iPads,” and then go through the results. Hackers create fake sites to steal your info and then work tirelessly to make sure they come up first on the search results.

At checkout, always look for the HTTPS. That extra “S” on the end means your connection is encrypted. You should also look for the closed padlock icon in your browser. Never, ever enter your credit card or shipping info unless you see HTTPS.

Another good tip is to shop only with your credit card or PayPal account and not your debit card. Both credit cards and PayPal have extra layers of security in case of fraud. If someone steals your debit card info, you will have a harder time with fraud disputes than a credit card.

After You Shop:

Keep receipts or proofs of purchase. All reputable online vendors will give you a receipt at the end of a transaction. Should something happen later on, keeping those receipts could make a major difference when disputing fraudulent or mistaken charges. These receipts should be compared to your credit card statements at the end of the month. You’ll want to look for strange charges and make sure that you actually paid the amount you were quoted. Report inconsistencies immediately.

Finally, you can keep spam in your personal or work e-mail inbox to a minimum by setting up a separate e-mail address that you only use for online purchases. Gmail, Yahoo mail, or Hotmail are great for this kind of e-mail.

Michael Gregg, CISSP, CISA, CEH, is a certified ethical hacker, author of several IT security training books and a consultant to Fortune 500s, U.S. government and the military. He is the COO of Houston-based Superior Solutions, and is hired by private companies and government agencies to hack their computer networks - in order to prevent malicious hackers from doing so.