The Cybersecurity and Infrastructure Security Agency provides advice on how consumers can shop safely online during the holiday season.
1. Why should online shoppers take special care?
The Internet provides a convenience not available in other stores. You can search for items from multiple vendors, compare prices with a few mouse clicks, and shop from home. However, the internet is also convenient for attackers, providing them with multiple ways to access the personal and financial information of unsuspecting buyers. Hackers who are able to obtain this information can use it for their own benefit, either by making purchases themselves or by selling the information to someone else.
2. How do attackers target online shoppers?
Attackers can take advantage of online shoppers in three common ways:
Creation of scam sites and emails – Unlike traditional shopping, where you know a store is actually the store it claims to be, attackers can create malicious websites or emails that appear legitimate . Attackers can also falsely portray themselves as charities, especially after natural disasters or during holiday periods. Attackers create these malicious sites and emails to try to convince you to provide personal and financial information.
Interception of insecure transactions – If a provider does not use encryption, an attacker may be able to intercept your information as it is transmitted.
Target vulnerable computers – If you do not take steps to protect your computer against viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
3. How can I be sure that a website is secure?
Many sites use a layer of secure sockets to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it can be to the right of the address bar or at the bottom of the window. Some attackers try to trick users into adding a fake padlock icon, so make sure the icon is in the correct location for your browser.
4. How can I be sure that an email is legitimate?
Attackers may attempt to gather information by sending emails asking you to confirm the purchase or account information. Legitimate businesses will not solicit this type of information via email. Do not provide sensitive information via email. If you receive an unsolicited email from a business, instead of clicking the link provided, go directly to the genuine website by typing in the address yourself.
5. Is there a difference between using a credit or debit card?
There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Plus, debit cards take money directly from bank accounts, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using just one low limit credit card to make all of your online purchases. Also use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.