In Holiday Season 2013 we expect to see yet another
year-on-year increase in the percentage of holiday shopping that happens
online.
Naturally, that means more scammers will be looking to do
some shopping of their own, at your expense. This might involve using
your credit card and bank account to fund their gift-buying, or perhaps
capturing and selling your personal information so they have some extra
holiday cash.
Here are some tips that Cameron Camp and other ESET
researchers have put together to help savvy cyber-shoppers avoid getting
scammed while hunting for the best holiday deals online.
Clean up before you shop
Like the tune-up your car might be getting before a long
drive to deliver holiday gifts to relatives, your laptop may need a
little attention before going online for some power shopping. Give it
some love, and improved protection, by updating and patching your
browser, helper apps like plug-ins – and it might be worth checking to
see there aren’t any bad ones in there, a trick cybercriminals have been
employing this year, as per this We Live Security report.
Patch your operating system and anti-malware suite too, before you
shop – will help you avoid malware infections and scams, and keep you
running smoothly throughout the season.
Buy from websites that have established a reputation for
doing what they say, providing accurate descriptions of merchandise and
delivering it in good shape and on time (user reviews can be good for
this).
If it’s this season’s must-have, you can bet cybercriminals will
know that too – and this year, they have become increasingly adept at
targeting scams on the dates people expect a new product – as reported
by We Live Security here.
When you’re getting down to the wire with shipping deadlines, the last
thing you need is a less-than-stellar online retailer delivering gifts
late, or mixing up orders among your friends and relatives, which could
be worse than no gifts at all.
Earlier this year, four out of five internet users admitted to being “locked” out of websites due to lost or forgotten passwords -
and shopping binges can tempt you to reuse the same one, as you log in
to site after site. Don’t. If you are reusing a password – make sure
it’s a “throwaway”, ie one unrelated to the important passwords you use
for email, or for your bank. For good measure, why not use a throwaway
email address as well, to cut down on promo emails after the holidays
end.
If it looks too good to be true, it probably is.It might be very tempting, but avoid following links that offer goods, services, or gift cards at impossibly cheap prices. They are just too risky. Even links that arrive as SMS messages – often offering 24-hour discounts, can be scams, as We Live Security reports here. Not all discount vendors are scammers, but ask yourself if the promised savings are worth the gamble (or use Google to search for the offer and/or vendor to see what others are saying).
Make sure it’s secure – and ideally, shop from a PC, not a phone
When you are in the ordering process on a website, check to make sure it is using SSL, the standard in secure transactions – often shown by browsers as a little lock symbol. If that isn’t there, check the URL. You should be able to see https or shttp in front of the web address instead of http. It’s far easier to do these checks on a PC, rather than smartphone or tablet browsers, so it’s worth sitting down, even if it is an impulse buy. Using SSL encrypts the exchange of information, such as your credit card, so eavesdroppers cannot read it. When in doubt, a quick search in Google for the word “scam” or “fraud” along with the site name should tell you if that site has a history of problems.
Be wary of deals that “expire tomorrow”
Watch out for URGENT deals that arrive in unsolicited email
or purport to be from friends on social networking sites. This sort of
scam appears everywhere – even on Pinterest,
as We Live Security reported here. Exercise extra caution if the
message uses broken English (or whatever your native language might be)
or if it doesn’t seem quite right for some reason. If you think the deal
is real, open a browser and type the name of the website directly into
the address bar. This will keep you from getting swept away by scam
links to fake websites built by cyber crooks that harvest your
information and spirit it off to the underworld (the black market in
stolen identity data).
If you need to do any shopping over WiFi, at home or at a hotspot, make sure it is secure (look for the lock symbol in the WiFi connection dialog) – and in general, avoid shopping via public hotspots if at all possible. You’re far safer using your 3G or 4G phone as a hotspot, as our detailed guide to safe browsing tells you here – and a little extra on your data bill is small change next to someone going wild on your credit card. The last thing you want is someone snatching your personal details out of thin air as you transmit them from your laptop (or smartphone or tablet).
Buying the latest gadget? Make sure it’s child-safe
Many gadgets already have built-in controls which can help you protect children from adult content – as detailed in our guide to family web use here. Be sure they’re in place before children run off with their new gifts. Apple’s iOS for iPhone, iPod touch and iPad contain a range of settings to restrict access based on age – including the ability to block in-app purchases, which can protect against “bill shock” if children buy extras within games.
Amazon’s Kindle Fire devices have a particularly impressive range of child protection options. Windows 8 PC also has upgraded security controls for parents – visit the Family Safety area. It can monitor internet use and deliver reports each week on where they’ve been surfing. Be sure to know which of your children’s gadgets CAN go online – most games consoles can. Consoles such as Xbox and Nintendo DS have parental controls, which block children from inappropriate content. Use them – many parents don’t.
Use a credit card
If you get scammed and try to get your money back you may
have better luck with credit card transactions versus debit cards –
credit cards often offer guarantees against fraud, whereas debit cards
don’t. Many vendors, whether at the mall or online, prefer debit cards
because the transaction is cheaper for them. That’s not your problem
when holiday shopping. Credit cards can put an extra layer of protection
in between you and the bad guys.
Too much information? Be afraid
Some malware is able to add questions to forms you use online, so if a
shopping website is asking for Too Much Information relative to your
purchase, like wanting your Social Security Number to complete a simple
order for flowers, abandon the transaction and run an anti-malware scan
right away.
Don’t expect money for answering questions
There are legitimate website satisfaction surveys, but when
a window pops up promising you large amounts of cash or a $1,000 gift
card just for answering a question like “Coke or Pepsi?” close it and
move on (and do NOT enter your cellphone number, unless you are prepared
to pay for premium services you never ordered). Scammers like to
circulate these amazing offers via social media, too. ESET’s Social Media Scanner offers a quick, free way to check out links – or read our guide to spotting scams here.
Stay awake after the holidays
When New Year lull sets in, there’s a tendency to avoid
looking at the credit card statements arriving by mail (or email). Maybe
you were hoping that you didn’t spend as much as you THINK you may
have. But if you got scammed, that statement may be the first sign, so
at least skim the statement to see if there are any transactions you
don’t recognize.
For example, if you have never been to Russia and don’t
know anyone who lives on the outskirts of Moscow, it’s a safe bet that
any wire transfers or shipments of computer gear to the region are
fraudulent, and the sooner you act, the more likely you are to recover
your money.
Follow these simple tips and you should sleep a little
better during the holiday shopping season. Remember, things will show up
on your computer, as they do in life, that seem too good to be true.
The holiday shopping season on the internet is no different. Caution may
sound boring, but it can pay off. After all, if you feel you don’t have
enough time to get your shopping done, you certainly don’t have time to
start shopping all over if you do get scammed.