by Ondrej Krehel
Online sales are predicted to cash in at $52 billion this holiday season, up 16% from last year, according to a new study. If you’re planning on doing any holiday shopping online, here’s an extensive list of tips to keep you safe while you cyber-shop, courtesy of Identity Theft 911.
• Shop on secure sites. They’ll have “https” in the address bar and a yellow padlock logo to the right of the Web browser address bar. Double-click on the lock to see a digital certificate of the website. Review these certificates on unfamiliar sites.
• Enter correct URLs. Hackers often buy misspelled domains to trick people into entering personal information.
• Never enter your Social Security number or passwords to email and bank accounts as part of the buying process with online retailers.
• Leave suspicious websites immediately. Don’t click on any of the site’s buttons, run content or download software.
• Create “strong” passwords for online retailers and personal email accounts that have numbers, upper- and lower-case letters and symbols. For example, “3Dogz$$!” is better than “1006.”
• Use different passwords for online retailers, personal email and banks accounts. If a hacker cracks one password, he won’t have access to others.
• Read site reviews before making any purchases. Pricegrabber.com compares prices and users’ comments on retail websites. Google Product Search, slickdeals.net and dealnews.com monitor retailers, site performance, possible issues and deals.
• Never save personal information on an online retail website. Retailers will offer convenience and better deals, but many customer databases are breached by identity thieves. I's not worth the risk.
• Read website return and privacy policies before making purchases. If there’s any doubt about fairness, find another site.
• Be aware of phishing email scams that include website links advertising incredible deals. Don’t click on them. Type the link directly into your browser.
• Use credit cards, not debit cards. Try to use credit cards with low limits to minimize the damage if a thief takes over the account. Or, use a “one-time” credit card number from payment processors such as PayPal.
• Never link a bank account to an online pay service such as PayPal. Hackers could break into the PayPal account and drain money from the linked bank account.
• Never send payment information via regular email. I's not secure. Make sure all personal information transactions are done on a secure site.
• Uncheck boxes advertising “additional offers.” These services are sometimes offered for a low initial fee that later increases to a high, recurring charge on your credit card. Also, they’ll issue your contact information to spammers.
• Save records of all purchases either in an electronic document or on paper. Save records digitally with the free Adobe PDF print driver or PDFCreator.
• Secure mobile phones used for shopping. Back them up regularly and enable security features such as power on password and inactivity time lock. Learn how to clear browser caches and, if available, enable data encryption and antivirus applications.
• As always, install and update antivirus, anti-malware and firewall software on your computer. Update its operating system and Internet browser with the latest security patches.
• Don’t forget to power off your computer completely when you are finished using it.
Ondrej Krehel, Chief Information Security Officer, Identity Theft 911
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.