The national cybersecurity cooperative MS-ISAC has published a nice set of cautions for those of us who increasingly spend most of our money at websites rather than physical stores.
Here are their suggestions for shopping safely online:
Safe Online Holiday Shopping – Center for Internet Security
Monthly Security Tips Newsletter, Volume 10, Issue 11, November 2015
From the Desk of Thomas F. Duffy, Chair, MS-ISAC
It’s that time of year again – food, fun, parties, and lots of online shopping. Online shopping can be a savior, allowing you to find the perfect gift while saving time, but it can also end with identity theft, malware on your computer, and other cyber unpleasantness. Rather than letting it ruin your holiday season, you can take a few simple security precautions, and be careful where you shop, to help reduce the chances of you being a cyber victim.
When purchasing online this holiday season—and all year long—keep these tips in mind to help minimize your risk:
- Be cautious what devices you use to shop online. Mobile devices, such as smartphones and tablets, make shopping convenient at anytime and place, but they frequently lack the security precautions of a regular computer. If you use a mobile device to shop, make extra sure you are taking all the precautions listed below.
- Do not use public computers or public wireless for your online shopping. Public computers and wireless networks may contain malicious software that steals your information when you place your order, which can lead to identity theft.
- Secure your computer and mobile devices. Be sure to keep the operating system, software, and/or apps updated/patched on all of your computers and mobile devices. Use up-‐to-‐date antivirus protection and make sure it is receiving updates.
- Use strong passwords. The use of strong, unique passwords is one of the simplest and most important steps to take in securing your devices, computers, and online accounts. If you need to create an account with the merchant, be sure to use a strong, unique password. Always use more than ten characters, with numbers, special characters, and upper and lower case letters. Use a unique password for every unique site. The August Newsletter contains more information about the dangers of password reuse and is available at: http://msisac.cisecurity.org/newsletter/1.pdf.
- Know your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s physical address, where available, and phone number in case you have questions or problems. Do not create an online account with a merchant you don’t trust.
- Pay online with one credit card. A safer way to shop on the Internet is to pay with a credit card rather than debit card. Debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information was used improperly. By using one credit card, with a lower balance, for all your online shopping you also limit the potential for financial fraud to affect all of your accounts. Always check your statements regularly and carefully, though.
- Look for “https” when making an online purchase. The “s” in “https” stands for “secure” and indicates that communication with the webpage is encrypted. This helps to ensure your information is transmitted safely to the merchant and no one can spy on it.
- Do not respond to pop-‐ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows and Command + W for Macs.
- Be careful opening emails, attachments, and clicking on links. Be cautious about all emails you receive, even those purportedly from your favorite retailers. The emails could be spoofed and contain malware.
- Do not auto-‐save your personal information. When purchasing online, you may be given the option to save your personal information online for future use. Consider if the convenience is really worth the risk. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.
- Use common sense to avoid scams. Don’t give out your personal or financial information via email or text. Information on many current scams can be found on the website of the Internet Crime Complaint Center: http://www.ic3.gov/default.aspx and the Federal Trade Commission: http://www.consumer.ftc.gov/scam-‐alerts.
What to do if you encounter problems with an online shopping site?
Contact the seller or the site operator directly to resolve any issues. You may also contact the following: