Shopping for trouble

As we look around our communities, many local businesses have closed, potentially forever, because of COVID-19. While the retail industry has been negatively impacted, not all retail is suffering.

Online stores have noticed an uptick in the amount of purchases made, including items not typically bought online prior to the pandemic. Adobe’s Digital Economy Index found that e-commerce shopping was greater from April to May 2020 than the entire 2019 holiday shopping season.

If you’re going to shop online, it is important to take precautions to protect yourself, especially during the holidays. Online shopping is not only convenient for consumers, but also for attackers looking for your personal and financial information.

Here are the three most common ways attackers compromise their victims:

  1. Unpatched or unprotected computers
    Computers not regularly kept up to date with critical security patches and antivirus software makes it easy for attackers to exploit vulnerabilities. Keep your computer updated and run reputable antivirus software.
  2. Unencrypted transactions
    If an online retailer is not using encryption, it is easy for an attacker to “listen in” on the transaction. This is called a man in the middle attack. Also, avoid making transactions on public Wi-Fi networks.
  3. Fake websites and malicious emails
    When you walk into a store, you know where you’re shopping. Online, attackers can replicate websites. A common way an attacker gains information is through unsolicited fake emails redirecting you to a malicious website identical to the real thing. In response, the Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the following tips.

Do business with reputable vendors

Before providing personal or financial information, be sure you are interacting with a reputable vendor. Verify the validity of the vendor before supplying information. Locate phone numbers and addresses in case a problem arises.

Make sure website is encrypted

Many sites use Secure Sockets Layer to encrypt information. Indications your information will be encrypted include a Uniform Resource Locator (URL) that begins with “https,” instead of “http,” and a padlock. If it is closed, or locked, the information is encrypted. The location of the icon varies by browser. It may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure the icon is in the appropriate location.

Be wary of emails

Attackers may attempt to gather information by sending emails requesting a purchase confirmation or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email, don’t click any links and log on to the authentic website by typing the address yourself.

Use a credit card

While laws exist to limit your liability for fraudulent credit card charges, debit cards may not have the same protection. Unauthorized charges on debit cards could leave insufficient funds to pay bills. Minimize damage by using a single, low-limit credit card to make online purchases. Also use a credit card on a payment gateway such as PayPal, Google Pay Send or Apple Pay.

Check shopping app settings

Look for apps that tell you what they do with your data and how they keep it secure. There is no legal limit on your liability with money stored in a shopping app (or a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through the app.

Check your statements

Keep a record of purchases and copies of confirmation pages and compare them to your bank and credit card statements. If there is a discrepancy, report it immediately.

Check privacy policies

Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.