‘Tis The Season: Online Shopping Tips
By: Lewis Brisbois' Data Privacy & Cybersecurity Team
Online shopping is a great way to save time and money, especially over the holidays. However, it can leave you – and your information – vulnerable to malicious actors ready to exploit holiday shoppers. Make your data privacy a priority this holiday season by taking time for some simple cybersecurity-related precautions.
- Use Strong Passwords: The most astute holiday shoppers use strong passwords to protect against unauthorized access to online accounts. Passwords should be complex, including at least ten characters that are a mixture of uppercase and lowercase letters, numbers, and special characters. Passwords should also be unique (i.e. not used to access numerous accounts) and should not include information about you that is generally available (i.e. your birthdate or pet’s name). Password manager applications are a great option for generating and storing complex passwords that may be difficult to remember or to enter.
- Don’t Use Public Wi-Fi: Though finishing holiday shopping at the airport or at a coffee shop may be convenient, public Wi-Fi connections leave your online activity vulnerable to eavesdropping. Malicious actors within range of a public Wi-Fi network may be able to view the webpages you visit and the information you enter online. Worse, technically savvy malicious actors may be able to set up malicious Wi-Fi connections that appear to be legitimate in order to harvest your information. These connections are difficult to detect. As a matter of best practice, do your shopping from a secured internet connection.
- Check Out as a “Guest”: Some online retailers allow customers to either “create an online account” or “check out as a guest” when completing an online transaction. Discerning holiday shoppers should avoid creating an online account, which may allow the online retailer to capture and maintain information (including payment card details). The indefinite storage of your information could leave it vulnerable in the event that the online retailer’s systems are compromised. Importantly, even the largest and most reputable online retailers are at risk of an attack.
- Vet Your Retailer: According to the FBI's Internet Crime Report for 2018, the number one internet crime reported in 2018 was non-payment / non-delivery of goods and services. In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received. For holiday shoppers looking for a bargain, malicious actors may offer unbeatable prices on inventory that they don’t have in order to trick online shoppers into disclosing information in an attempt to purchase such inventory. The safest option is to transact with established retailers with which you’ve safely transacted before. If you decide to purchase from a new or unfamiliar online retailer, do your due diligence and always be wary of prices that are too good to be true.
- Use a Credit Card and a Digital Wallet: Always use a credit card, as opposed to a debit card, when transacting online. Credit cards offer better liability protection for fraud and compromise of your debit card information, as opposed to your credit card information, may lead to a malicious actor gaining access to your entire bank account. Using a digital wallet like Apple Pay or Google Pay may provide even further protection as digital wallets obscure your payment card information and provide a retailer with a unique one-time code that is only good for that purchase, making it more difficult to access payment information.
- Check the Website URL: If you are disclosing personal or financial information in connection with an online transaction, take the time to confirm that the webpage through which you are transacting is secure. A retailer’s payment page should be equipped with SSL (secure sockets layer) encryption at the very least. You can tell if a website has SSL because the URL will start with https:// instead of http://. Some internet browsers will also show the image of a locked padlock in the address bar for webpages with SSL.
- Avoid “TMI” - Too Much Information: No online retailer needs your Social Security number or driver’s license number to complete an online transaction. Consider it a red flag if you are ever asked for this information, and do not complete a transaction with the retailer making the request. You should also be wary of providing information like your date of birth, which can be requested for marketing purposes. If you want to receive birthday promotions and coupons, use a date that is not your actual birthday.
- Safe Delivery of Packages: Package theft is an increasing concern for online shoppers, and packages left on doorsteps are an easy target during the holiday season. Doorbells with cameras and other security devices rarely deter a package thief. Consider shipping packages to an address where they can be accepted upon delivery, like a work address, or ensure that a signature is required for delivery.
- Protect Your Device: Make sure any device that you use to transact online is equipped with malware and antivirus software and all updates are installed. Malicious actors are constantly developing new malware, so ensuring your software is up to date will help your system avoid new attacks.
- Watch for Phishing Emails: Great deals are especially tempting during the holidays. Beware of advertising emails from retailers that you don’t recognize or have not purchased from before. Phishing emails can lure you into clicking malicious links and downloading malware, or they can steal your information, such as credentials to online accounts with legitimate retailers. Never open an email from an unknown retailer and watch out for unusually good sales or suspicious emails from known retailers. When in doubt, go to the retailer’s website directly to confirm any promotions and don’t click on any links in the email.