Karen McDowell is an information security analyst in U.Va's Information Security, Policy and Records Office. She regularly makes presentations on avoiding common online hazards, and has worked in information technology for more than 15 years.
By Karen McDowell
Newswise — ‘Tis the season to be extra careful when shopping online. It’s no surprise that online holiday shopping is expected to grow by 12 percent to 15 percent this year, nor is it news that cybercriminals and ordinary hackers are preparing, like bears at a trout stream, to steal our data, money, and identities.
As someone whose job it is to help ensure computer security at the University of Virginia, I want to share these tips so that you, your family – and your money – will be safe.
Cybercriminals will use social media, like Facebook and Twitter, to push fake alerts, holiday deal apps, special discounts, raffles and ads. Don’t click. If you’re interested, check out the offer at an official, reputable website instead of clicking on the offer on the social media site.
Hackers will also target mobile phones, so it’s best to download apps only from official app stores, and check other users’ reviews, as well as the app’s permission policies.
Watch out for travel scams, which may take the form of a hotel Wi-Fi pop-up or phony travel webpages.
Every year hackers send infected attachments with subject lines that purport to be from FedEx, UPS or the U.S. Postal Service. If you are expecting a package and want to track it, obtain the tracking number from the official website, and track it that way.
Other scams include bogus gift cards, fake charities, forged e-cards, and phony classifieds.
SMiShing – phishing via text message – is expected to increase during the holidays, too. This is a good time to remember that you should never click on an unsolicited link or respond to an unsolicited message with personal or financial information, even if it appears to come from a friend. Always verify – independent of the message.
Above all, use a strong and different password for each account you create for online purchases. While you’re at it, make sure each of your electronic accounts has a different, strong password. If hackers pry into one account, they won’t necessarily be able to hit your other accounts. Check out a password manager, if remembering passwords is hard for you. Some are free but they’re all useful, as long as your passwords are stored on your computer and not in their cloud.
The National Cyber Security Alliance recommends the following for best protection:
• Keep a Clean Machine: All the devices you use for shopping - including smartphones and tablets - should have up-to-date software including security software, operating systems and other key programs and apps.
• When in Doubt, Throw it Out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete it.
• Think Before You Act: Be wary of communications that offer amazing deals that sound too good to be true, implore you to act immediately –including indicating a problem with an order or payment – or ask you to view the website or an account via a provided link.
• Use Safe Payment Options: Credit cards are generally the safest option. They allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered. Credit cards may limit your responsibility if your account is compromised. Never send cash through the mail or use a money-wiring service.
• Make Sure the Site is Legitimate: This includes a closed padlock on your web browser’s address bar or a URL address that begins with https or shttp. Check reviews of sites you have never used before.
• Keep a Paper Trail: Save records of your online transactions, including the product description, price, online receipt, terms of the sale, and copies of any email exchange with the seller.
Computer security is important any time of the year, but like bricks-and-mortar stores, cybercriminals will have their busiest season between now and New Year’s. My advice: Think it through before clicking through.