Safe shopping! CompTIA issues list of tips for making holiday purchases online
In anticipation of Cyber Monday, CompTIA recently released a list of ways to be safe when shopping online. It's a timely reminder that the holiday online deals attract shoppers from all walks of life, and shoppers from all walks of life (including many who are highly inexperienced with the dangers of online purhasing) attract hackers, scammers, and phishers.
To help the less experienced avoid the dangers of the shopping season, here's a recap of CompTIA's tips, along with some additional information about avoiding these common security pitfalls.
It's Best with an "S"
Before entering any sensitive information into any form online, always check the address bar. Most likely, the address of the page will begin with "http://" or "https://". That extra "S" may not seem like a big deal at first, but it actually means that the information on the webpage is protected by a Secure Socket Layer (SSL). Everything that travels through that page will be encoded, making it much harder for anyone to steal your information.
To make it even easier, many browsers have ways of telling you if the page is secure. Some, like Google Chrome, use a padlock icon at the beginning of the address; if the lock is closed, the webpage is secure.
Avoid Shopping on Open Wireless Networks
Only shop online if you're connected to a secure wireless network. Do not do any shopping at libraries, coffee shops, or anywhere else that offers a shared network. And when shopping from home, make sure that your own network is protected with a unique security key.
Be Ageless and Unsocial
No online vendor should ever need to know your birthday or your social security number. If they're asking for them, then there's a good chance you've stumbled into a phishing scam. Take your business elsewhere.
Change Passwords and PINs
The longer you keep a single password or PIN, the more likely it is that it will be (or has been) compromised at some point. With this in mind, it's best to switch out any passwords or PINs that you've had for a while. It probably goes without saying — but we'll say it anyway — that this is especially true if you've noticed any unusual activity on any of your accounts.
Be smart about resetting passwords, too. Use symbols, numbers, and both capitalized and lowercase letters. Don't enter your passwords into any form besides on the webpage they go to, don't write them in e-mails, and don't keep lists of them on your computer. There are plenty of websites that can help you build a good, original password or even generate passwords for you — but before using any such site, make sure it is reputable and secure.
Use Automated Alerts
Most financial and credit institutions have tools to help mitigate the damage identity theft can cause. Most will send financial statements or recent purchases straight to your Email inbox or to your mobile device. These notifications can be invaluable in helping you stop an identity thief before they can do too much damage to your bank balance or credit score. And of course, make sure that you always check bank and credit card statements thoroughly when they arrive for any purchases or withdrawals that seem out-of-place.
Be Very Suspicious of E-Mail Offers
Although many legitimate vendors will send out e-mails in order to entice you to buy, the same can be said for cyber criminals. Never click on a suspicious e-mail link; look up any suggested websites manually, or better yet, Google them to see whether they get good reviews. Check websites for physical addresses. Read reviews. And if a deal seems too good to be true, it probably is.
It's also important to remember that many thieves will pose as your own credit card company or financial institution, claiming that your account has been compromised and they need additional (sensitive) information to rectify the problem. Remember that no legitimate institution will send an e-mail if they are truly worried. Never send personal information in an e-mail, and do not give it out over the phone. If at all possible, take care of all business at the physical location of your bank or credit company.