Since last year, the online threatscape has changed and so we thought it helpful to give some Cyber Monday shopping advice! This year is supposed to be the biggest year yet for eCommerce, but it’s also a time when so many cyber criminals are out to steal your identity and your credit card data.
Anyone who has followed #OnlineThreat on our blog and social media will know that the level of sophistication used to get to your valuable information has dramatically increased. But when it comes to doing your Cyber Monday shopping (or going online at any time), there are two primary threats to watch for: phishing and compromised websites. Both are related, so with a little awareness and caution, you can surf the web and shop safely.
Phishing has existed for some time, but the number of attacks and the degree of deviousness employed by the criminals has increased. Many people are keenly aware of the threat posed by phishing, but if you’re not familiar with the term, it involves using tricks to get you to divulge your login information, credit card, or data useful for identity theft. This is usually in the form of a variant of email spam, but can also be done from social media posts, spoofed or hacked websites, or essentially any way you can be tricked into typing your info where the cyber criminals can get it.
Malicious and spoofed links are the staple of phishing. There are a multitude of ways hackers and criminals can get your email address. We won’t get into the details of that here, but the key is in being able to spot these bad links. This is fairly easy on a computer where you use a cursor to hover over links and see the URL, but tricky if you are tapping on links on a tablet or phone. With this in mind, the best thing all of us can do is to know the domain you are trying to reach and typing it directly into the browser or using the company’s mobile app. This is especially true for logging into your bank, financial institution, or credit card company websites.
The majority of the websites found on the internet are safe. But as recent headlines prove, even large corporations can be hacked into. And once a site’s security is breached, hackers can add malware that can be picked up by anyone visiting the site. Any such malware can then be used to infiltrate your computers or mobile devices and find your valuable data.
But with the alarming increase in phishing, it is also just a likely that cyber criminals will set up their own bogus sites for stealing your personal information. Some of these spoofed sites look almost identical to the actual sites or may emulate enough of the branding from the actual company that someone not paying attention would be fooled.
Safe Cyber Monday Shopping
So with all the great deals going on now (and continuing past the holidays), how do you stay safe? Just like with other forms of theft, the easiest thing to do is to take simple precautions. And like with other crimes, being aware can make the difference between having your credit card stolen and shopping safely. Here’s a few basic, yet vital tips…
Watch the Domain
Phishing takes advantage of the fact that many domains can look similar to a well known one. You probably know the trick. Using Wells Fargo as an example, https://www.wellsfargo.com is the REAL domain. But phishing links can lead to something like wellsfargo.wellsfargo3.com, which is actually on the domain wellsfargo3.com. Remember that whatever is immediately before the .com, .net, etc. is the actual domain name.
The Padlock is Your Friend
Speaking of “https://”, many of us know that this means that a domain is secure. Websites using what are known as SSL certificates encrypt the transmission between your device and the servers hosting the site. Without getting into the technical details, you should see a padlock icon on any site with a valid SSL certificate. In fact, most updated browsers won’t even let you visit a site with suspicious or outdated SSL.
Some sites may not use SSL on every page. Our primary domain, bansheecloud.com does not use it because some of our vendors and third party content providers don’t deliver images or scripts securely and this would cause our pages to generate errors. But we do use SSL at bansheecloud.net (try it and see). More importantly, we set up our sites and our clients’ sites to pass credit card transactions to the payment processor SSL pages. It’s very easy for even a one-person home-based business to do, so you should always make sure there is SSL on any page where you enter payment information!
Watch Those Shortened URLs
Many of us know that URL shortening services such as bit.ly can be used by anyone (unfortunately including spammers and hackers) to shorten long web addresses. But with limited space on tweets and the inconvenience and outright difficulty of typing long URLs, short URLs are here to stay. If you’ve clicked on a link in one of our social posts, you’ll already know that we use our own, curated system, t2d.la By curated, we mean only our company and our clients can use the domain and we monitor the links there.
And if you need to use other services, just make sure you scan any new links before you click on them.
Scan Those Links
There are a number of free link scanning services available. Like anything else online, some are safe and some are not. Some are more effective than others. Your best bet is to use antivirus or antimalware systems that include link scanning. We provide our clients with a variety of software solutions, including our own banSHIELD suite.
Staying Safe Every Day
These tips will hopefully get your through the holiday shopping season, but the bad guys are constantly improving and adapting. We recommend following #OnlineThreat on this blog or on social media. You can also follow our Security Blog at http://t2d.la/security And finally, consider subscribing to our newsletter to get exclusive information. We always aim to be less technical and more practical in our cybersecurity advice and actions!