By Riaan Viljoen* Information Security Specialist at Capricorn Group
With Black Friday fast approaching worldwide, and its online equivalent, Cyber Monday, a few days later, the number of online deals during this time will far outnumber those available in stores. To distinguish between a legitimate deal (or website) and one simply out to steal your money, it is important to remember the many perils of online browsing, and how easy it can be to fall for scams. Here are some tips for safe online shopping.
It is one thing to browse, but never use public Wi-Fi to make payments. These connections can easily be hacked, as the passwords are freely available on request.
If someone you know and trust regularly buys from a specific site without hassle, consider it legit. As for the rest, be careful. Do not trust five-star buyer ratings on a site ‒ check independent third-party references instead? Are there spelling/grammar errors on the site? Even if the site is not a swindle, poor spelling could be indicative of poor security measures.
Suspicious sites often imitate well-known sites with names like Amason.com, BidorBay.com or eBuy.com and often look the same. Never make any payment on a site that is not secure (https://), but do not assume a secure site will always be legitimate. It simply means that the communication to and from the site is encrypted. Pop-ups on any site should always be treated with suspicion. The same goes for sites with no contact information or return policies.
The web, and your email, will be rife with contests during this time. Never enter any personal or payment information to get on a shortlist for some unbelievable deal. A contest for, or even winning, expensive products outside an official product site are very likely a scam.
Do not make direct payments on a site, unless it is locally known, such as your church’s web page. Most legitimate sites redirect to secure payment sites like PayPal. These sites hide your payment information from online stores, which gives you an additional measure of protection against hackers, protection largely absent with direct payments. They also enable refunds, if need be. Generally, however, do not allow sites to auto-save your payment information or passwords.
Watch what you post online or via social media. Social engineers can use any information you post against you in ways you never expect.
Do not click on links in any emails offering good deals, even if the mail comes from a seemingly legitimate vendor. Instead, go to the vendor site directly to confirm that the offers exist on the official site as well. Do not be rushed by urgent deadlines on sales, especially if a request involves entering personal or payment information to secure a product. Rather, lose the deal. You might also get phishing emails claiming irregular purchases on your account where none exist, requesting urgent password resets or your account or card number confirmations. Never entertain such requests. If in doubt, contact your bank using a number you obtain yourself.
Apply for SMS notifications such as Bank Windhoek’s AlertMe service on transactions, and check your bank statements regularly. Make sure the applications and operating systems on your laptop or cell phone remain up to date. When upgrading or replacing your phone, be sure to wipe all applications and data from your old phone. Payment card information could be hiding in an online application and could be exploited by someone who knows how. Immediately report stolen cell phones to your bank to ensure no data or payment information has been compromised. Change passwords and One-Time Pin (OTP) notification numbers immediately.
Do not allow your holiday season to be marred by online fraud. Start off vigilant, and remain so.
*Riaan Viljoen is an Information Security Specialist at Capricorn Group, Namibia.