Christmas time: tips for safe online shopping

Ever since goods have been sold, there have been people who want to rip off others while shopping. The modern version of this is cyber criminals. They are not only technically savvy and know the latest trends. They also know what assumptions buyers make - and exploit that. So take the time now to take precautions and protect yourself. If you want to shop online more securely, you should follow these tips.

Keep devices up to date

Avoid nasty surprises when shopping online by taking a few simple precautions:

• First of all, make sure that your computer, cell phone or tablet and their software, browsers and applications are up to date. It's important that all your devices are running the latest operating system and have no pending updates. A vulnerability in Android earlier this year allowed criminals to attack devices and take control of them. Mostly affected are cell phones that no longer have the latest version of the operating system but are still in use.
• Also, make sure your devices have security tools such as an antivirus program and VPN (virtual private network) software installed - and learn how to use them.
• Manage your passwords wisely:
  1. Replace older passwords with newer ones that are harder to guess but easier to remember. We recommend using passphrases when possible. A passphrase is a phrase that you can easily remember, but is difficult for hackers to crack. An example of this is, "My voice is my passport." In this case, the passphrase doesn't include special characters or numbers, but instead a phrase with spaces is difficult to guess. Of course, not all websites support passphrases, spaces in passwords, or long passwords. Add special characters and numbers to increase security.
  2. Do not use the same password for different accounts. If necessary, use a password vault that keeps all your passwords safe.
• Shop with your credit card instead of your debit card. Many credit cards have fraud protection included. Plus, that card can be blocked without freezing all your resources. Make sure your credit card provider notifies you of suspicious card activity.

Go one step further

The tips listed above are the basis for your safe shopping experience online. But if you really want to shop safely online, you should definitely consider a few more points.

• Every browser supports secure transactions with SSL encryption. However, you should always make sure that your connection is secure before you click "Buy". To do this, look at your browser's address bar. If the address begins with "https://" and not with https://your transactions are protected. The small lock icon in your browser is also an indication of an encrypted connection. The popular open-source extensions HTTPS Everywhere and uBlock Origin can be installed for free on most browsers to secure transactions, filter content, and block ads.
• If possible, make purchases via a VPN connection. This way, cyber criminals can't do anything with your data if they intercept it because it's encrypted. If you log in to public WiFi often, get a free or low-cost VPN service to always secure your connection.
• Technically savvy users can set up a VM (virtual machine) on their computer specifically for shopping. If your device gets infected, the malware will stay inside the VM, and criminals would not be able to access other sensitive data on the computer.
• Use multi-factor authentication to securely log in to services. Many websites, such as banks, support two-factor authentication (2FA) to better protect your data. Make sure you have it enabled on your device and that you know how it works. You will also receive unique access codes or recovery keys that you should save in case you no longer have access. Don't just use SMS verification - more secure are tools like Google Authenticator or YubiKey.

First check, then click

• Everyone knows that it's not a good idea to simply click on links in an email or on a web page if you don't know that they are safe. About a third of users do it anyway. But you should definitely find out where the link leads to before you click it:
  1. Move the mouse pointer over a link: You will see the web address either as a small pop-up or it will appear at the bottom of the email or browser.
  2. Take a close look at the address. Does it look normal? Is the name too long or does it contain many hyphens or numbers? Does this address lead to the correct website, or somewhere else? Are letters replaced by numbers, such as "amaz0n.com"?

• Research the web address before you click on it. Copy it and enter it into a domain search engine like who.is. This will give you a lot of information, such as when the website was created, where it is registered, or who the owner is. Be suspicious if the site has only been online for a short time or is registered in another country.

Be attentive

Be aware that cyber criminals do their best to imitate well-known shopping sites. However, you can quickly find out if you have landed on a fake site.

• First, look at the design of the website. Most cyber criminals don't have the time or resources to make an exact copy of the original or build their own fake site. Does the portal look professional? Do the links work and are they accurate? If not, these are bad signs - just like a lot of pop-up ads.
• Next, read some text on the website. Poor grammar, misspelled words, and unclear descriptions are clues that all is not right.
• Remember, if it seems too good to be true, it usually isn't. Of course, sometimes there are real bargains on the Internet. But in general, very low prices and the availability of items that are hard to get elsewhere are a red flag. It's probably a rip-off or counterfeit after all.
• Also check that the store accepts major credit cards. Avoid websites that require the following: Direct payments from your bank, wire transfers, or payment methods that are untraceable. If possible, use services like PayPal or Verified by Visa to protect yourself and your money.

Source: Fortinet