5 Tips for Safe Holiday Shopping

The holiday season is a popular time for all sorts of scams and malware, as potential victims turn to online storefronts for help with last-minute shopping. However, some basic precautions can make a major difference in the security of your online transactions.

Ed Cohen, vice president of corporate development at SonicWALL, says it’s best to be wary of any unsolicited email from a retailer (to help consumers stay on top of such threats, SonicWALL has made a free Phishing and Spam IQ Quiz available online). “People are spoofing Amazon or eBay or PayPal,” he says. “You’ll get emails, for example, that might say, ‘Your transaction didn’t complete – please enter your data.’”

In a recent Webroot survey, 55 percent of respondents said they plan to purchase at least half of their gifts online this holiday season, up from 38 percent in 2009. What’s more, only 37 percent of respondents use unique passwords for every password-protected site they join, and 52 percent do not check for an HTTPS connection before making purchases.

With that in mind, Webroot suggests following these five tips for staying safe as you take care of that last minute shopping online:

1. Go Straight to the Website

Jeff Horne, director of threat research at Webroot, says it’s far safer to enter a store’s URL directly into your browser’s address bar than to search for a popular product and trust the first few results that come up.

“We’re seeing a lot of malware authors and malware distributors looking at hot items, so if you [search for] Kinect for Xbox, you’re going to get to some stores that are not reputable and that serve ads that have JavaScript components that can infect your computer – or just malware distribution websites that are using drive-by exploits to put stuff on your machine,” Horne says.

2. Don’t Reuse Passwords

It’s crucial, Horne notes, to use different passwords for each website you join. With the rise of social networking, he says, people are managing more and more passwords for different sites, making it increasingly tempting to use the same password in more than one place.

“We see a lot of people using their Facebook passwords for their email,” Horne says. “And we try to explain to people that…if your Facebook account is compromised and you use the same password for the email address you used to register Facebook, [hackers can] log into that email address and they could have your banking information.”

3. Check for the Signs of Security

When making any financial transaction, Horne says, it’s important to ensure that the site is secure. “Look for SSL validation that you’re using HTTPS instead of HTTP in the address bar, and look for the little lock symbol on the status bar of the browser,” Horne says. “Another one that people overlook is the actual green or highlighted popup inside the address bar for a lot of browsers for for extended validation certificates.”

4. Avoid Debit Cards Online

Horne says it’s generally far safer to use a credit card than a debit card when shopping online – while both are susceptible to fraud, the latter can cause a much bigger headache.

“If I use my credit card online and somebody steals it and charges $10,000 to it, all I have to do is call up Chase or Bank of America and say, ‘There’s some fraud on my account’…and they cancel it,” Horne says. “But if it’s your debit card account, that’s immediately debited from your account – and you have to work with the bank in order to get that back.”

5. Be Wary of Seasonal Scams

Fake shipping notification emails, Horne says, are an extremely popular form of spam – to avoid this trap, it’s best to track any package through the shipper’s website, rather than by clicking on a link in an email. “Spammers are mimicking DHL, UPS and FedEx returns and sending blanket emails to everyone as a shipping notification,” he says. “And when you click on it, it goes to a website that looks like FedEx, but it ends up exploiting people with a Trojan downloader.”

Rich Mogull, analyst and CEO at Securosis, suggests one more thing to keep in mind offline as well: make sure that anything you order online is shipped to a physical location that’s actually secure. “A lot of the bad guys have now started watching the UPS trucks and the FedEx trucks. I’ve been getting a lot more reports from people who have been having things disappear off the doorstep,” he says. “There’s so much more being ordered online and delivered to people today that it’s created a big opportunity.”

Finally, SonicWALL’s Cohen notes, all of this advice remains just as valid after Christmas – don’t let your guard down on December 26th. “While people tend to focus on November/December because of shopping, Trojan activities are at a high in January, because that’s when all the credit cards come due,” he says. “So there’s a second wave that usually happens around mid-January…when people are paying bills.”

Follow eSecurityPlanet on Twitter: @eSecurityP.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles