Safer cyber‑shopping! 12 tips for a happier Holiday Season

Don't let cybercriminals spoil your holidays! Our tips will ensure you don't get fooled by the latest scams while you hunt down the best deals for your family.

Don’t let cybercriminals spoil your holidays! Our tips will ensure you don’t get fooled by the latest scams while you hunt down the best deals for your family.

In Holiday Season 2013 we expect to see yet another year-on-year increase in the percentage of holiday shopping that happens online.

Naturally, that means more scammers will be looking to do some shopping of their own, at your expense. This might involve using your credit card and bank account to fund their gift-buying, or perhaps capturing and selling your personal information so they have some extra holiday cash.

Here are some tips that Cameron Camp and other ESET researchers have put together to help savvy cyber-shoppers avoid getting scammed while hunting for the best holiday deals online.

Clean up before you shop

Like the tune-up your car might be getting before a long drive to deliver holiday gifts to relatives, your laptop may need a little attention before going online for some power shopping. Give it some love, and improved protection, by updating and patching your browser, helper apps like plug-ins – and it might be worth checking to see there aren’t any bad ones in there, a trick cybercriminals have been employing this year, as per this We Live Security report. Patch  your operating system and anti-malware suite too, before you shop – will help you avoid malware infections and scams, and keep you running smoothly throughout the season.

If you don’t recognize a shopping site, be careful

Buy from websites that have established a reputation for doing what they say, providing accurate descriptions of merchandise and delivering it in good shape and on time (user reviews can be good for this). If it’s this season’s must-have, you can bet cybercriminals will know that too – and this year, they have become increasingly adept at targeting scams on the dates people expect a new product – as reported by We Live Security here. When you’re getting down to the wire with shipping deadlines, the last thing you need is a less-than-stellar online retailer delivering gifts late, or mixing up orders among your friends and relatives, which could be worse than no gifts at all.

Logging into lots of sites? Don’t use your “real” password

Earlier this year, four out of five internet users admitted to being “locked” out of websites due to lost or forgotten passwords – and shopping binges can tempt you to reuse the same one, as you log in to site after site. Don’t. If you are reusing a password – make sure it’s a “throwaway”, ie one unrelated to the important passwords you use for email, or for your bank. For good measure, why not use a throwaway email address as well, to cut down on promo emails after the holidays end.

If that price sounds insane, be wary

If it looks too good to be true, it probably is.It might be very tempting, but avoid following links that offer goods, services, or gift cards at impossibly cheap prices. They are just too risky. Even links that arrive as SMS messages – often offering 24-hour discounts, can be scams, as We Live Security reports here. Not all discount vendors are scammers, but ask yourself if the promised savings are worth the gamble (or use Google to search for the offer and/or vendor to see what others are saying).

Make sure it’s secure – and ideally, shop from a PC, not a phone

When you are in the ordering process on a website, check to make sure it is using SSL, the standard in secure transactions – often shown by browsers as a little lock symbol. If that isn’t there, check the URL. You should be able to see https or shttp in front of the web address instead of http. It’s far easier to do these checks on a PC, rather than smartphone or tablet browsers, so it’s worth sitting down, even if it is an impulse buy. Using SSL encrypts the exchange of information, such as your credit card, so eavesdroppers cannot read it. When in doubt, a quick search in Google for the word “scam” or “fraud” along with the site name should tell you if that site has a history of problems.

Be wary of deals that “expire tomorrow”

Watch out for URGENT deals that arrive in unsolicited email or purport to be from friends on social networking sites. This sort of scam appears everywhere – even on Pinterest, as We Live Security reported here. Exercise extra caution if the message uses broken English (or whatever your native language might be) or if it doesn’t seem quite right for some reason. If you think the deal is real, open a browser and type the name of the website directly into the address bar. This will keep you from getting swept away by scam links to fake websites built by cyber crooks that harvest your information and spirit it off to the underworld (the black market in stolen identity data).

Don’t shop at leaky hotspots

If you need to do any shopping over WiFi, at home or at a hotspot, make sure it is secure (look for the lock symbol in the WiFi connection dialog) – and in general, avoid shopping  via public hotspots if at all possible. You’re far safer using your 3G or 4G phone as a hotspot, as our detailed guide to safe browsing tells you here – and a little extra on your data bill is small change next to someone going wild on your credit card. The last thing you want is someone snatching your personal details out of thin air as you transmit them from your laptop (or smartphone or tablet).

Buying the latest gadget? Make sure it’s child-safe

Many gadgets already have built-in controls which can help you protect children from adult content – as detailed in our guide to family web use here. Be sure they’re in place before children run off with their new gifts. Apple’s iOS for iPhone, iPod touch and iPad contain a range of settings to restrict access based on age – including the ability to block in-app purchases, which can protect against “bill shock” if children buy extras within games. Amazon’s Kindle Fire devices have a particularly impressive range of child protection options. Windows 8 PC also has upgraded security controls for parents – visit the Family Safety area. It can monitor internet use and deliver reports each week on where they’ve been surfing. Be sure to know which of your children’s gadgets CAN go online – most games consoles can. Consoles such as Xbox and Nintendo DS have parental controls, which block children from inappropriate content. Use them – many parents don’t.

Use a credit card  

If you get scammed and try to get your money back you may have better luck with credit card transactions versus debit cards – credit cards often offer guarantees against fraud, whereas debit cards don’t. Many vendors, whether at the mall or online, prefer debit cards because the transaction is cheaper for them.  That’s not your problem when holiday shopping. Credit cards can put an extra layer of protection in between you and the bad guys.

Too much information? Be afraid

Some malware is able to add questions to forms you use online, so if a shopping website is asking for Too Much Information relative to your purchase, like wanting your Social Security Number to complete a simple order for flowers, abandon the transaction and run an anti-malware scan right away.

Don’t expect money for answering questions

There are legitimate website satisfaction surveys, but when a window pops up promising you large amounts of cash or a $1,000 gift card just for answering a question like “Coke or Pepsi?” close it and move on (and do NOT enter your cellphone number, unless you are prepared to pay for premium services you never ordered). Scammers like to circulate these amazing offers via social media, too. ESET’s Social Media Scanner offers a quick, free way to check out links – or read our guide to spotting scams here.

Stay awake after the holidays

When New Year lull sets in, there’s a tendency to avoid looking at the credit card statements arriving by mail (or email). Maybe you were hoping that you didn’t spend as much as you THINK you may have. But if you got scammed, that statement may be the first sign, so at least skim the statement to see if there are any transactions you don’t recognize. For example, if you have never been to Russia and don’t know anyone who lives on the outskirts of Moscow, it’s a safe bet that any wire transfers or shipments of computer gear to the region are fraudulent, and the sooner you act, the more likely you are to recover your money.

Follow these simple tips and you should sleep a little better during the holiday shopping season. Remember, things will show up on your computer, as they do in life, that seem too good to be true. The holiday shopping season on the internet is no different. Caution may sound boring, but it can pay off. After all, if you feel you don’t have enough time to get your shopping done, you certainly don’t have time to start shopping all over if you do get scammed.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center