8 Online Shopping Security Tips for Cyber Monday

As the online equivalent to Black Friday, Cyber Monday is among the biggest online shopping days of the year. Cyber Monday, along with Black Friday, heralds the beginning of the online holiday shopping season. According to Adobe Analytics, 2018 Cyber Monday sales amounted to a staggering all-time record of $7.87 billion. This year, the prediction is that shoppers will crush this record by spending more than $9 billion online. The forecast is optimistic, however, one of the most significant concerns for both consumers and retailers is safety. The increasing popularity of online shopping happens to attract criminals determined to take advantage of consumers, in one way or another. According to multinational consumer credit reporting company Experian, 43 percent of consumers who had their identity stolen claimed it happened while shopping online during the holiday shopping season. Identity theft remains a significant problem, however, it’s only one type of cybercrime poised to victimize online shoppers. The news is replete with ransomware attacks on retailers, losing access to data, or paying hefty ransoms to cybercriminals. But, for consumers, a new wave of threats has appeared just in time to catch online shoppers seeking Black Friday and Cyber Monday deals.

How to buy safely online shopping practices

So, what can you do?  How to avoid all the threats waiting for you this Cyber Monday? Well, here are 8 online security tips for Cyber Monday.

1. Be smart about passwords

Sure, password managers, like LastPass and 1Password, are effective and might be a good way to go. But, one of the most fundamental principles about passwords is related to length. Long passwords are harder to crack. Be sure to use different passwords for different sites, too, and make a plan to update passwords on a regular basis.

2. Update your software regularly

Be sure to keep your software up-to-date. For your protection, it’s advisable to update the software when legitimately promoted. The latest software probably includes tighter security features than previous versions. To protect your personal information online, ensure you’ve installed the newest update before you start shopping. Don’t put it off!

3. Think before you click

Be careful with clicking links from the email. Phishing is a leading method used by criminals to access your data. If there’s any doubt, access the website manually rather than clicking links within emails. Also, consider installing an anti-phishing tool to ward off attacks. Phishing filters help keep user names, passwords, and other sensitive info safe.

4. Two-factor authentication

Opt-in to two-factor authentication. This additional verification, whether via email or SMS, offers substantially more protection.

5. Beware of “too good to be true” bargains

Crazy deals and limited-time offers might just be scams. Don’t let greed or urgency cause you to act recklessly. Be sure to read the fine print, check links, and verify details before giving up your data or financial information.     Those tips will ensure your online shopping is protected from threats on Cyber Monday. However, it’s not enough to just follow these additional security measures… you must also avoid making these common online shopping mistakes.

6. Don’t use free Wi-Fi for shopping

It’s vitally important to protect your personal information while shopping online. A secured Wi-Fi connection can help to provide an additional layer of security for your online shopping transactions. It’s advisable not to do online shopping, or banking, using the free public Wi-Fi, oftentimes found at airports, cafes, and libraries. Surfer beware!

7. Don’t be tempted by links found in emails

This is really important and worth noting again. Be very careful about clicking links embedded within emails that you receive, especially if they are unsolicited. Emails, even those that look like they’re coming from big brands, could be part of a phishing scam. Rather than clicking email links, shop directly from the sites of stores you know.

8. Don’t enter personal data on sites that aren’t secure

How do you know if a site is secure? Well, secured sites have “HTTPS” (rather than just “HTTP”) in their web address. The “s” stands for secure. To get technical, “HTTPS” is Hypertext Transfer Protocol Secure, which is an extension of the Hypertext Transfer Protocol (“HTTP”). It is used for secure communication over a computer network and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security or, formerly, its predecessor, Secure Sockets Layer. Also, most browsers show a closed padlock in the navigation (address) bar of the browser. If you see this closed padlock, then you can rest assured that the site is secure. Unfortunately, things have changed. Even on a secure site, you’re no longer protected. Nowadays, phishing sites also often use HTTPS to appear more valid. Venafi researchers uncovered copycat phishing sites, which use trusted, valid TLS certificates. These make phishing websites appear valid and more effective in convincing unwary consumers to enter sensitive account and payment data into online forms. To make your online shopping experience safer, be sure NOT to enter financial info or any other personal data into a website UNLESS you know for sure that it’s a legitimate site. Site security is important, but it’s no longer enough.  

The top 2019 scams to avoid

In addition to these online security tips for Cyber Monday, online consumers should also be aware of 2019’s most popular cyber scams. Here are the top 4:

1. Phishing

Phishing is a type of online fraud that uses deception to steal user credentials, including bank account details, passwords, credit card numbers, and other sensitive information. The majority of successful cyberattacks get their start with a phishing email that channels victims to one of the more than 1.5 million new phishing websites created every month. Phishing email messages purport to be notifications from service providers, banks, online payment processors, and other types of organizations. The email typically “informs” the recipient about an urgent need to contribute/update their personal data. Some of the reasons include suspicious account logins, password expirations, and more. Ironically, some attempts request a username/password to enable anti-phishing protection. Phishing attacks are growing more advanced and effective in their use of social engineering.

2. Ransomware

Ransomware attacks have increased over 97 percent in the past two years with almost twenty thousand detections happening each day. Forecasts predict that by 2021, global ransomware damage costs will reach $20 billion. These malicious programs extort victims by encrypting user data and blocking access to computer files. The first sign of a ransomware attack is often a message displayed on the monitor offering to restore the system in return for a substantial payment. Another type of ransomware, called screen-locking ransomware, doesn’t actually encrypt any of your files. It just blocks access and tries to force you to pay. To add insult to injury, cybercriminals behind this type of scam sometimes pose as law enforcement officials in order to lend a perception of credibility. Ransom messages report that the system has been blocked, or the data encrypted, because the victim has pirated content, is running unlicensed software, or worse, and that the victim must pay a fine. (Daniel Mateos, our AVP of R&D in Spain, recently published 5 Ways to Avoid a Ransomware Attack, which contains some ways to protect yourself from ransomware.)

3. Banking Trojans

Trojans are sometimes malicious programs that perform actions that are not authorized by the user: they load, delete, block, modify, or copy data, and they disrupt the performance of computers or computer networks. Financially related, banking Trojans steal account data for online banking systems, e-payment systems, and traditional credit card systems.

4. Cryptojacking

Difficult to detect and even more difficult to prosecute, cryptojacking is surging in popularity as it runs in the background of unsuspecting victims, degrading performance and draining battery capacity. With cryptojacking, hackers use the computing power of a compromised device to “mine” cryptocurrency without the owner’s knowledge. Mining can be performed either by installing a malicious program on the target computer or through various kinds of fileless malware. Sometimes attackers take over part of the computer’s processing power when a page is opened that contains a special mining script. Cryptojacking has been known to occur when viewing online ads or solving a captcha.

More protection for online shoppers

To combat the variety of threats out there, many telecom companies, like Vodafone, Telefonica, and Hutchison Drei, are turning to network-based security to protect customers. Network-based security stops threats at the network level, far from customer smartphones and computers. Because the protection runs on the network, no download is needed, it’s compatible with any range of devices and operating systems, and it’s always up-to-date to confront the latest threats, which is good news for online shoppers. As a way to assure online security for every customer, many communication service providers are now relying on Network Security as a Service from Allot.