Getting Ready for the Holidays: Your Safe Online Shopping Guide

Following my advice for a "cyber-safe summer," I also have some thoughts for the upcoming holiday season: 

Online retailers are gearing up for the biggest shopping day of the year. With more consumers doing their holiday shopping online, additional compute resources and warehouses bulging with inventory ensure that shoppers won’t experience any delays in finding what they want, or making online transactions.

Unfortunately, merchants and shoppers aren’t the only ones getting ready. The holiday shopping season is also a big event for cybercriminals. Fake web sites, intercepting your financial data, charity scams, email phishing attacks, fake shopping sites, texting and SMS scams, and more are all designed to steal you personal and financial information.

So, in addition to checking your credit card balances and making out your shopping lists, you also need to take precautions before doing your holiday shopping online. If done right, it can be a safe and convenient way to buy gifts – if you follow a few simple rules.

- Pay attention to where you are.

In just the past few weeks we learned that WPA2, the encryption protocol used to protect data moving between a computer and the wireless device that connects it to the Internet has been broken. Which means you may want to think twice about doing your online shopping using the public Wi-Fi at your local coffee shop.

And that’s just the start.

Public W-Fi sites are a haven for criminals looking intercept your connection and use it to steal your credit card information, passwords, and other personal data. For example, that guy over in the corner with his laptop open is broadcasting his device as “Free Coffeshop Wi-Fi.” Which means that when you connect to it, he then connects you to the Internet through his device. Which means he can capture all the traffic moving between you and your online shopping site, bank, or social media accounts.

In addition, your phone is always searching for the wireless devices you usually connect to. Once your phone finds a familiar network it will automatically try to connect to it. But there are now tools out there that can detect the name of the devices your phone is searching for and mimic them, allowing a hacker to use that fake connection to steal your data. So be aware of the name of the wireless device you are connected to. If you are in a coffee shop at the mall, and your device thinks it is connected to your home wireless network, then someone is probably trying to steal your data. 

- Use protection.

There are a number of things you can do to protect yourself when shopping online.

• Make sure all your devices are updated and patched. Providers issue regular security updates designed to protect you from known threats. Sometimes people assume that their mobile device is more secure than their laptop, but that is simply no longer true. 
• Be careful when downloading new holiday apps, especially on Android phones, because we are seeing a spike in infected or fake apps – especially those not downloaded from official app stores.
• Use your credit card and not your debit card. Most credit cards have built-in fraud protection. Check with your bank or your card provider to learn more about what protections your card provides.
• Make sure your connection is secure. When you are about to make a purchase, look at the address bar of your browser and make sure that it starts with https:// rather than http://, or look for a small lock icon on your browser. These mean that your transaction is protected.
• Consider using a VPN (virtual private network) service. There are a number of low cost/no cost services that will ensure that all your connections are always protected.

- Be careful when using unfamiliar sites

If you are shopping at an unfamiliar online store, then you may want to take precautions:

• Don’t click on links in advertisements sent to your email or on web sites unless you check them first. If you hover your mouse over a link you should be able to see the URL. Look at it carefully. Is the name too long or does it contain lots of hyphens or numbers? Does it replace letters with numbers, such as amaz0n.com? It is best to never open an email or click on an attachment from someone you don’t know – especially when it includes an enticing subject line, such as a cash reward or a bill for something you didn’t purchase.
• Use your search engine to look for online reviews and ratings of an unknown or unfamiliar site before you shop there. Use words like fraud or scam in your search.
• Look at the website design. Does it look professional? Are the links accurate and fast? Are there lots of popups? These are all bad signs.
• Read the text. Bad grammar, unclear descriptions, and misspelled words are all giveaways that the site is probably not be legitimate.
• Be skeptical. Unusually low prices and high availability of hard to find items are red flags for scam sites. Sure there are some good deals out there. But people invented the phrase “too good to be true” for a reason.
• Make sure the online retailer uses a secure checkout system that accepts major credit cards. Avoid sites that require direct payments from your bank, wire transfers, or untraceable forms of payment.

As our ability to purchase items, make online transactions, and connect to others through smart devices gets easier, we need to understand that these conveniences come with risks. Cybercriminals are determined and informed on the latest trends and how to exploit them. Which is why we need to take the time to educate ourselves - and our friends and family – about shopping carefully so we can have a happy, and safe Holiday season.

Originally appeared in Huffington Post.

See how retail locations are protecting their customers with Fortinet. San Pedro Square and Lush Cosmetics.