Holiday shopping is here again, but before you jump online to get your gifts and gadgets at Black Friday prices, remember that cyber attackers can target information you make available online, including payment information. With this in mind, we wanted to pass some safety and security tips your way, so you can shop from home safely this season.
How Cyber Attackers Target Online Shoppers
Creating fraudulent sites and email messages
You can walk into a store and know exactly who you are doing business with, but when deals are flooding in through your email, leading you to online stores that have the hottest items at the lowest prices, it pays to be wary. Attackers can create email messages and even entire shopping sites that appear to be very legitimate with the goal of having you supply personal and financial information for them to exploit. Be careful of these malicious sites and emails and always check for details like the address of the sender and brand consistency if the email comes from a reputable name.
Intercepting insecure transactions
If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted.
Targeting vulnerable computers
If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
This list comes from the Cybersecurity and Infrastructure Security Agency (CISA). View the full article for 7 tips on protecting yourself while shopping online.
KCSB Tips for Safeguarding your Information
✔ Check for an insecure connection when navigating to a new site.
Looking for a lock icon next to the site URL indicating that the site is secure and never ignoring warning messages from your browser when navigating to a site, especially for shopping, are two basics to avoid traffic to an insecure site, but there are other key indicators to look for as well.
Pay attention to these three indicators of an unsecured connection:
- A website with a URL that contains a new or different name than the site you intended to visit.
- A menu bar that includes new commands or is missing common commands.
- The status line of the browser displays an unlocked symbol when SSL should be in use.
✔ Clear your Private Data Often
Regardless of the browser you are using, you should clear your private data regularly. Most browsers let you clear the following data from within the browser settings:
- Browsing history
- Download history
- Cookies and other site data
- Cached images and files
- Passwords
- Autofill form data
- Site permissions
You can often set these to clear automatically at certain intervals or go in and clear data manually, but it’s best practice to check occasionally and not let data sit for too long.
✔ Know Your Cookies and When to Block Them
Cookies are text files that save information about preferences, browser settings, and web page preferences. They identify you (or your browser) to websites. Be aware of the following facts about cookies:
- Cookies aren’t inherently malicious and are often necessary for e-commerce websites.
- The use of cookies can constitute a privacy violation because cookies can retain personal information. A hacker could gain access to this information.
- Cookies can be misused by malware to collect and report your web surfing activities.
- First-party cookies are cookies used by the site you are visiting.
- Third-party cookies are cookies placed by sites linked to the site you are visiting. For example, banner ads on a website might place cookies on the machine to identify ads already seen or ads opened.
Some sites will prompt you to accept cookie use on their site, but many will not. A good tip is to turn off the options to automatically accept cookies, especially third-party cookies if the option is available. You can also turn on the option to have your browser ask you every time third party cookies are collected so you know when they are created and can manually decline.
✔ Other Browser Settings for Added Security
- Use the “always ask me where to save files” option to avoid files downloading without your knowledge. By using this option, you will always know when a file is being downloaded to the system.
- Enable the Block Pop-up windows option.
- Turn off “remember search and form history.” Data you enter on forms, such as your banking account number, will be stored if this option is on.
- Do not select the “remember passwords” for sites option. It is best practice to always enter passwords and to not have the browser remember them or use a secure app for storing and recalling passwords across multiple sites.