November 2019 • The Monthly Security Awareness Newsletter for Everyone
Shopping Online Securely
The holiday season is nearing for many of us and soon millions of people will be looking to buy the perfect gifts. Many of us will shop online in search of great deals and to avoid noisy crowds. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and using other tactics to scam people. In this newsletter, we explain how you can shop online safely and avoid becoming a victim.
Fake Online Stores
Cyber criminals create fake online stores that mimic the look of real sites or that use the names of well-known stores or brands. When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, and in some cases, your purchases might never be delivered. Take the following steps to protect yourself from fake online stores:
- When possible, purchase from the online stores you already know, trust, and have done business with previously. Bookmark online stores you have visited before and trust.
- Look out for prices that are significantly better than those you see at the established online stores. If the deal sounds too good to be true, it may be fake.
- Be suspicious if the website resembles the one you’ve used in the past, but the website domain name or the name of the store is slightly different. For example, you may be used to shopping at Amazon, whose website address is www.amazon.com, but end up shopping at a fake website that has a similar website address, where the letter o is replaced with the number 0.
- Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like “fraud,” “scam,” “never again,” and “fake.”
- Use a unique password for each of your online accounts. Can’t remember all your passwords? Consider storing them all in a password manager.
Scammers on Legitimate Websites
Keep your guard up even when shopping at trusted websites. Large online stores often offer products sold by different individuals or companies that might have fraudulent intentions. Such online destinations are like real-world markets, where some sellers are more trustworthy than others. Check each seller’s reputation before placing the order. Be wary of sellers who are new to the online store or who sell items at unusually low prices. Review the online store’s policy on purchases from such third parties. When in doubt, purchase items sold directly by the online store, not by the third-party sellers that participate in its online marketplace.
Online Payments for Purchases
Regularly review your credit card statements to identify suspicious charges. If possible, enable the option to notify you by email, text, or app every time a charge is made to your credit card. If you find any suspicious activity, call your credit card company right away and report it. Avoid using debit cards whenever possible. Debit cards take money directly from your bank account; if fraud has been committed, you’ll have a much harder time getting your money back. Another option is using well-known payment services such as PayPal for online purchases, which do not require you to disclose your credit card number to the vendor. Finally, consider using a gift card for online purchases.
Just because an online store has a well-designed, professional look does not mean it’s legitimate. If the website makes you uncomfortable, don’t use it. Instead, head to a well-known site you can trust or have safely used in the past. You may not find that incredible deal, but you are much more likely to end up with a legitimate product and avoid getting scammed.
Subscribe to OUCH! and receive the latest security tips in your email every month.
Do you think you’ve got what it takes to get into the cyber security industry? Or are you looking to improve your existing skillset? Training with SANS helps you achieve your goals. Level Up with SANS today! sans.org/Level-Up-Ouch
OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Alan Waggoner, Cheryl Conley.