Shopping online is as natural to some of us as breathing; we don't give it a second thought anymore. With that said, it's not a bad idea to take a quick refresher course before your fingers start flying across the keyboard, finishing your holiday shopping in record time this Cyber Monday (or any time for that matter).
Mark Risher, former Product and Cybersecurity Exec. at Yahoo and Microsoft, provides these tips on how consumers can protect themselves during the upcoming shopping frenzy:
1) If it's not SSL, you're screwed: We've been told for years that on any site that's requesting your credit card number, you should be absolutely sure you see HTTPS in the browser bar and a padlock icon in the browser, yet millions of people continue to be taken in by this simple scam. Beyond the risk of someone "eavesdropping" on your sensitive information, the lack of SSL is a sure sign that you're not dealing with a reputable store. Adding SSL to a site can cost as little as $10 and has been de rigueur for almost fifteen years, so any site lacking this basic protection is a huge red flag (but because it's only $10, the presence of that padlock doesn't mean very much by itself).
2) Know the source: The Internet is full of great products from smaller merchants, so buyers certainly shouldn't limit their shopping to just the Amazons of the world. That said, when dealing with a smaller merchant, check out where they're located and whether there's a real company behind the site. All web sites are required to publish a physical mailing address and phone number for technical support; when in doubt you can check it out using simple online tools (http://impermium.com/whois is one) to find whether the merchant is in the city, state, and country you expect.
3) Beware of the man in the middle: When you connect to the Internet from a public WiFi hotspot, it's becoming increasingly easy for bad guys to "listen in" on your computer's browsing pattern with a web site. While most of the time this is innocuous, and Rule #1 above ensures that truly sensitive information is relatively safe, there's still the risk of someone gathering info on where you're browsing and what you're looking at, so keep this in mind when before shopping for unmentionables at the local coffee shop.
4) Don't autocomplete your way to fraud: Related to the public WiFi is the public computer scenario, where features like "autocomplete" occasionally store sensitive info like addresses and credit card numbers (it's up to the merchant to "tell" your computer not to store these fields). So if you're making a purchase from a shared computer, using "Private Browsing" or "Incognito" mode is one quick way to ensure the browser doesn't retain your sensitive info.
5) Have I got a bridge to sell ya: As social networking continues to touch every facet of the Internet, an increasing number of ecommerce purchases originate from a Tweet or a Pin or a Timeline post. Yet bad guys are also taking to these same channels, often with offers that are just too good to be true, seemingly promoted by a friend or acquaintance. While there are great deals to be had, and your Aunt Marcy may be the first to discover one, be wary of links you receive on social networks, especially on mobile devices like smartphones, where it may be difficult or impossible to "hover" over the link and find out where it goes before you click. In all cases, a healthy degree of skepticism is always advised.
Armed with these tips and a dose of common sense along with your own gut feeling, you should be fine this holiday shopping season. Just remember the old saying, "If it seems too good to be true, it probably is."