Cyber Monday: 10 Steps to Avoid Security Risks

Adobe has released its “Online Holiday Shopping Forecast,” and it is predicting that Cyber Monday online shopping will exceed a whopping $2.27 billion. This Cyber Monday, the Monday after Black Friday, is predicted to be the highest single U.S. online shopping day ever.

With the rush of consumers seeking online deals on Cyber Monday comes the rush of cybercriminals chomping at the bit to take advantage of even just a small percentage of these online shoppers. Cyber Monday presents a terrific opportunity for cybercriminals to attempt any number of malicious activities, from faked delivery confirmations to offers for non-existent deals, often with the intent of installing malware or Trojans on computers to steal the shopper’s credit card information.

To make matters worse, there’s new malware circulating the Internet targeting businesses. The Internet Crime Complaint Center, part of the FBI, issued a public service announcement earlier this month about file-encrypting “ransomware” known as CryptoLocker. Businesses are receiving emails with alleged customer complaints.

These emails contain attachments that, when opened, appear as a window that is in fact a malware downloader. This downloader installs the malware. Verbiage in the window states important files have been encrypted using a unique key generated for the computer.

Attackers demand a ransom payment ranging from $100-$300 to deliver a private key needed to decrypt files. But once the encryption of the files is complete, decryption is not feasible, and victims are advised to scrub their hard drive and restore encrypted files from a backup.

If you’re one of the many people who plan to seek out deals online on Cyber Monday, whether for yourself or your facility, here are 10 steps PriorityOne Group suggests you take to protect your computer and personal information — steps that are also worth following year-round.

1. Use a secure browser. Before submitting personal information, make sure you see “https” in the Web address. While this may seem obvious to experienced online shoppers, you can never be too cautious in this regard. If you’re in a hurry to make a purchase out of fear that the deal you’re getting will disappear, it’s easy to forget to check for the https. But taking a moment to verify that it is in the web address may be the difference between whether a cybercriminal can steal your information or not.

2. Avoid common passwords. Another basic precaution of safe online shopping, but an area where consumers still make mistakes, particularly when they’re in a rush to create an account needed to complete a purchase. The advice here: create a unique, random password for every new login. If you need help coming up with and keeping track of passwords, look into a password management service.

3. Use only familiar websites. If you come across a deal that takes you to the online store of a company you’ve never heard of, proceed with caution. For if a deal or website seems like it may be too good to be true, it probably is. Don’t enter any credit card information if you’re wary of a site at all. Double check the URL to be safe. You can also check the name of the business through the Better Business Bureau to help confirm whether the company is legitimate — as well as read reviews about customer experiences with the businesses. In the end, you need to ask whether the possible savings of making a purchase through a company and website you’ve never heard of is worth the risk. It’s probably not.

4. Update your security. Make sure all security scans, browsers and patches are up to date to be certain your computer is virus and malware free. Also make sure your antivirus and antimalware software is set up to run regular scans to check for viruses and malware. If you accidentally visit a website or open an email attachment you didn’t intend to, stop whatever you’re doing and immediately run antivirus and antimalware scans.

5. Be cautious when opening email, browsing the web and using social networks. All are commonly used for phishing attacks, and harmful attacks may come from people or websites you trust (without their knowledge). Take a moment and really think before clicking links or opening pages.

6. Ensure SSL is enabled on the websites you visit. As with step #1, ensuring SSL — which stands for secure socket layer — is enabled will help protect your personal information. SSL is a web certificate from a reputable supplier that provides data security. If a site does not have this feature enabled, hackers can seize your card information. If you’re entering sensitive personal information into your web browser, look for a lock icon in the website’s URL in the address bar (it may be to the left or right of the URL, depending upon the browser you’re using) to verify whether the site uses SSL.

7. Bookmark reliable sites and block content you know is harmful. One method hackers try to steal personal information is by getting people to visit a phony website. When you visit a website you trust and verify it is the correct website you wanted to visit, consider bookmarking the address of that website, and navigating to the website through that bookmark in the future. This will help prevent you from mistyping a web address (that may take you to a phony website) or clicking a phony link in a web search. You should also consider using a filtering service like OpenDNS to protect your computer from websites that are known to be harmful to your computer.

8. Double check encryption when emailing information. You can never be too cautious when you’re emailing credit or debit card information (and this is also true for when you’re submitting such information through a website). Make sure the email is encrypted; this way hackers will be unable to access your information.

9. Don’t blindly trust your smartphone or tablet. There’s a common misconception among consumers that mobile devices — smartphones and tablets — are not susceptible to the threats described in this piece. But like regular computers and laptops, they can be hacked, and users can encounter the same threats.

10. Document, document, document (and review your documents). Healthcare providers know about the importance of documentation, and this applies to online shopping as well. When placing an order online, save or print a copy of the webpage or email in case it is needed for future reference. The Better Business Bureau suggests paying with a credit card because federal law allows you to dispute any charges if necessary. Also, make sure to check credit card statements often . Don’t wait for statements to come in the mail; check them online regularly to help detect suspicious activity sooner than later.

If you are joining the many online shoppers this Cyber Monday, shop and pay cautiously. Do not trust third-party communication or any website that may seem the slightest bit suspicious. While shopping from the comfort of home — and saving money while doing so — can make Cyber Monday a very enjoyable experience, it is critical to keep your guard up and be aware of scams and fraudulent websites. By following the 10 steps described above, you’ll be able to make out like a bandit on Cyber Monday without allowing bandits to make out with your personal information.

Leave a comment!

You must be logged in to post a comment.