Blog / 65 Days until Christmas
I was searching around for a suitable topic for this week’s newsletter when our Cyber Security Supervisor Karl Buckley forwarded a timely article to me that he wrote about Online Shopping. As Kim from our office is forever reminding us, it’s only 65 days until Christmas, so it’s a good time to remind you and your staff about good online shopping practices. Kim is our resident Christmas count-down clock! Of course, these practices pertain to online shopping for any article and any time of the year. Karl wrote:
Online shopping is something many of us do. I myself make liberal use of online shopping, due to where I live. The nearest big city to me is Grande Prairie, and it’s about 1 hour away. There’s a reasonable selection, but honestly, it’s not well stocked with many of the things I look for. Those sorts of items require going somewhere bigger like Edmonton, which takes 5 hours just to drive to the outskirts. Not exactly an easy run to the corner store. Today, I’m going to impart some simple tips to help you stay safe when you’re doing online shopping:
1) Make sure the site is using HTTPS
HTTPS is just normal HTTP wrapped up in an encryption layer. This prevents someone in between from listening in and gathering your information (like credit card numbers, login info, etc.).
Confirming the site by making use of HTTPS is fairly trivial, even for a novice user.
- Look for HTTPS in the address bar
- Look for a lock symbol (usually close to the URL).
The presence of these 2 things is vital, when it comes to entering your personal information on any website.
2) Pay attention to the URL
One method hackers can use to try and swindle people is when they set up websites that respond to common misspellings of a particular URL.
E.G.: http://amazon.com -> http://ammazon.com, http://microsoft.com ->http://microsoft.com-softwarez.ru
It only takes a moment to check that the website looks right. Be sure to do it a couple of times, not just at the beginning. You can never know when a website will get hijacked. This is particularly important if you are browsing on a smart phone, or other smaller devices where the display space is very limited.
3) Read the product reviews
Since you can’t physically touch/see the product, try to find out as much as you can. Reviews are a good source of information about it. Try to ignore any review that is useless (“This sucks”, “Great”, etc.) and look for reviews that explain why they arrived at that decision.
4) Use a Credit card for online purchases (not a debit / visa debit card)
Credit cards are not considered cash, unlike debit cards. If you have problems with the product and are having difficulty getting a return, you can contact your credit card company and get the purchase reversed. There will likely be a few hoops you need to jump through and you’ll need to give them a good reason, but it can still be done. Reversing a debit purchase is close to impossible, because it is fundamentally considered a cash purchase.
(Dave writes: A reader in the banking industry also passed on these helpful suggestions: from a banking perspective, [the bank] usually suggests a 2nd credit card with a low spending limit for online shopping. Avoid debit cards as if they are compromised, you most likely will have to a whole new account, which means pre-authorized debits will have to be changed.
5) Monitor your credit card
Even if you are sure that you did everything right and it was all secure, keep a close eye on your credit card transactions. Just because you’re sure nobody compromised your CC information during the purchase, doesn’t mean the company you made the purchase from hasn’t had a breach.
6) Do not use autofill to complete personal information forms
There are 2 good reasons not to use auto complete, when it comes to personal information or important forms:
- Data entered with autocomplete does not always look the way it is supposed to. There is the possibility of additional invisible characters being transmitted, which could mess up what you are trying to do.
- Browsers don’t keep this information under lock and key. It is not difficult for an attacker to get the auto-fill information from a browser. So, if you have your credit card information stored in your browsers cache, that can be compromised.
7) Keep your anti-malware software up-to-date
Any anti-malware software has frequent detection updates (multiple times a day, in many cases). Also, many products are dated by year (E.G. Norton 2017.) Make sure to keep your software (not just the signatures) as up-to-date as possible. This helps ensure that your detection is running at peak efficiency.
8) Have strong passwords for your logins.
You should ensure that any site where you log your personal information (address, CC, etc.) into, has a strong password. I gave a lot of advice on passwords in a previous newsletter you can read here if you like: https://www.facebook.com/trinustech/posts/1540553369334786
None of this advice is complicated, difficult or even time-consuming. It’s mostly just simple tips, suggestions and things to watch for, that you may not have been aware of. Stay safe online!
Thanks Karl!
Dave White
TRINUS
dwhite@trinustech.com