15 Steps in Stopping the “Digital Grinch” & Making Shopping Online Safer
It’s that time of the year when many will be going online to purchase gifts for friends and loved ones. Rather than fighting the battles of the rush in malls and stores, many are bypassing this chaos by doing their shopping online; this is often much more convenient, less stressful, and can save us money by helping us find the best deals. We love online shopping and do it all the time. However, with convenience comes vulnerability. The 2018 digital Grinch will be very active this season! Here are some thoughts from us at the White Hatter Team to help make sure your online purchases are safer and more secure this Christmas season:
#1) Use a trusted online shopping site like Amazon.ca, or shop on the website of well-known retailers such as Best Buy, Walmart, or Costco. Make sure that when searching for these sites online you look for mispellings in their name (a common tell that the site is fake). Also, be careful of online sites that use a domain that ends in something other than “.com” or “.ca.” If you're concerned about a site, perform your due-diligence.
#2) Make sure that you only shop at sites that use “HTTPS” in their URL and show a padlock icon when using your credit card. If you are shopping on a site that uses just “HTTP” with no padlock, then you are not using a secure encrypted network and your credit card has a risk of being compromised.
#3) Search for deals on retailer sites rather than using Google. Keep in mind, scammers "poison" search results with malicious or deceptive links. Want that latest game console? Run a search on sites like Best Buy or Amazon rather than on Google.
#4) Do not enter any personal information other than your email address, home address, phone number, and postal code. Be very wary of a site that asks you for your birth date, your driver’s license information, or your social insurance number. This is the personal information that those who want to steal your identity will need to be successful. If you’re in a brick and mortar store and using your credit card, often the salesperson will ask you for your email address. Kindly decline this request - it’s not required for the purchase. Often emails collected will be used to spam you with advertisements. In Canada, the retailer is always legally required to inform you of why they’re requesting your email address.
#5) As you visit sites to make purchases, you will be peppered with requests to start new accounts and save your credit card info. We strongly suggest you deny these requests, particularly during holiday shopping. You want to share, save, and store as little personal info as possible online.
#6) When ordering online, many websites will ask you to set a password for the account so that you can log in and conveniently purchase items the next time you are shopping on their site, or simply to check the status of your most recent order. Make sure the password you set is secure, at least six digits in length which includes an uppercase letter, lowercase letter, a number, and at least one symbol (e.g. “A1dog#h3lp!”). This type of password makes it harder for hackers to crack and then steal personal information from you. Also, ensure that you do not use the same password for multiple accounts. Each account should have its own unique password.
#7) Check your credit card statement regularly online during the Christmas season to ensure that your account has not been compromised. If you notice something suspicious, notify your credit card company immediately. Most credit card companies like Visa will also notify you if they detect some suspicious activity on your account that they wish to confirm with you. If you receive a call from your credit card company, make sure to advise them that you will phone them back to confirm rather than speaking directly to the person who has connected with you. This will prevent phone phishing.
#8) Ensure that your home computer and mobile devices are running the most current malware protection to prevent criminal access to your device which may allow others to see what you are doing. There is malware known as a “keystroke loggers” that allows a cybercriminal to see every keystroke you make allowing others to harvest your credit card numbers and passwords.
#9) If you're shopping from a tablet or smartphone, ensure that you check the web address where you are shopping from. When using smaller screens, sometimes mobile browsers may not clearly display the web addresses of the sites to which you are giving your credit card information.
#10) If shopping from within an app, be sure it is from a trusted vendor. Fake apps do exist. Double-check the app you download to see if it’s from the actual legitimate retailer.
#11) Never use open/free Wi-Fi hot-spots when ordering online. Always ensure that if using open/free Wi-Fi hot-spots that you use a virtual private network (VPN) that will encrypt and secure data being sent via Wi-Fi.
#12) Don’t use a personal debit card. Only shop with a credit card or a credit service like PayPal or Apple Pay. If a personal debit card is breached, the online criminal has full access to your bank account. By using your credit card, PayPal account, or Apple Pay account, it does not allow access to your personal bank account if breached. Most credit card companies and other reputable credit services like PayPal and Apple Pay also have insurance that will reimburse your credit account if it was criminally breached. If you absolutely must use a debit card, use the prepaid kind with a set spending limit.
#13) If you are in a brick and mortar store and using your credit card, only use the chip slot and avoid swiping the card. Most illegal cloning of credit card information comes from skimming that is mostly associated with card swiping. Be very careful of machines where you insert your chip card that does not activate the machine and instead provides you with a message requesting you to use the swipe function instead.
#14) Now that you have purchased your item online, make sure you ship it to a secure location. This may seem extreme, but package theft has become more widespread in recent years with the rise of online shopping and the significant increase of home deliveries. If no one’s home during the day, consider shipping to your office or somewhere else, like a trusted neighbor’s house. This keeps your packages off sidewalks or front doorsteps. Another option is to secure your parcel’s delivery by requesting a signature. If no one is home to sign for the parcel, it will then be held at the delivery vendor’s location for your pick-up. Depending on where you live, have your packages shipped to the post office for you to pick up. If shopping on Amazon, depending on your location, Amazon Locker and Pickup Points are good options as well.
#15) Remember, if you are ever presented with online offers that seem to be too good to be true, you should avoid them at all costs! Look at every holiday-themed and savings-themed email in your inbox with a suspicious eye, and never click on any links inside them, as it could be an email phishing scam.
The White Hatter Team