This Friday is Black Friday--officially kicking off the 2009 holiday shopping season. Online attackers and malware developers know how to capitalize on current events, and the rush to find great holiday bargains offers a prime opportunity to exploit eager shoppers. Here are five tips to help you shop online securely.
1. Start with the Basics. I realize that it seems redundant and cliché, but the first step in protecting yourself and your computer this holiday season is to make sure your computer is patched and secure .
Make sure you have applied any applicable patches and updates for your operating system and Web browser in particular. Also, ensure you have antivirus and antispyware protection installed and running and that they are up to date.
2. Shop on Secure Sites. Erin Earley, from Swedish anti-spyware company Lavasoft, says "Look for the padlock icon or a URL that starts with https://. That means your transaction is encrypted."
When you are shopping at big name sites like BestBuy.com or Target.com there is less need for concern. However, the quest for holiday bargains often extends beyond major retail chains to more obscure sites.
3. Control Your Credit. One of the biggest concerns with online shopping is the possibility of an attacker intercepting your credit card details and maxing out your credit. If you follow the first tip you will greatly decrease the chances of this happening, but some shoppers are still apprehensive.
There are a couple of alternatives you can use to shop online and protect your credit at the same time. Lavasoft's Earley suggests "If you're hesitant to enter your credit card details online, consider using a separate credit card, or use an "e-card" solution that gives you the ability to create a temporary card number to be used just once or with a spending limit."
4. Fake Holiday Bargains. Fred Touchette, a senior security analyst with AppRiver points out that one of the most popular holiday scams is to lure consumers with fake holiday bargains. Attackers are especially likely to focus on the most popular and hard-to-find items since those are more likely to catch the attention of desperate consumers.
Touchette says the fake product scams are typically promoted via spam email. He suggests that you "always do your research. If you don't recognize a company, don't order anything from them until you're sure they really exist."
5. Bank / PayPal Phishing. With the huge spike in shopping for the holiday season its almost a sure thing that you've made a purchase with a credit card somewhere--either online or in real life at a brick and mortar retail establishment. Attackers know this and know how to capitalize on it.
AppRiver lists both bank phishing attacks and PayPal (or eBay) phishing attacks on its list of the top holiday shopping scams. Watch out for poor spelling or grammar--signs that virtually ensure the message is fake, and remember that your financial institution will never ask you for personal information, account information, or passwords via email.
Touchette further recommends "Avoid following links that are provided for you in an email, especially if you are unsure of the sender. A frequent trick from spammers during the holidays is a link to a fake eBay or PayPal log-in page. Rather than follow links in emails, type it directly into your browser."
I don't know if its just me, but it seems that holiday shopping has reached a frenzy early this year. Black Friday has been stretched into Black November and retailers look like they will be aggressively promoting holiday bargains throughout the holiday season--not just this Friday.
Follow these tips to make sure your online holiday shopping goes smoothly and you can enjoy your holidays in peace.