How do attackers target online shoppers?
- Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create fraudulent, malicious websites or email messages that appear to be legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
- Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted. This could include intercepting your name, address, and payment card information.
- Targeting vulnerable computers – If you do not take steps to protect your computer from viruses, malware or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
How can you protect yourself?
- Do business with reputable vendors.
- Make sure your information is being encrypted (SSL). Make sure the URL in your browser begins with https:
- Be wary of emails requesting personal, credit card, or email information.
- Use a credit card – In contrast to using a debit card, the money is subtracted from your bank account directly, making it very hard to get back. With a credit card, you can always dispute the charge.
- Check your shopping app settings – Apps on mobile devices sometimes request far too many permissions. Your shopping app wants to access your calendar? We don’t think so.
- Check your statements – After entering your credit card information online, most shoppers falsely assume the threat ends here. Unfortunately that’s not always the case. Merchants or someone else may use your information to make additional purchases or charges. · Check privacy policies – Most privacy policies provide an explanation about merchant policies in regards to sharing your data.