Black Friday/Cyber Monday online shopping advice.
Welcome to Cyber Security Today. It’s Friday November 29th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast, click on the arrow below:
 |
 |
 |
Today is officially Black Friday in Canada and the U.S, which means people are rushing to find bargains. Some of you may be listening to this while scanning for big online shopping deals. So much of today’s show deals with safe online shopping.
To start, think carefully about shopping on a company-owned computer or smartphone. Your employer may not approve.
Then be careful of where you shop online. Just because a seller is on Amazon or eBay doesn’t mean the products being sold are legitimate. Lots of people sell knockoffs, or take your money and never ship the goods.
A key thing is to research prices of what you’re looking for before you buy. That way you know if a deal is too good to be true.
Are you getting email with offers of deals? The Talos cyber security service of Cisco Systems suggests you manually type in addresses to sites you want to visit rather than clicking on links, which may go to phony web sites. Researchers also warn to be wary of a stranger sending you a cheque, or gift card if you’ll be a “secret shopper.”
Security vendor ZeroFox also notes that scammers use social media to spread their cons by marking messages with things like #giveaway and #cybermonday.
If you use apps to shop, make sure to download them from a legitimate place like the Google Play Store or the Apple Store.
Remember, the padlock in the address bar doesn’t mean the web site is legitimate. It only means the site uses encryption. That only provides protection for payment transactions if the site is real, not one created by criminals.
When it comes to checkout and paying for goods if you have to create an account remember to use a unique password that isn’t the same as you’ve used on other sites.
Police often advise people to pay for goods online with credit cards because banks will refund money if sellers are fraudulent. On the other hand, if a web site is hacked credit cards might be scooped up. That’s an argument for using Apple Pay, Google Pay or PayPal. Be careful when it’s time to pay to see where you get sent. It isn’t uncommon for a retailer to use another company for processing sales, but you shouldn’t have to log in again to checkout. That’s a sign someone wants to steal your payment data. Look carefully at the web address of the service that’s processing your purchase. If it looks suspicious don’t trust it.
FICO, which makes consumer financial scoring and company protection solutions, reminds shoppers that if an online retailer offers enhanced security features such as step-up-authentication or soft token, be sure to opt-in. And don’t make a direct payment to an online merchant from your bank account, because you won’t be protected in case the promised goods don’t arrive.
Separate from shopping, FICO says that if you get a phone call from someone who says they’re from your bank, hang up and call the bank directly. Your bank will never ask you for your password.
Last. during this holiday period it’s especially important to regularly check your bank and credit card statements for signs of withdrawals or purchases you haven’t made.
Meanwhile, the new site Bleeping Computer warns of a Thanksgiving Day email scam. The message pretends to be a greeting card. Those who open the attachment get infected with malware. As always, beware of email from people you don’t know. Even if the sender’s email is right, their account may have been hacked and is being used to spread malware.
Finally, to our American listeners, have a fun and safe long Thanksgiving weekend.