Keep yourself safe whilst online shopping
10 tips to avoid Black Friday and Cyber Monday scams
Posted November 12, 2015 by Wendy Zamora article from Malwarebytes Labs newsletter.
Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season.
In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social engineering scams, pop-up spam, and malvertising campaigns in order to dupe the droves of people expected to spend $3 billion online this year.
So, bargain hunters, it’s important to know the warning signs. Here’s your guide to safe online shopping on Cyber Monday and beyond.
- Go directly to a store’s website instead of using search engines to look for deals. If you do happen to find a deal using a search engine, try to verify it by searching for the exact name of the deal in quotes. If it’s a scam, then it’s likely someone will have already put out a warning.
- Give pop-ups and other digital ads the stank eye. Many pop-ups could contain fake coupons, redirect you to malicious sites, or expose you to cross-site scripting attacks. In addition, malvertising is a huge issue for websites right now. “We’d be surprised if criminals didn’t look to take advantage of web traffic over Cyber Monday by poisoning adverts on popular shopping portals,” says Chris Boyd, Malware Intelligence Analyst at Malwarebytes.
- Watch out for social media scams, especially on Facebook. Cyber criminals are using fake or compromised Facebook accounts in order to post links to amaaaaaazing deals that don’t actually exist. They’re especially prone to dropping links on the walls of open groups dedicated to shopping. “One of the top shopping scams to avoid in the run-up to Cyber Monday is the social media fakeout,” says Boyd. “During any given holiday period there will be an excess of fake offers, deals, and supposed freebies which tend to have a sting in the tail. In the last few weeks, we’ve seen fake cruises, bogus free wine deals, and more. If you’re being asked to share something on Facebook in order to get your hands on something too good to be true, you can bet there’s a scam involved.”
- Dump Cyber Monday emails with attachments in the virtual garbage. Cyber Monday emails with attachments, especially zip files, are super suspect—it’s possible they contain malware. Delete them immediately. Not only that, but you should review any other Cyber Monday-related emails with a hawk eye. If you get an email from a store claiming to have a deal, type the store’s URL directly into your browser instead of clicking on the link. If the site doesn’t verify the deal, you know it’s a fake.
- Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL when you go to check out. If it’s there, then that means the information passed between a store’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”
- Do not use debit cards to shop online. Want to give cyber criminals direct access to your bank account? Then by all means, use your debit card! Otherwise, play it safe by using credit cards or a PayPal account that’s linked to a credit card. While many banks are cracking down on fraudulent withdrawals, you’ll still have to wait for your money while they investigate the charges.
- Avoid using public wifi to shop. All a cyber criminal needs to do to get a public wifi password and wreak havoc is order a coffee. If you’re shopping and entering personal data, best to do it on your secure wifi connection at home.
- Watch out for malicious QR codes. Q what now? QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to a phishing or malware site, printing them on stickers, and placing them on top of the legit QR codes. Best to avoid them.
- Don’t fork over extra info. If a site starts asking for out-of-the-ordinary personal data, like Social Security numbers or password security questions, slam on the brakes and get the heck out of Dodge.
- Tighten up security before you shop on Cyber Monday. Make sure all software on your computer is up-to-date, including your OS, browser, and other apps. And if you don’t already have it, install an anti-malware program and an ad-blocker to insure maximum coverage. If you covered your cyber security bases in the past, run updates on your AV, firewall, and other programs.