10 tips for safe online shopping this Cyber Monday

Shoppers familiar with the Black Friday and Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place, but it becomes particularly rough during the holiday shopping season.

In preparation for the frenzy, cyber villains have crafted a virtual onslaught of social engineering scams, malspam, and malicious, spoofed websites in order to dupe the droves of people expected to spend an average of on Black Friday weekend alone—in brick-and-mortar shops, online, and also on mobile devices.

So, bargain hunters, it’s important to know the warning signs. Here’s your guide to safe online shopping on Cyber Monday and beyond.

  1. Go directly to a store’s website instead of using search engines to look for deals. If you happen to find a deal using a search engine, try to verify it by searching for the exact name of the deal in quotes. If it’s a scam, then it’s likely someone will have already put out a warning.
  2. Dismiss pop-ups and other digital ads. Many pop-ups could contain fake coupons, redirect you to malicious sites, or expose you to cross-site scripting attacks. If a coupon seems to come out of nowhere with a too-good-to-be-true offer, don’t think twice. Just click that “x” and shut it down.
  3. Watch out for social media scams, especially on Facebook. Cybercriminals are using fake or compromised Facebook accounts in order to post links to amazing deals that don’t actually exist. They’re especially prone to dropping links on the walls of open groups dedicated to shopping.
  4. Delete Cyber Monday emails with attachments. Cyber Monday emails with attachments, especially Microsoft Word docs or PDFs, are suspect—it’s possible that they contain malware. Delete them immediately. Not only that, but you should review any other Cyber Monday–related emails with a hawk eye. If you get an email from a store claiming to have a deal, type the store’s URL directly into your browser instead of clicking on the link. If the site doesn’t verify the deal, you know it’s a fake.
  5. Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL when you go to check out. If it’s there, then that means the information passed between a store’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”
  6. Do not use debit cards to shop online. Play it safe by using credit cards or a PayPal account that’s linked to a credit card. While many banks are cracking down on fraudulent withdrawals, you’ll still have to wait for your money while they investigate the charges.
  7. Avoid using public Wi-Fi to shop. All a cybercriminal needs to do to get a public Wi-Fi password and wreak havoc is order a coffee. If you’re shopping and entering personal data, usernames and passwords, or payment information, best to do it on your secure connection at home.
  8. Watch out for malicious QR codes. QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to a phishing or malware site, printing them on stickers, and placing them on top of the legit QR codes.
  9. Don’t fork over extra info. Beware if a site starts asking for out-of-the-ordinary personal data, like Social Security numbers or password security questions.
  10. Tighten up security before you shop on Cyber Monday. Make sure all software on your computer is up-to-date, including your OS, browser, and other apps. And if you don’t already have it, install a cybersecurity program on your desktop that prevents malware infection to insure maximum coverage. In addition, since mobile shopping is set to outpace shopping on any other device for the first time this holiday season, it’s a smart idea to download a cybersecurity program for your Android or iPhone. If you’ve already covered your cybersecurity bases, make sure you run updates on all those programs as well.
Info by Zamora, W., (2018) via Malware Bytes