Combat the Latest Online Shopping Threats

You better watch out! Cybercriminals are hard at work prying personal information in new and devious ways. Before a bad Santa injects themselves into your holiday gift list, learn how you can avoid the latest Internet scams this holiday season (and every day), and ensure that bad Santa stays off your list.

Who’s Infecting Who?

By now many Internet users have learned not to open suspicious email attachments, are careful about phishing scams, and avoid peer-to-peer file sharing to keep their computers clean of malware. Now that people are more aware of Internet security best practices, cybercriminals have had to step up their game. “Cybercriminals have learned how to exploit website vulnerabilities to inject malware on reputable websites,” according to Tom Serani, EVP, Business Development at Sitelock. Websites with heavy traffic attract attention from fraudsters wanting to steal shoppers’ personal information presenting an even greater challenge to online shoppers. However, that doesn’t mean that you shouldn’t join the holiday bustle. “Online shoppers should be aware of the sites they’re visiting and avoid transacting on websites that do not have malware protection,” suggested Serani. Websites that have malware protection display a seal like the Sitelock Trust Seal, which appears at the bottom right corner on website’s protected by Sitelock.   The SiteLock Trust Seal, for example, will show the last date that the website was verified as malware free, so it should always be up to date. If not, customers should consider taking their purchase elsewhere.

Don’t Call Me. I’ll Call You.

Has this happened to you? A “helpful” caller gets you on the phone claiming to be from a well-known software company and wants to help you remove a virus from your computerxf. Little do you know that this “friendly” call is actually a fraudster looking to gain access to your computer to drop a piece of malware on it. This will enable them to take control of your computer in order to carry out fraudulent transactions using your credentials, or to inject malware designed to grab your personal information. Always know, tech support professionals generally don’t initiate these phone calls, they respond to yours. Don’t trust a random caller even if they claim to be from a reputable company.

Make Your List…

…And check it twice (or more) to avoid getting caught in an online attack. Old threats are still as active (and relevant) today as new ones.

  • Steer clear of pop-up ads and free downloads unless you trust the organization that developed the download and it is signed with a Code Signing Certificate from a reputable Certificate Authority.
  • Be on the lookout for typos to make sure you’re on the intended website and not one a fraudster set up.
  • Authentic and secure websites will display an SSL certificate that matches the domain you’re on, just look for the security lock and green address bar in their URL.
  • Don’t act on emails requesting suspicious (personal) information even if they appear to be from a trusted source. They are likely phishing emails just looking to gather your information for malicious intent.
  • Look for the Google Trusted Stores badge for purchase protection and shop at online destinations that meet Google’s standards for shipping and customer service.

Remember, if an offer sounds too good to be true, it probably is. Cybercrime is especially high during the busy holiday season. This increased activity offers many more opportunities for fraudsters to catch online shoppers off guard. Don’t let them. Read part 1 of this series to learn about website transaction security, and have a happy and secure holiday season.