Holiday Online Shopping Safety Tips

As the busiest shopping season of the year descends upon us, the Blue Ash Police Department and the Center for Internet Security recommends taking extra precautions to prevent becoming a victim of fraud or identity theft.

 If you plan on shopping online, be aware that you may be giving your personal and financial information to hackers. Hackers may later use your information to purchase items for themselves or by selling it to another individual.

The Center for Internet Security lists the common ways that hackers take advantage of online shoppers and how you can prevent yourself from becoming a victim.

There are three common ways that attackers can take advantage of online shoppers:

Creating fraudulent sites and email messages – Attackers can create malicious websites or email messages that appear to be legitimate to try to convince you to supply personal and financial information. They may misrepresent themselves as charities, especially after natural disasters or during holiday seasons.

  • Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted.
  • Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it.

 How can you protect yourself?

  • Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information.
  • Make sure your information is being encrypted – Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses or government agencies will not solicit this type of information through email. Do not provide sensitive information through email, click on any of the links in the message, or open any attachments. A common scheme during the holidays is falsifying emails from major shipping companies with a link to track your package.
  • Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. You can minimize potential damage by using a single, low-limit credit card to make all your online purchases. Also, use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
  • Check your shopping app settings – Look for mobile apps that tell you what they do with your data and how they keep it secure. Keep in mind that there is no legal limit on your liability with money stored in a shopping app (or on a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through your shopping app.
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately to your financial institution.
  • Check privacy policies – Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be stored and used.
  • Do not use your work email address for retail accounts - By using one of the free webmail accounts, such as Gmail or Hotmail, it will be much easier to identify a potentially malicious email coming to your work email, since the online retailers should not know that email address. This can also help you prevent criminals from knowing where you work, which is information than can potentially use to hack into your work account.
  • Never shop or log in to personal accounts when on public Wi-Fi or a public device - Public Wi-Fi can make all the personal information that you transmit visible to criminals. Public, shared devices, such as kiosks or library computers, can be infected with malware that will steal your information.16

 For more information, visit the Center for Internet Security. https://www.cisecurity.org/newsletter/shopping-safely-online/]