Round-up of Cyber Monday safe shopping tips

“The National Retail Federation estimates that more than half of online retailers will be offering promotions and discounts for Cyber Monday, and ComScore is projecting an astronomical $1.5 billion dollars in sales – all in a single day,” says The Next Web. But it is also a bonanza for identity thieves, with financial fraud malware and new shopping scams abounding. “Malicious campaigns detected and blocked thus far, predominately play upon Black Friday themes to spam-promote scam websites offering loans, fake degrees and such . We also see scams that entice victims to complete survey scams in order to harvest personal information,” blogged Websense on Black Friday.

Since Cyber Monday in the US effectively kick-starts the worldwide holiday buying season, we’ve collected a selection of the main safety tips being offered for safe shopping online. 

First and foremost is to make sure that the browser in use is fully patched – especially any plug-ins that are installed. “Plug-ins are software modules that we install to give the browser additional capabilities, such as running applications, watching video, listening to music, and playing games,” explains Wolfgang Kandek, CTO at Qualys. “Unfortunately, such added functionality comes at a price, and the plug-ins can add vulnerabilities.” If the browser and its plug-ins are fully-patched, many of the exploits found on the internet are simply blocked.

But the next step is to try to avoid those exploits, and this involves taking care which sites are visited. "If it looks too good to be true..." warns Websense. “Fake websites are created by scammers to entice buyers using terminology such as 'wholesale prices' or 'liquidated stock’,” so don’t trust a site that offers something at just a fraction of the normal price. Trust is key to safety on the internet. Good advice is to limit your purchasing to sites you already know and trust.

Of course that doesn’t mean that the site you think you visit is the genuine site (note that 280 Pakistani sites were hijacked just this weekend). Only purchase from HTTPS sites, and even then be wary of the information you are asked to provide. “If you're submitting any personal information online; many retailers will use additional security features such as HTTPS and Extended Validation Certificates (EV) and these are evident by a padlock icon and organization name appearing on the address bar in green,” explains Websense.

Safety, like charity, begins at home and starts on our own computer and with our own behavior. It is surprising how many users still do not have any anti-virus installed. Even where a purchase is genuine from a perfectly valid vendor, malware is able to eavesdrop on the transaction and steal the users’ bank credentials – so up-to-date anti-virus defenses are essential. But AV will not help if the user clicks on unknown links in scam emails, or opens attachments from unknown senders. It is essential that every user stays on guard and questions everything received – in particular looking out for the tell-tale grammatical errors, typos and mis-spellings that come with scams.

In short, keep computer defenses up to date and patched, remain wary and think twice before doing anything, distrust offers that are simply too good to be true, and keep to sites that are known and trustworthy – and enjoy the online shopping season.

What’s hot on Infosecurity Magazine?