Follow these tips from the Office of Information Security to minimize the risk of cybercrime when purchasing online this holiday season – and all year long:
1. Do not use public computers or public wireless Internet for your online shopping. Public computers and wireless networks may contain viruses and other malware that steal your information, which can lead to identity theft and financial fraud.
2. Secure your computer and mobile devices. Be sure to keep the operating system, software, and/or apps updated/patched on all of your computers and mobile devices. Use up-to-date antivirus protection and make sure it is receiving updates.
3. Use strong passwords. This is one of the simplest and most important steps to take in securing your devices, computers, and online accounts. Always use more than ten characters, with numbers, special characters, and upper and lower case letters. Use a unique password for every unique site. The Center for Internet Security offers more information about the dangers of password reuse.
4. Know your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s physical address, where available, and phone number in case you have questions or problems. Do not create an online account with a merchant you don’t trust.
5. Pay online with one credit card. Debit cards do not have the same consumer protections as credit cards, which are protected by the Fair Credit Billing Act and may limit your liability if your information was stolen or used improperly. Using one credit card for online shopping limits the potential for financial fraud to affect all of your accounts. Always check your statements carefully.
6. Look for “https” in the Internet address (URL) when making an online purchase.
The “s” in “https” stands for “secure” and indicates that communication with the webpage is encrypted. This helps to ensure your information is transmitted safely to the merchant and no one can spy on it. Alternatively, look for the lock symbol (it’s sometimes green) in the Internet address bar.
7. Do not respond to pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 on a Windows computer and Command + W on a Mac. These could be social engineering attempts designed to convince you to open malware or click on a malicious link.
8. Do not auto-save your personal information. When purchasing online, you may be given the option to save your personal information online for future use. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.
9. Use common sense to avoid scams. Don’t give out your personal or financial information in emails or texts. Get information on many current scams from the Internet Crime Complaint Center and the Federal Trade Commission.
10. Review privacy policies. Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.
If you encounter problems with an online shopping site, contact the seller or the site operator. Organizations that can provide assistance may include:
- your state’s Attorney General’s Office or Consumer Protection Agency
- The Better Business Bureau
- The Federal Trade Commission
Resources provided by the Multi-State Information Sharing and Analysis Center newsletter.