If you’re opting for online this Black Friday instead of facing the queues at your favourite department store, you may escape the incessant festive tunes and all that pushing and shoving in the aisles and at the doors but please remember, shopping online presents a host of risks to your online safety.
Indeed, some of that frenzy on Black Friday and Cyber Monday can extend to the internet, especially as all that bargain-hunting can cause you to let your guard down, says Carey van Vlaanderen, CEO at ESET South Africa, an internet security company that offers anti-virus and firewall products.
In fact, many people openly admit to taking risks at the prospect of a deal, however too-good-to-be-true it may sound, meaning there are a lot of potential victims who are apt to expose themselves to a range of threats that typically aim to capture their financial information. Indeed, for phishers and scammers, this is no more challenging than shooting phish in a barrel.
Let’s look at how they might attempt to trip you up, and what you can do to avoid stumbling:
We need to ensure that all our shopping takes place at legitimate and tried-and-tested sites. This involves basic precautions, including being wary of odd URLs and staying away from “merchants” offering suspiciously cheap items such as the latest iPhone for a fraction of its going price, as well as from the sites offering “customer support” on free email services such as Gmail.
Additionally, we need to be double wary of – and never click on any links or attachments in – out-of-the-blue emails, instant messages or social media postings that invariably offer amazing bargains, freebies in exchange for completing “surveys”, and similar unmissable offers playing on our fear of, well, missing out.
Pop-up and banner ads that parasitize well-known brands, as well as malicious adverts loaded by legitimate websites from third-party services and possibly even targeted at specific demographics (much as genuine ads would be), can all lead us to malware-hosting websites or to bogus sites that are designed to steal our personal details. Instead of rushing to click on whatever “deal” is on offer, you’re better off typing the retailer’s URL into the browser’s address bar and verifying that the bargain is authentic.
Such typing may not be without risks of its own, however. When typing the domain in your browser’s address bar, do your best not to mistype it. Otherwise you may inadvertently end up on a domain with a name that is confusingly similar to that of the legitimate and well-known web destination, but whose only purpose is to inflict harm on unsuspecting visitors. This malicious type of URL hijacking, also known as typosquatting, is commonplace.
Similarly, as we ramp up our search for sale items, we can reach unintended destinations when attackers poison search engine results with deceptive links. These may lead to dedicated Black Friday and Cyber Monday sites; dedicated, that is, to scamming you. Try instead to search for deals directly on the websites of reputable retailers.
Once on the merchant’s site – and before you input your personal and payment details – ensure that the site uses HTTPS web encryption, so that all the information that passes between your browser and the website is encrypted and prying eyes can’t see and interfere with it. The encryption will be indicated by a padlock icon to the left of the browser’s URL bar that, upon clicking, will also indicate that your connection to the site is secure.
In addition, it pays to be very picky about the Internet Connection that you use for your shopping spree. It’s best to stick to your home or work network, or alternatively to your data plan. Under no circumstances is it a good idea to connect to a public Wi-Fi network for your shopping, as many of them are unsafe.
In conclusion, let’s remember to stick to what are, in fact, some of the fundamental cyber-hygiene practices that will help you avoid nasty surprises while you do all that power shopping.
• Keep your operating system and applications updated with the latest security patches.
• Use reputable security software that incorporates multiple layers of protection.
• Utilise complex and unique passwords or passphrases, especially for your most valuable accounts.