Ten security tips to beat scammers while online Christmas shopping

Who loves Christmas more than kids? Scammers. They are primed and ready to take advantage of the massive spike in online transactions during the holiday period. And for business owners, online Christmas shopping can be a nightmare if your employees aren’t being security conscious as they fill up those stockings with multiple online purchases. The data breaches at Optus and Medibank have taught us that nobody is safe from hackers.

From a large business with thousands of staff and (seemingly) solid security to someone ordering a bike from Kmart, cybercriminals are more than happy to take anyone’s money. Implementing a few basic principles of cybersecurity could stop your business and your team from becoming another statistic, and save you from a world of financial pain or a privacy nightmare.

Using different passwords across shopping platforms is the number one tip – especially if you use a work device. Below are some of the most critical safety tips to improve online shopping.

Check for device updates before you shop

Computers, tablets, and smartphones that have old software are vulnerable. While you may not want to wait through a 10-minute iPhone update, it will keep you more secure. Hackers often use vulnerabilities found in device operating systems. Updates install patches to keep the bad guys out. Ensure you install all updates before using your device to get those Christmas goodies.

Don’t go to websites from email links

Yes, it’s annoying to type in amazon.com rather than just clicking a link in an email. But phishing scams are at an all-time high right now. If you click on an email link to a malicious site, it can start an auto download of malware. It’s best to avoid clicking links; instead, visit the website directly. To make things easier, save sites as shopping bookmarks in your browser. This is safer than clicking a text or email link.

Use a wallet app where possible

When you give your debit or credit card to a website, it’s always a risk. The risk is even higher if you’re shopping on a site you haven’t purchased from before.

Where possible, buy using a wallet app or PayPal. This eliminates the need to give your payment details directly to the merchant. You share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.). But the retailer doesn’t get your card details.

Remove any saved payment cards after checkout

There are many websites (including Amazon) that automatically save your payment card details. This is bad. Yes, it may make the next buy more convenient, but it puts you at risk. A hacker with access to your device or account could make purchases.

There is also the risk of a data breach by the retailer. These are common and can leak sensitive customer payment information. Think Optus and Medibank. The fewer databases you allow to store your payment details, the better for your security.

Immediately after you check out, remove your payment card from the site. You may need to go to your account settings to do this.

Make sure the site uses HTTPS (emphasis on the ‘S’)

HTTPS has primarily become the standard for websites now. This is instead of “HTTP” without the “S” on the end. HTTPS means that a website encrypts the data transmitted through the site. Such as your name, address, and payment information.

You should NEVER shop on a website that doesn’t use HTTPS in the address bar. An extra indicator is a small lock icon in front of the website address.

Triple check the site URL

We all make typos, especially when using a small smartphone screen. One typo can land you on a copycat site (such as Amazonn(dot)com).

Hackers buy domains that are close to the real ones for popular retailers. Then, they put up copycat sites designed to fool users who make mistakes when typing the URL.

Take those extra few seconds to check that you’ve landed on the correct website. Do this before you start shopping.

Never shop online on public Wi-Fi

Hackers LOVE the holiday shopping season and will hang out in popular public Wi-Fi spots. They spy on the activities of other devices connected to that free hotspot. This gives them access to passwords and credit card information.

Don’t shop online when you’re connected to a public Wi-Fi network. Instead, switch off Wi-Fi and move to your mobile carrier’s connection.

Be on high alert for brand impersonation emails and texts

Phishing scammers were very active during the holiday shopping season of 2021. There was a 397% increase in typo-squatting domains connected to phishing attacks.

While you need to be careful all the time, it’s even worse during the holiday season. Attackers know that people are expecting retailer holiday sales emails. They also get a flurry of order confirmations and shipping notices this time of year.

Hackers use these emails as templates to impersonate brands like Target, Kmart, Amazon, and others. Their emails look nearly identical to the real thing, and they trick people into clicking and/or logging on to a malicious website.

Be on high alert for brand impersonation emails. This is another reason why it’s always better to visit a site directly rather than using an email link.

Enable banking alerts and check your account

‘Phishing Check’ your bank account regularly. Look for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app.

For example, many banks allow you to set up alerts for events such as a purchase exceeding a specified dollar amount or when something is bought from outside the country.

Never Use Work Passwords for Shopping Platforms

As part of your business IT Policies, remind you team about creating unique passwords for each e-commence platform, particularly for individual shopping.

We hope these tips keep you and your team safe while online shopping. We offer affordable IT options for companies, including ways to protect you from cyber threats. Contact us today for a security checkup.