It isn’t even Thanksgiving yet, but many people are turning their thoughts to holiday shopping. Here is a copy of my column for the Saturday Evening Post in which I provide tips for safe online shopping.
Imagine Andy Williams singing, “It’s the Most Wonderful Time of the Year” and it may indeed be the most wonderful time of the year for many people, but it is not so wonderful if you have been scammed by cybercriminals who really do find the holiday shopping season to be the most wonderful time of the year – for them. I received an email today showing me how I could get iPads and iPhones at 90% discounts by clicking on links and ordering them online. If I had clicked on the links, all I would have succeeded in doing would have been paying electronically for goods that I never would have received. Meanwhile, by clicking on the links, I also would have run the risk of unknowingly downloading keystroke logging malware that could have stolen all of the information from my computer, such as my Social Security number, credit card number and other financial data and made me a victim of identity theft.
People also get in trouble when they go to phony websites that appear to be those of legitimate retailers and turn over their credit card information to a scammer and never get the goods they think they are purchasing.
If an offer sounds too good to be true, it usually is. Scammers always pick the most popular and expensive items to lure people into sending them money for goods that never are delivered. Never click on links in emails, tweets or text messages unless you are sure the communications are legitimate and it is hard to do so without calling the legitimate company because even if it truly appears to be coming from a legitimate person or entity, their email, twitter, or smart phone may have been hacked into and the communication you receive is from a scammer. Only deal with companies that you know are legitimate and confirm that you are actually on a legitimate website because phony websites can look quite good.
As for online shopping websites, there are a few ways you can determine whether or not a shopping website is legitimate or not. First, find out who actually owns the website. Websites such as http://lookwhois.net/ will enable you to merely put in the URL and see who actually owns the website you are considering using for shopping. If it doesn’t match the legitimate company that you think you are doing business with, you will know to stay away. Also, call the company at a telephone number you know is legitimate to confirm the precise website URL that they use.
In recent years, the Monday after Thanksgiving has come to be known as Cyber Monday, the day on which many people shop online to get holiday bargains. According to the National Retail Federation, 56.5% of holiday shoppers will be making their purchases on line either through their computer, smartphone or other electronic device.
Hackers and identity thieves are always on the prowl trying to lure people into providing their usernames and passwords for their various accounts in order to use that information for purposes of identity theft. A strong password is essential for cybersecurity, but it is not enough to keep you safe. In addition to a unique password for every online account with which you do business, such as your bank account or an often frequented shopping website, you should also use enhanced authentication to provide further protection particularly in the event that your password is compromised.
There are essentially three types of enhanced authentication from which you can choose to provide greater cybersecurity than merely using a password. The first is a biometric such as your fingerprint that can be used to confirm your identity when accessing a particular account. The second is a one time code that is sent to your smart phone as a text message each time you attempt to log into one of your online accounts. In order to access your account, you must include this one time code. The third form of enhanced security is a security key, which is a small device that can fit on your key chain and is inserted into a USB port on the device you are using to access your online account to confirm that it is you that is attempting to gain access to your account. All of these methods can work well and some people will even use more than one in conjunction for greater security.
Here is a link to my latest column from today’s version of USA Today. It deals with the timely topic of scams and identity theft dangers found in online shopping.
Cyber Monday was. by some accounts, the biggest day of online shopping in history as many of us find the convenience and comfort of online shopping very attractive. Whether you shop at a brick and mortar store or an online retailer, legitimate coupons can save you a great deal of money. Consequently many people are always on the lookout for helpful coupons to reduce their shopping costs. Unfortunately, scam artists and identity thieves are only too aware of how much we like our online coupons and have tied phony coupons to many scams. One of the scams involves an email that you receive that appears to come from a legitimate retailer with a link for you to click on to access a coupon that you can use either in online shopping or shopping at a store. The problem is that sometimes these emails which appear to be from the real store have malware attached to the phony coupon so when you click on the link to download it, you are actually unwittingly downloading a keystroke logging malware program that will steal all of your personal information from your computer including credit card information and banking information. They will then use that information to make you a victim of identity theft.
As always, if the coupon looks too good to be true, it usually is and you should immediately be skeptical. You should also be skeptical if the email requires you to provide personal information that can be used to make you a victim of identity theft. Finally, the sad truth is that it is so easy to counterfeit an email to make it look like it is from the legitimate company that you cannot trust any email that you receive with a link until you have confirmed that the email is legitimate. In the case of emails with coupons, the easiest way to deal with this dilemma is to merely go to the real website of the real company (and not through a link provided in the email) and look for the coupon. Any coupons that you would legitimately receive in an email will also be available at the company’s official website. Also, you can further checkout the coupon’s validity by going to the website of the Coupon Information Corporation, a non-profit association of manufacturers that has a section of their website devoted to notifications of counterfeit coupons. Go to their website at http://www.couponinformationcenter.com/ and merely click on the section entitled “Counterfeit Notifications” to see the latest list of phony coupons. Merely because your coupon does not appear there does not insure that the coupon is not a phony, but if it does appear, you can be pretty confident that the coupon you received is indeed a scam.