How to identify (and avoid) security threats while shopping online

Black Friday and Cyber Monday are the perfect opportunities for scammers to take advantage of you online.
Written by Eileen Brown, Contributor

Although you want to grab the best deals this holiday weekend, remember that this is the perfect time for scammers to take advantage of you online.

Phishing emails -- claiming to be from a store, bank, credit card company, etc. -- will entice you to click links that go to copies of legitimate websites. From there, they will try to extract your passwords or credit card information. 

As your inbox fills up with Black Friday and Cyber Monday deals, remember that not all is as it seems. Lamar Bailey, director of security research and development at Tripwire, warns, "Not all of the emails will be legit, as attackers will take valid emails and change the links to point you to malicious sites that may look like the real things."

Sam Curry, Chief Security Officer at Cybereason, advises that people with balances on multiple credit cards might "receive an email pretending to be from the credit card company saying their account is overdue and is subject to being shut down unless they make a minimum monthly payment. The unsuspecting consumer gives away their credit card information and other personable identifiable information."

Javvad Malik, security advocate at AlienVault (now AT&T Cybersecurity), confirms this, advising you to "regularly monitor your credit, debit, and ATM card activity for fraudulent transactions and immediately report anything suspicious."

Phishing scams are also rife this weekend. Curry warns against opening "any attachments or [clicking] on links appearing to be from trusted vendors" and advises going to the trusted website from your web browser instead. He also notes that ransomware attacks, which allow hackers to make money from you if ransomware hits your computer, are prevalent during the holiday season. 

In short, do not click on links from unsolicited emails warns Paul Bischoff, privacy advocate at Comparitech. He insists that you should always check that you have a "valid HTTPS before entering any information into a website."

Other scams occur when you buy something and the item does not arrive. Bischoff notes that the scammer will claim "there is some problem with Amazon or Ebay's payment system."

"They will try to contact you and extract payment through some other means," says Bischoff. "Don't interact with merchants outside of the marketplace's official channels." Also make sure you do not fall victim to porch pirates like a third of Americans do.

If you are keen to shop online, make sure that your experience does not come at the cost of your security warns Todd Peterson, IAM specialist at One Identity. He explains, "Having non-essential websites store [your] passwords or credit card details or using the same password across all online stores is ill-advised."

One particular industry to cautiously shop from? Gaming. Beware of fake game codes or large discount from game companies says Jack Baylor, Security Threat Researcher at Cylance.

"People often put up fake game codes claiming large discounts compared to buying directly from the game manufacturer or the likes of reputable markets such as Steam, Microsoft Store (Xbox1), or PlayStation Store (PS4)," he says. "Often consumers are left out of pocket with nothing more than a nonsense string of letters and numbers to show for it."

How can you reduce security risks when you shop online?

  • Be wary of clicking email links or downloading anything -- no matter how great the holiday sale appears to be. 
  • Always go directly to the vendor's website and type the web address into your browser instead of clicking email links.
  • Check that the vendor's site is legitimate; look our for typos and grammatical errors in the URL and on the site.
  • Use a different password for every website you purchase from.
  • Disable pop-up ads on your browser.
  • Enable multi-factor authentication or opt in to extra security measures provided by your bank/credit card company. If it takes multiple steps to purchase something when you shop, it will be more difficult for hackers to compromise your account.
  • Check all of your online receipts and correlate them with your credit card statement. You need to know exactly what is being added to your card purchases.
  • Check incoming calls from numbers you do not recognize online to see whether the call is from a genuine vendor, and block the number if you the caller makes you uncomfortable.
  • To protect your incoming packages, use a locked drop box or install a home security camera or a video doorbell.

If you are cautious and enable as much security as possible, you are far less likely to be compromised. Then you can rest assured that your holiday shopping does not end in security nightmares and costly mistakes.

Editorial standards