Do not gift wrap your data

How to be safe shopping online

In the era of digital convenience, online shopping has become a staple of modern life.  With this convenience, also comes the responsibility of safeguarding your personal and financial information.  Below are essential steps to ensure your online shopping experiences are secure.

Payment Card Data

Stolen payment card data remains one of the most common cybersecurity attacks in retail.  In 2023, accounting for 37% of breaches per the 2023 Data Breach Investigations Report (DBIR). 

One of the most used methods cybercriminals use to obtain payment card data that is embedding with malicious code within a retailer’s credit card processing page.  This allows for stealing customer payment data without impacting the website, and avoiding detection.  

According to the 2023 DBIR, 70% of payment card breaches originated from web applications, with another 8% coming from PoS servers. 
Source : Holiday Season Increases Cybersecurity Risks.  

Typosquatting

Typosquatting refers to the use of commonly mistyped domains to impersonate retailers in order to dupe unsuspecting customers from going to a bad website.  This is a year-round method, and is especially effective around the winter holidays.  Consumers are often rushed to complete their shopping checklist.  In their haste, customers are less likely to verify information and more likely to enter payment card information impulsively.  Threat actors take advantage of the lure of time-sensitive offers during Black Friday and Cyber Monday to acquire valuable personal information.

Source: Holiday Season Increases Cybersecurity Risks.

Five common ways of Typosquatting

Online Ads

Too Good to be true?

Online ads, and their tempting deals can be enticing, but they can also be traps.  Essentially, using data harvesting as a method for gaining insight into specific individuals, consumer groups, and even the larger public.   Businesses, for instance, will engage in this form of data collection to display relevant ads to their customers.

Beware of offers that seem too good to be true.  If it sounds too good to be true, it probably is.  Stick to well-known, reputable websites and sellers.  

Hackers will place advertisements all over the Internet, and even on social media.  Those links could lead you right into a data harvesting site.

NEVER click an Online Ad link.

When shopping online, stick to trusted sources and known retailers.  Avoid visiting random or suspicious websites.  Clicking on Ad links can actually add malicious code to gain unauthorized access to your devices, it can also compromise your privacy in numerous ways.  This is known as Malvertising.  This may include monitoring your browsing habits, accessing personal files and photos, or activating the device’s camera or microphone without the user’s knowledge.

Choose established e-commerce platforms and stores with a track record of reliability.  This will save you from running into any issues with your purchase.  Additionally, when you need to check shipping and delivery updates, you can go back to the trusted site to review those and dismiss any phony alerts you may receive.

Secure your online shopping experience

When it is time to make a payment by Credit Card, only use Credit Cards that provide protection in the event that there is an issue. 

Consider using a secure payment method such as PayPal, or Google Pay, when dealing with third-party sites.  Avoid providing your credit card information directly to websites that you may not be familiar with and may not have proven payment security.

Only accepts Gift Cards?  No way!

Be cautious when websites or vendors insist on payment through gift cards.  Scammers often prefer this method as it’s difficult to trace and recover funds.  Legitimate sellers should accept conventional payment methods.  If you are only given the option of using a gift card, stop the payment process and find a different website to shop with. 

Online shopping can be a fantastic and efficient way to shop from the convenience of anywhere!  However, it is essential to stay vigilant and follow these guidelines to protect your information.  Your security and peace of mind are important in the digital age.  Happy shopping!

The Damage

In 2023, it was estimated that online retailers will lost $48 billion dollars to e-commerce fraud.  That is $48 billion dollars in stolen or fake credit card purchases, impacting millions of people. With the rise of online shopping, it is critical to take all necessary protection measures, so you don’t become one of the millions whose money and data are stolen

Source: 35 E-Commerce Statistics of 2024 – Forbes Advisor

The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest.  Unfortunately, malicious cyber actors do not take time off Following the items above, will help to protect yourself from having a cyber incident.

By Dave Broucek, Trusted Advisor and Cybersecurity