9 Tips to Help You Shop Safely on Cyber Monday

November 25, 2016

9 Tips to Help You Shop Safely on Cyber Monday

Type the phrase "Cyber Monday" into Google, and you'll find links not only to special Cyber Monday coupons and savings, but also to Cyber Monday-only sales at some of the largest online retailers. It's truly become the Internet's version of Black Friday.

Cyber Monday began "officially" in 2005 (it was made up by a marketer), but the phenomenon goes back to the beginning of online shopping, before computers were a fixture in homes. People would return to work on the Monday after Thanksgiving and shop from their office computers.

This year, more than 60 percent of American consumers are expected to shop online on Cyber Monday, although many of us will be shopping from the comfort of our living-room sofas. Cyber Monday has gone mobile as well, with about 50 percent of online shoppers expected to make holiday purchases from their smartphones or tablets.

Of course, as the popularity of Cyber Monday grows and the deals get bigger and better, the risks of shopping online also increase. Cybercriminals love Cyber Monday too, and work hard to get rich off the huge number of people engaging in online commerce around the holidays.

"Our inboxes are filling up with offers, and it's easy to slip something malicious into the volume of unsolicited emails during this time of year," said Don DeBolt, senior technical director at Milpitas, California-based security company FireEye.

"Due to the sheer volume of people shopping on Monday, [it also] makes for a great time to insert a malicious advertisement into an established ad network," DeBolt said. "This type of attack is known as 'malvertising' and results in the attacker taking you to a website of their choosing when your browser loads the malicious advertisement.

"Computer users have little control over this attack if they are not using an ad-blocking application, so it is highly recommended that an anti-malware product is used to best protect against this kind of attack."

To help shoppers stay safe and secure on Cyber Monday, DeBolt offered the following tips.

Shop from a secure computer

A computer that isn't protected by a full-fledged security software suite is more likely to be compromised by malware. Otherwise, all data entered into or transmitted from that computer is at risk, including all forms of personally identifiable information, credit-card numbers and bank accounts.

Shop using a secure connection

Data can be at risk during transit if an attacker controls the network or uses packet-sniffing software. Protocols such as HTTPS, or secure Web browsing, encrypt communications, but in some advanced attacks even those could fall to a "man-in-the-middle" attack. Nonetheless, always look for the HTTPS lock symbol in your browser address window when performing an online purchase.

Use trusted vendors.

Any website can be attacked by hackers, but limiting your shopping to established and trusted vendors limits your exposure. Bookmark the most trusted online retail sites to make sure you don't get redirected to fakes.

Don't fall for 'too-good-to-be-true' deals.

Cyber Monday features a lot of incredible, legitimate deals offered by trusted mainstream retailers. But cybercriminals will prey on shoppers' desire for the lowest prices and will try to slip in a lot of fake deals. Watch out especially for email and text messages promising fantastic savings -- clicking on links in the messages could lead to scams, phishing sites or sites distributing malware.

Plan ahead and don't be rushed.

Cyberattacks take but a split second to occur. Sometimes all that's required is clicking on a link in an email. Look for clues to malicious links, such as an extra ".cc" at the end of what would otherwise be a trusted domain name. Take the time to make sure you're on the correct website.

Review credit-card and bank statements regularly during the shopping season.

Malware can infect credit-card readers in stores, and unscrupulous cashiers often steal card numbers as well. If you find a transaction that doesn't match your purchases, your account may have been compromised. If so, contact your bank or card issuer.

Use unique passwords and logon information for every site you visit.

Yes, it's a pain to remember all those passwords. But if one of them is stolen, a cybercrook will try using it on other websites. Passwords should be as long as possible and contain a mix of upper- and lower-case characters, numbers, punctuation and symbols -- and they shouldn't be reused, especially for any website that handles your money. If you have trouble handling them all, use a password manager.

If you're shopping from a tablet or smartphone on Cyber Monday, use a trusted vendor's app, not a web browser.

Vendors have more control over their own apps than they do over mobile browsers, which often don't display the web addresses of the sites to which you're giving your credit-card information.

Never install software on your mobile device from a website link or code.

Software from locations other than the device's official "store," such as Apple's iTunes App Store or the Google Play Store, has a greater chance of being malicious.