Were you one of the nearly 180 million holiday weekend shoppers in November (Thanksgiving through Cyber Monday)? According to data from the National Retail Federation (NRF), online shopping was far more popular than in-store purchases this year. Now that December is underway, the last-minute cyber deals are likely flooding your inbox, along with cybercriminal attempts to trick you out of money and confidential information.
Before you take advantage of your next online deal, take a look at these top cybersecurity tips you can follow.
First and foremost, it is important that online shoppers recognize the anatomy of a website address (URL) in order to identify when something looks out of place. In the image below, you can see all of the various parts of a URL called out.
We can use this sample URL as a guide:
Pay attention to the URL
It's not always easy to spot a fake URL. Fraudulent websites can often create realistic-looking fake sites to imitate brands you are familiar with such as Amazon, PayPal, Best Buy, etc. The domain will often have the letters of a brand name transposed or misspelled, and additional words or numbers used out of place.
ex: amaz0n.com / gooogle.com / betsbuy.com /
Be aware that the domain listed directly before the .com (top-level domain) cannot be changed by a hacker. What you may see is the subdomain will have the correct address, and the domain will be fraudulent, like this example:
In this case, global-source.com is the actual domain of this URL.
Verify the security of the webpage
From login to payment, ensure all web pages are secure. A secure site uses SSL (Secure Socket Layer) encryption to keep data in transit hidden from hackers. You can recognize a secure website by looking at the website protocol. It should have the HTTPS:// protocol designation, rather than simply HTTP:// (excluding the "S").
It is best to assume that all HTTP websites are unsafe and should be avoided, however not all HTTPS websites are safe. This can seem confusing, but the connetion type (protocol) is NOT the same as a safe website. Sophisticated cybercriminals can use an SSL certificate (HTTPS protocol) on their fraudlent websites too. The good news is, you can check to see if that HTTPS websites SSL certificate can be trusted in just a few clicks. Depending on your browser, the steps will differ slightly, but when using Chrome:
1. Click the padlock in the address bar to view the site info.2. Click "Connection is secure" details.3. Click "Certificate is valid"to view certificate details.4. Select the "Details" tab to view further certificate information.5. Below the "Field" column choose"Subject".6. The box below will reveal the comapny /issure information
Make purchases only on secure networks
You may be browsing for those great holiday deals while visiting your favorite coffee shop, but be sure NOT to make any purchases while using the free Wi-Fi. Public Wi-Fi is fine for browsing but it's not secure enough for buying. If you are not required to enter a password, agree to legal terms, or register an account, you are most likely using an unsecured Wi-Fi connection.
If you simply cant wait, be sure to turn off your Wi-Fi and switch over to your cellular connection. This will establish a connection through your network carrier/ mobile provider (i.e. Verizon, AT&T, etc.) encrypting your transferred data and using cell towers rather than a public Wi-Fi network.
When in doubt, don't check out
These are just a few of the best practices to be aware of while shopping virtually this year, but there are lots of other deceptive tactics hackers use that are worth learning about. If you are interested in learning a few more common tactics, read our blog titled:
Happy Online Shopping!
For more information on how to protect your sensitive company information, or ask about securing your organization from cyberthreats, email Systems Engineering at email@example.com.