syse-blog-header

Tips for Cyber Awareness on Cyber Monday

November 23, 2021 | Posted in:

Cybersecurity, IT Solutions & Support

Man doing online shopping with credit card on laptop in cafeteria 600x300Were you one of the 186.4 million Thanksgiving weekend shoppers last year? According to the National Retail Federation (NRF), the number of online-only shoppers in 2020 was up 44% compared to 2019 for the entire weekend (Thanksgiving through Cyber Monday) and is predicting between an 11 - 15% increase this year. That's a lot of shoppers looking for great deals online, however, it's also a great opportunity for cybercriminals to increase their efforts to steal money and confidential information. To stay safe while shopping online, keep the following cybersafety tips in mind.

Before diving into the details, it is important that online shoppers recognize the anatomy of a website address, or URL, in order to identify when something looks out of place. In the image below, you can see all of the various parts of a URL called out. We can use this sample URL as a guide:

URL Example

Pay attention to the URL

It's not always easy to spot a fake URL. Fraudulent websites can often create realistic-looking fake sites to imitate brands you are familiar with such as Amazon, PayPal, Best Buy, etc. The domain will often have the letters of a brand name transposed or misspelled, and additional words or numbers used out of place.
ex: amaz0n.com / gooogle.com / betsbuy.com / 

Be aware that the domain listed directly before the .com (top-level domain) cannot be changed by a hacker. What you may see is the subdomain will have the correct address, and the domain will be fraudulent, like this example: google.com.global-source.com. In this case, global-source.com is the actual domain of this URL.

Verify the security of the webpage

From login to payment, ensure all web pages are secure. A secure site uses SSL (Secure Socket Layer) encryption to keep data in transit hidden from hackers. You can recognize a secure website by looking at the website protocol. It should have the HTTPS:// protocol designation, rather than simply HTTP:// (excluding the "S").

It is best to assume that all HTTP websites are unsafe and should be avoided, however not all HTTPS websites are safe. This can seem confusing, but the connetion type (protocol) is NOT the same as a safe website. Sophisticated cybercriminals can use an SSL certificate (HTTPS protocol) on their fraudlent websites too. The good news is, you can check to see if that HTTPS websites SSL certificate can be trusted in just a few clicks. Depending on your browser, the steps will differ slightly, but when using Chrome:

URL Lock Example1. Click the padlock in the address bar to view the site info.
2. Click "Connection is secure" details. 
3. Click "Certificate is valid"to view certificate details.
4. Select the "Details" tab to view further certificate information.
5. Below the "Field" column choose"Subject".
6. The box below will reveal the comapny /issure information

Make purchases only on secure networks

You may be browsing for those great holiday deals while visiting your favorite coffee shop, but be sure NOT to make any purchases while using the free Wi-Fi. Public Wi-Fi is fine for browsing but it's not secure enough for buying. If you are not required to enter a password, agree to legal terms, or register an account, you are most likely using an unsecured Wi-Fi connection.

If you simply cant wait, be sure to turn off your Wi-Fi and switch over to your cellular connection. This will establish a connection through your network carrier/ mobile provider (i.e. Verizon, AT&T, etc.) encrypting your transferred data and using cell towers rather than a public Wi-Fi network.

When in doubt, dont' check out

These are just a few of the best practices to be aware of while shopping virtually this year, but there are lots of other deceptive tactics hackers use that are worth learning about. If you are interested in learning a few more common tactics, read our blog titled:

Data Breach Prevention: 5 Common Threats To Be Aware Of.

Happy Online Shopping!


For more information on how to protect your sensitive company information, or ask about securing your organization from cyberthreats, email Systems Engineering at info@systemsengineering.com.