Security tips for shopping online
on 22 Nov, 2018
It’s safe to assume that everybody, at some point, has indulged in a little online shopping – some more so than others. Whether you’re a regular or you only dabble in online purchases now and then, it’s important to take safety precautions to ensure your personal details don’t get stolen in the process.
When you’re banking over the internet you’re sure to be vigilant and cautious with your information, which is exactly the approach you should take when it comes to online shopping. You’re still entering personal information, including things like your card details and personal address. To help you stay safe, this article looks at ways hackers and data thieves can steal your payment and personal information and ways you can defend yourself against those risks.
While many people opt to shop with trusted and reputable brands, there are plenty of smaller sites out there and it can be hard to know what’s genuine and what’s not. It’s very easy for hackers to create fake pages that resemble authentic online shopping sites - yet another way to steal your personal information - so be careful when shopping online and know what the warning signs are. In other cases the fake site may not be an attempt to steal your information per se, but might be selling counterfeit versions of the products you’re actually trying to buy.
One thing to look out for is ads which display ‘too good to be true’ deals, because a lot of the time, your gut instinct is right. Look to see whether any other sites stock the same product for close to a similar price - if most sell an item for £200 and you’ve found it for £40, this isn’t always just a good reduction. Sometimes, it’s a scam.
Other things you might want to look out for are poor website images, generic text and bad grammar and the use of personal email addresses for contact details, e.g [email protected]
Reputable sites spend good money on perfecting their product images, and are unlikely to leave placeholder text from a website template sitting live on their e-commerce site. These are all tell-tale signs that a site has been cobbled together at speed to try and capture credit card details or to sell counterfeit products before quickly vanishing into the ether.
Similar to fake online shopping sites, there are also apps designed to look like legitimate online shopping platforms when in fact, they are just as fraudulent as the former. Nowadays, many people use apps to perform a whole plethora of online activity from mobile banking to social media. This increase in popularity and usage is one of the main reasons why more and more apps are being created for data-hacking purposes.
Once installed, fake online shopping apps will gain automatic access to your device’s system files and data. You’ll of course be asked to enter sensitive information including your debit or credit card details, which will then be readily available for hackers to use as they wish.
To avoid falling for it, only download shopping apps from respected retailer’s own websites instead of searching for them in the app store. By following a direct link from the legitimate shopping site, you’re much more likely to download an official app and not a knock-off one that’ll compromise your data.
When searching for apps, it’s also a good idea to look at the finer details, including the name of the app creator, the date it was uploaded to the app store and the reviews. Fake apps will tend to have been added recently, have little to no reviews and may use a variation on the retailer's name.
If you’re still not convinced, shop with mobile-optimized sites, rather than apps – just make sure you manually enter in the retailer’s URL to ensure you’re on the legitimate site.
Hacks to be aware of
One way hackers can steal your personal information when online shopping is through SSL stripping. SSL certificates (Secure Sockets Layer certificates), are used by most websites to keep any data you share with them private and protected. When your browser reads as ‘HTTPS’ rather than ‘HTTP’, it means that SSL certificates are in place. You may also notice an image of a green padlock in your URL bar which also indicates that the site you’re on is theoretically secure.
While online retailers like Amazon and eBay have SSL certificates set up, this doesn’t mean your connection to their site is completely safe. SSL stripping is a cyber-security attack in which a hacker redirects your shopping process to an unsecured network, where they’re then able to steal your data. Usually, the proxy server will still feature a fake HTTPS URL and green padlock, to appear legitimate, when really, the hacker has redirected you to an easy-to-view connection.
Instead of having a layer of protection to keep third parties away from your details, your payment card numbers and other private data become exposed. To stop this from happening, you might want to employ a VPN.
A VPN, which means ‘virtual private network’, secures your connection to the internet by encrypting the data that passes through it. Whether you’re using your mobile, laptop or PC to shop online, you can use a VPN on any device. A VPN hides your network connection in a tunnel of encryption so that it can’t be viewed or monitored by anyone – including your ISP provider. This makes it just about impossible for hackers and data thieves to steal your private information when online shopping.
Everything from your device’s unique IP address and your location to the payment details you’re entering are completely masked. So even if a hacker does redirect your connection, they will not be able to decipher any of the information at hand - all they’d see are seemingly nonsensical ‘encryption keys’, long strings of letters and numbers that don’t mean anything to an outsider at all.
While there are many ways scammers and hackers can use online platforms to try and steal your data, this should not deter you from online shopping. As long as you remain vigilant and employ sensible security measures, you’re sure to outsmart the data-thieves, leaving you to enjoy retail therapy to your heart’s content.
Submitted by Tabby Farrar using insight from HMA VPN