How to shop safely online | Kaspersky official blog

Online shopping is a part of all our lives, and many can no longer imagine their daily routine without it. A couple of clicks, and a delivery guy is already bringing pizza or dog food straight to your door, while movie tickets arrive straight into your inbox. This calls for more, not less vigilance: it’s not only online stores and services that are after your money, but scammers forever scheming how to pick your pocket. Today we talk about cybercriminal tricks and how to protect your funds when shopping online.

Account theft

Attackers are constantly on the lookout for user accounts in services related to online commerce. Why? Sometimes it’s all very simple: they want to gain access to payment cards linked to the account and go on a spree at your expense. There are no two ways about it: account hijacking can cause direct monetary losses.

There are, of course, more complex cases when hacked accounts are used in various fraudulent schemes to scam other users or online services, as well as to launder and cash out stolen funds. That is, if your hacked account is used for some illegal activity, it won’t necessarily result in immediate money losses. However, you might have the police knocking on your door eventually, with all the unpleasantness that entails.

Let’s take a closer look at how exactly someone might hijack your accounts.

Phishing

Received an e-mail about a giveaway or a scary notification about a suspended account? Whatever you do, don’t click anything: it might be scammers hunting for your credentials. For example, here’s how cybercriminals lured Amazon users to phishing pages using bonus points that had to be cashed out immediately. If the user clicked the link and entered their personal data, these went straight to the scammers.

Malware

Phishing is not the only way to steal accounts and personal data. Using banking Trojans, cybercriminals can spoof the login screen and find out your credentials, or redirect you to a fake site that hands over everything you enter.

Public Wi-Fi

In today’s world, you can shop online anywhere. It’s not uncommon, for example, for people to go to the mall to try on a product in person, then order it online at a lower price. What’s more, they can place an order using that same mall’s free Wi-Fi. This is when scammers pounce on the bargain hunters.

The fact is that when you buy online, you send and receive a wealth of valuable information, including account details. Anyone with the right skills and access to the same network can snoop on this data. In the case of free Wi-Fi at the mall, there could be tens, if not hundreds of strangers connected to the same network, some of whom might be there for something a lot less innocent than shopping.

But even on your home Wi-Fi, your security remains an issue — especially if you’ve never changed the router password and aren’t sure which encryption protocol your network uses. All this leaves the door open to cybercriminals.

Online store leaks

Sadly, there are yet more ways to lose your data. Online stores are not watertight, and sometimes leak databases of user accounts. For fraudsters, such data is gold dust. And if you happen to use the same password for different services, attackers will have access to all of them.

Fake websites

Especially creative scammers make their own sites that mimic those of real online shopping services. Some of these fakes are scams used to take money from the victim without delivering the promised goods or services. And as an added bonus, they might steal payment card data too.

So how to shop safely?

Here are some simple tips to help protect your data and money when shopping online.

1. Use strong passwords

Sure, hardly anyone brute-forces passwords these days by entering them one by one. But even with modern methods of cracking, shorter and less complex passwords are more vulnerable. So, the rule still stands: the longer your combination is, the less likely cybercriminals will grab it. We advise using at least 10 characters — even for accounts of little importance. And for accounts you really care about, better to make the password twice as long.

Another dangerous habit is to use the same passwords for multiple sites. Having grabbed the credentials for one account, cybercriminals are unlikely to stop there and will try to log in to other services with the stolen username and password.

You can devise your own password creation system, or use a password generator to come up with strong random combinations. And so as not to forget them, you can store your credentials in a password manager, which also includes a password generator as a rule.

2. Use a VPN to connect to public networks

A secure connection encrypts all traffic and therefore prevents attackers from intercepting your login credentials and payment details. Check here for how to choose the best VPN app.

3. Don’t link bank cards to online shopping accounts

Most of all, attackers love stealing accounts that are rarely used — this way their actions go unnoticed for longer. Therefore, it’s worth linking a bank card only to online stores that you regularly visit, and make sure that your account is not hijacked and that no suspicious transactions appear in your purchase history.

In other cases, it’s safer to decline the “remember card” option and enter the numbers manually. That way, you’ll be less likely to lose money through a long-abandoned account with, let’s say, some online pet store where you once bought hamster food.

4. If possible, pay with payment services

Payment services, such as Google Play or PayPal, store your data in encrypted form on secure servers. The merchant you buy from receives only the virtual account number assigned to the card by the service. Because your card data is not seen by the merchant, this keeps your finances safer from unscrupulous sellers, data leaks from the site, and data interception during transmission over the internet.

5. Get a separate card for online shopping

Get a separate card for online purchases, and keep minimal funds on it. Even if attackers find out the details of this card, they still won’t get their hands on your main money source. It’s best to top up the card immediately before making a purchase and only by the amount you intend to spend.

6. Keep track of your payment history

Set up transaction notifications, and check your payment history regularly. If you spot something suspicious, call your bank immediately. Any unexpected debit, even of a tiny amount, should ring an alarm bell, because it may be scammers floating a trial balloon, or the first automatic payment for a subscription you didn’t ask for.

7. Use reliable protection

These simple rules to protect your data and money will make your online shopping experience safe and secure. To avoid cybercriminal tricks, read our post on how to spot scammers online. And use a reliable security solution that automatically detects and blocks phishing sites.