Cyber Monday: Avoid the scams and criminals while you shopby Steve Ragan - Nov 30 2009, 23:40
According to Shop.org, there are over 100 million people expected to start their holiday shopping today. While you are online this week, taking advantage of those Cyber Monday and beyond deals, you should be mindful of security and safety. Here’s a brief list of things to consider.
The first thing to consider is searching for holiday sales and deals. When shopping online, stick to the major outlets, and if you visit retail stores that are of the mom-and-pop variety, make sure there is a visible and informative contact section. Make sure you do your homework, and check these little businesses out. They won’t mind a call to confirm their legitimacy.
If the contact information for a retailer is hard to find, then consider this a red flag for potential problems. These problems are not necessarily just scams, what happens if there is a problem with a purchase? How will you get it resolved?
Another thing to watch out for this holiday season is searching for coupons or discount codes online. We’ve covered BlackHat SEO before, but as a refresh, it is where criminals use popular keywords and search terms to lure people onto malicious websites.
You can be sure that they will use promotional codes and related search terms to further their crimes. If you want the latest promotional codes and legit links to sales online, I recommend fatwallet.com. This site that has earned a positive reputation over the years and the community is quick to scoop the latest details and promotions.
Not too long ago, we published an article on five scams and threats to avoid this holiday season. If you have not seen it, head over to read it. This will help you avoid some of the more common tricks seen online this time of year.
Related to that article we have some other tips, directed at holiday promotions and processes. The first tip centers on random pitches for sale items at popular retail outlets. Again, avoid email pitches and use caution when searching for them online. Unless you are on their mailing list, Wal-Mart isn’t likely to send you promotions via email. However, sometimes you can find yourself subscribed to all kinds of marketing lists, so you may get various offers in your inbox.
The easiest way to avoid the tricks and scams sent this way is to open the retail website yourself, by typing the address in by hand. Do not click links in random marketing email. More often than not, these emails are false, and the links can lead to malicious websites, including Phishing scams where your personal information is at risk.
When ordering online, look at the URL (the web address), if it does not start with HTTPS, and for the larger retailers, turn your address bar a different color such as blue or green, then do not enter personal information or credit card information into the checkout field.
This is a sign that the site isn’t using the security available to them to secure your information, or there may be a problem with their security. If your browser issues a SSL related warning, don’t ignore it, read it and if you have doubts, don’t shop on that site. If need be, visit them offline and get the item you are looking for.
When it comes to actual security, ensure that all of your software on your computer is on the current release. This includes your browser and operating system. You’ll want to make sure your anti-Virus and anti-Spam protection is current as well. The reason for this is not just because it is a good habit to form, but because if you happen to stumble onto a malicious site, you are less likely to be impacted by it. However, no security software can replace solid vigilance, so just keep your eyes open, and you’ll be fine when you shop.
Expecting the worst to happen, let’s say you are visiting a site and happen to go from viewing a page to seeing an instant pop-up warning about computer infections and Malware. The first thing to do is not panic. Next, if you are on a Windows PC, do not click on anything. Instead press ALT+F4 on the keyboard until your browser is shutdown. After that, run your security software, just in case, and then avoid that site.
If you are using a Macintosh, these alerts are bothersome but harmless to you for the most part. However there are attacks that target a system running OS X if you download things at random. For Mac users, the advice is the same, don’t download anything, close the browser, and if you installed security software, then scan just to be safe.
Lastly, earlier we suggested that you type in the address for retail outlets online instead of following links in email, but there is another aspect to this. Type the name in correctly.
Plenty of sites will take advantage of misspelled domain names, and some of them can lead to trouble. If you think you have entered the domain name correctly, but something just feels off, then go to the BBB (www.bbb.org) and check them out. For the more tech-savvy, use a dig tool and look at the domain information.
Below is a great example of a mispronounced company name, and the resulting URL, which leads to a completely different type of online shopping experience.
In this site, notice the flood of links and other item promotions on the page. There are lots of brand names and images. This is not the popular retail chain BestBuy (http://www.bestbuy.com). This is a site with a flood of affiliate links. What happens here is that someone is making money by sending you from their site to another expecting you will order, earning them a commission on the sale.
While this is not malicious, it is shady, and can often lead to you paying more than you would expect. Some of the affiliate links lead to legit sites, but you cannot control the domains you are directed to. While testing this site, we discovered that often you did not know how you were being redirected before you appeared on new domains. This lack of control is risky, and should be avoided. Again, this domain is an affiliate portal, not completely malicious, but shady nonetheless.
The first image is the main page from this website and below it the main page for the actual BestBuy website.
For the technical readers, here is a side by side of the two WHOIS reports for the domains. As you can see, there is a big difference between a legit retailer and an affiliate site.
Stay safe this holiday season when you are shopping online. There is nothing to be scared of, but you should exercise a little caution when you are checking off items on your list of presents.