Awareness : Security Awareness Tips

Top 10 Tips for Safe Online Shopping

As the holiday season approaches, an increasing number of people are choosing the convenience of online shopping over trudging off to the malls. Online shopping is the retail industry’s biggest growth engine, according to a recent Forrester Research study, which predicts $44.7 billion in online shopping this year — an increase of 8% over 2008. But with the increase in online shopping also comes greater exposure to fraud. Taking a few easy precautions while doing your shopping online will prevent you being a victim.

  1. Shop only at merchants you know and trust. Generally, well-known sites tend to have better security and are also anxious to maintain their reputation for safety. If in doubt, check with the “Better Business Bureau”: Best practice is to enter the website name directly into your browser, not by clicking a link in an email.
  2. Do not provide your Social Security number, birth date, or mother’s maiden name in an email or a merchant’s website. Any email asking for this type of information is a good sign that the transaction may be suspicious. Never include your credit card number in an email or while instant messaging.
  3. Make sure the company is on a secure server by noting whether the web address starts with “https.” Many fraudulent web sites may look exactly like your merchant’s site. There is a de facto standard among web browsers to display a “lock” icon somewhere in the window of the browser (NOT in the web page display area!) to indicate a secure, encrypted connection.
  4. Internet Explorer secure lock icon
    Internet Explorer 7/8 displays the lock icon to the right of the address bar.
    Firefox secure lock icon
    Mozilla Firefox displays the lock icon in the lower left corner.
  5. Install the latest anti-virus software, anti-spyware, and firewall on your computer before shopping online. You must keep them up-to-date. Many home computers come with trial versions of anti-malware software. Do not allow your anti-malware subscription to lapse. This may prevent you from obtaining needed updates. Buy these from a reputable software security vendor, not from an unknown security company; otherwise you could get infected with the malware you’re trying to prevent! In particular watch out for pop-ups that warn “Your PC is infected,” and invite you to download “security software to fix the problem.” You can “download security software”: for your home computer from Medical IT (or from “Coral Gables campus”:
  6. Never buy anything, no matter how good the advertised price is, from an unsolicited email (spam). When tempted to buy that replica watch or handbag, imagine that same item being sold out of the car trunk by an unsavory individual. Buying from a spammer could cost much more than the price of that cool item; giving your credit card information to unknown entities over the web may place your identity and credit in jeopardy.
  7. Do not share your passwords with anyone. Use different passwords for different web sites.  Passwords should be 8 characters or more, with a mix of lowercase and uppercase letters, numbers, and symbols. Be aware that that cybercriminals are actively involved in brute force attacks against many public email systems. Using cute and/or easy passwords may be convenient for you but they are also convenient for crooks to guess.
  8. During the holiday season (and year round), check your credit card and bank account transactions online. Don’t wait for the bill to come in the mail or sign up for paperless billing. A little bit of monitoring can stop unapproved use of your credit cards or criminals dipping into your bank accounts. It’s also a good practice to check your credit reports on a regular basis for incorrect information that may be a sign of identity thieves at work. Of course, use a secure computer to perform such checks. Using any publicly available machine such as at a library, conference, etc. to perform such an activity is a risky idea.
  9. Practice safe behavior when it comes to your email. If it looks odd or comes from an unknown person, don’t open it. Even opening what you think is an email from a friend or relative could unleash a virus onto your computer. This applies to all your email accounts.
  10. Keep records of the item you ordered, price paid, any email messages, and the page that shows the seller’s name, address, and telephone number.
  11. Finally, if you are not using your computer for an extended period, turn it off. With the proliferation of high-speed internet access, many users now leave their computers on all the time. This opens the door for criminals who, once they’ve infected your PC, will turn it into their “bot” and commit cybercrime. “Green” computing can also be safe computing!

For more information