Your Ad Here

Friday, November 28, 2008

10 Tips for Cyber Monday Safety

I have written and talk about the security issues associated with Cyber Monday which will occur on Dec. 1. 2008. Cyber Monday is the name given by online retailers and e-commerce experts to the Monday following the Thanksgiving holiday. With its Black Friday counterpart in actual store-based traffic, analysts have pointed to significant spikes in online shopping on Cyber Monday. Coined in 2005, Cyber Monday was fueled by promotions such as free gifts and free shipping as well as by the faster Internet connections many people had at home.

Here is an interesting article on how to stay safe this upcoming shopping year.

From: http://www.bankinfosecurity.com/

10 Tips for Cyber Monday Safety
November 28, 2008 - Linda McGlasson, Managing Editor


Financial institutions that want to help their customers avoid the season's thieves online will be ready & willing - ready with advice and willing to answer questions.

Here's a list of some of the top advice from computer security vendors and experts for those brave souls that will venture into Cyber Monday shopping expeditions.

1. Know Thy Seller. A good rule of thumb to follow is if the merchant isn't someone you've done business with before, be wary of them. If you got an unsolicited email touting their site, don't click on it or open it. A good way to check up on a merchant is to get information through the Better Business Bureau or through comparison shopping sites such as buysafeshopping.com.

2. Run a Clean Machine. Having the latest updated anti-virus, anti-malware installed on your PC should be a priority. A whopping 20 percent of computers don't run these software or even have a firewall in place. If you need help, ask. It's better to be protected than fearing you'll look like a dummy because you don't know how to update your PC. Good places to get information about security software include the Department of Homeland Security's US-CERT.gov, StaySafeOnline.info or OnGuardOnline.gov. Be sure to buy your software from reputable, well-known AV companies.

3. If In Doubt, Delete! When opening email, be smart. Most people can recognize spam mail or email that doesn't belong in their inbox. When in doubt, delete an email. Spam or unsolicited email can often contain links, which if clicked on, can infect a PC.


4. Look For Security Signs. When on a company's Internet site, check for the following security signals to ensure you're where you're supposed to be. Note if the web address begins with "https" -- this means you're on a secure server using SSL encryption. Also look for a padlock icon at the bottom of the browser page. Click on it and you'll see the site address. The address will match the web site address at the top of the page. If they don't match, get off the site immediately. Using the latest browsers including Microsoft Internet Explorer 7 or Firefox 3 will allow you to see "green" visual cues on websites with extended validation (EV) SSL Certificates.

5. Check Your Credit Report.This isn't just something you should do during the holidays, but year 'round, and at minimum at least once a year with all three of the credit reporting companies, Experian, TransUnion, and Equifax. Regularly monitoring your credit card and institution account transactions online keeps unapproved users from pilfering your money and reduces the chance of you falling victim to identity theft.

6. Password Sharing A BIG No-No. This is one of the biggest problems that security professionals face at corporations, and consumers are just as lax with friends and families sharing passwords. If you do happen to share a password to a website with your family or a friend or two, don't use the same password for your online banking account or other sensitive site.

7. Don't Fall For A Cheap Price. The old adage "There's a sucker born every minute" was said long before the Internet was invented, but criminals are still out there plying their fake designer watches, clothes, electronics and other items to foolish shoppers who think they're getting the real deal at a discount price. If a website is offering an item for a extremely low price, beware. That $20 iPod Nano isn't worth the box it will arrive in. Usually the end result is only the disappointment of getting a shoddy knock-off. But paying with a credit card could also open you up to fraud and other charges on your card you didn't expect, and may also open you to identity theft if you've given out other information.

8. No Address or Phone Means No Deal. If you do find a small merchant that has just the item you're looking for at an unbelievable price, see if they've got an address and phone number. Call and ask for more information or a catalog. Your call goes to voice mail? Watch out; you may have wandered onto a criminal's website. If you do get someone on the phone, ask questions about their privacy policy and refunds or resolution policy. If you don't like what you hear, go somewhere else. Print out and keep receipts of all transactions to back up any return requests.

9. Use Credit, Not Debit. Credit cards are the safest method for online purchases. Experts advise not to use debit cards for online purchases because they pull money directly from your bank account. If something goes wrong, or turns out to be fraudulent, it can take months to get your money back. If you are able to get it back. The Federal Trade Commission says federal law limits liability to $50 in charges if someone uses your credit card fraudulently. You could also use third-party escrow services such as PayPal.

10. Shop At Home. Avoid sharing computers, just like you should avoid sharing passwords. Performing sensitive transactions such as giving out credit card numbers or checking your online bank account should be done at a computer only you use. Logging in and doing these transactions on shared computers at libraries or other places where anyone can use them is dangerous. Hackers can easily install a keylogger onto the computer, and it captures everything that is typed onto the keyboard, including sensitive information like passwords, credit card numbers and bank account numbers.

1 comment:

Anonymous said...

Excellent Tips especially #4
Echoing that using the latest browsers can detect EV SSL certificates, and display identification information.

If you haven't seen a site yet go launch PayPal or eBay so you can see the address bar turn green, and display the name of the organization listed in the certificate and in IE 7 it also displays the issuer.

This interface alone gives the user a sense of security when using your site, since there is a heightened level of trust.

In addition, there are extremely stringent guidelines (called the vetting process) to obtain EV SSL certificates. I am not sure of the exact protocol but I have heard that on some levels a face-to-fact meeting is necessary to prove your organizations validity.

Internet users will have a greater level of confidence when visiting Web sites displaying the green URL, just from knowing the Web site is authentic and the SSL/TLS connection secure.

Great Article!!