Posts

Protect Yourself from Holiday Shopping Scams

Even though the highly publicized retail data breaches have involved off-line brick and mortar stores, this doesn’t mean that security is high with online shopping. Scammers and hackers are waiting for you in more ways than you know, such as: 9D

  • Fake product reviews
  • Non-existent products
  • Delivered products that don’t match what was seen on the retail site
  • Shoppers being tricked into typing their credit card information into a purchase form on a phony shopping site
  • Malicious attachments and phishing emails offering too good to be true discounts to install malware on your device.

Let’s explore online shopping scams in more detail.

First up are malicious links and malments (malicious attachment).

  • You receive an e-mail pitching a great product deal; click on the link to learn more or to make the purchase. The scammer often makes the e-mail look like it came from a leading retailer. Clicking the e-mail may download a virus, or take you to the scammer’s website where you’re tricked into “buying” non-existent products—giving out your credit card information.
  • An e-mail may contain an attachment that, when opened, downloads a virus.
  • The e-mail may appear to come from UPS (but it’s really from the crook), and if you just by chance recently ordered something for delivery by UPS, you’re then easily tricked into clicking a “track your order” link.
  • Never click links or open attachments from e-mails that you’re not outright expecting, especially if there are typos in the message.

Coupons

  • If it’s too good to be true, then it’s too good to be true.
  • Be suspicious if a coupon site with fantabulous deals wants all sorts of personal information from you, as in, “What do they need to know that for?”
  • Fraudulent coupon sites often have typos including poor punctuation.
  • Annoying pop-up windows should send you running.

Gift Cards

  • Same thing as above: If it’s too good to be true, then assume it’s a scam.
  • Just delete any gift card e-mails pitching amazing deals, especially if there’s a link in the message.
  • Never fill out personal information in a form inside an unsolicited e-mail for some fantastic deal.

Not every gift card related e-mail is fraudulent. If the e-mail appears to be from someone you know, contact that person for verification before opening any attachment or following any links. A tip that it’s legitimate is that it has a code so that you can claim the gift; a tip that it’s a scam is that it’s asking you for your credit card information.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

8 ways to avoid holiday shopping scams

So what will you be doing this holiday season to avoid getting scammed? The scammers really come out of the woodwork during the holidays, waiting to snatch their victims. It’s easier than you think to avoid getting ripped off or getting your entire bank account sucked dry. Here’s how to avoid getting tangled in a scammer’s net: 9D

  • Always inspect every purchase on your credit card statements to make sure you recognize them.
  • If you must go with a lesser-known seller (because the product is very unique), then first Google them for any bad reviews. Keep in mind that raving reviews may have been set up by a scammer, but the presence of bad reviews is very telling. A clue that excellent reviews were set up by a fraudster is that identical ones appear on different sites.
  • Back up your data. Why? When all else fails and your data and devices have been destroyed by malware, a cloud backup like Carbonite allows you to not only recover all your data, but it helps you sleep at night.
  • Never click a link inside an e-mail that appears to have come from a retailer, UPS, the government, etc. Even if you just purchased something from Amazon, that e-mail “from” Amazon that contains a link is –you can bet on this — the work of a scammer. Clicking on the link may download a virus, or lead you to a site that lures you into giving your credit card number, SSN and other vital data to a cyber thief.
  • Sellers can also be victims of scams. A common one is that the buyer overpays the seller with a phony check, pretends it’s an innocent mistake, and then asks you to wire back the difference.
  • If you’re buying from individuals instead of businesses (think: eBay), meet potential buyers and sellers in public locations. If you’re buying, inform the seller you’ll initially meet without cash just to inspect the item.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Online Shopping and Counterfeit Goods – The Facts Don’t Lie

As the holiday season creeps upon us, research shows that an astonishing 24% people who are buying online have been duped by scammers. Whether you are buying shoes, electronics or the latest fashions and accessories, research companies are showing that you are at risk of being duped.

9DWhen you look at the overall shopping behavior of consumers, we see that about 34% do all of their shopping online, and during the holiday season, this number rises to 39% of all consumers. That is a lot of people for counterfeiters to focus on.

Mark Frost, the CEO of MarkMonitor, explains that it is crucial for customers to stay aware of the possibility of buying counterfeit goods, especially during the holidays. Most of us are looking for a bargain, and this is exactly why we tend to jump on these deals. On top of this, counterfeiters have gotten very good at making these fake goods look almost identical to the real deal, and it is near impossible, in some cases, for the untrained eye to tell them apart. Here are some more facts:

People are Exposed to Online Counterfeit Goods All of the Time

With so many counterfeit goods out there, you have likely been exposed to them, or even made a purchase. Younger people are more at risk of buying these goods, and when looking at those in the 18-34 year old range, almost 40% had purchased counterfeit goods in the past.

In addition to these goods, about 56% of people have received counterfeit emails, or those that seem as if they are coming from a certain company, such as Nike, but in reality, all of the items are fake. Fortunately, only about one in 20 consumers are likely to click on these links, but that means that about 5% of consumers are directed to these sites, too, and may get caught up in the bargains.

This is a Global Issue

Statistics also show that about 64% of global consumers are worried about online security. These same consumers report that they feel safer buying from local extensions, such as .de, .uk and .co.

Attitudes Towards Buying Counterfeit Goods

One of the most alarming facts that come up in these studies is that about 20% of consumers continue the purchase of their goods, even after finding themselves on a website with counterfeit goods.

As you continue your holiday shopping, make sure to keep these facts in mind and make sure to research any site you choose to buy from, even those that look like they may be legitimate.

Shoppers need to be cautious when searching online to spread their holiday cheer and MarkMonitor suggests checking this list twice to find out if websites are naughty or nice:

  1. Check the URL: In a practice known as “typosquatting” fraudulent sites will often be under a misspelled brandname.com, attempting to trick consumers into thinking they are on a reputable website.
  2. Check the Price: Counterfeiters have been getting very smart about pricing lately and not discounting their wares as heavily as before, but deep discounts – especially on unknown e-commerce sites – are a tip-off that consumers should do a lot more checking before buying.
  3. Check the “About” and the “FAQs” pages: Though some sites look professional at first glance, but are not always so careful about these pages. Check for spelling and grammatical errors.
  4. Check for reviews: Many fraudulent websites’ reputations proceed them. Search for what people are saying about the site and include the term ‘scam’ with the site name to see if they are known to be a risky site.  

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

8 Ways to Ensure Safe and Secure Online Shopping this Holiday Season

So, who’s on your holiday gift list this year? That list is a lot longer than you think; consider all the names of hackers that have not yet appeared on it. Scammers will do whatever it takes to get on your holiday gift list! Here’s how to keep these cyber thieves out of your pocket:

  • Before purchasing from a small online merchant, see what the Better Business Bureau says and also search Google for reviews.
  • If you see an unexpected e-mail allegedly from a retailer you shop at, don’t open it. Scammers send out millions of trick e-mails that appear to be from major retailers. They hope to trick gullible shoppers into clicking on them and revealing sensitive information. So many of these scam e-mails get sent out that it’s common for someone to receive one that appears to be from a store they very recently purchased from.
  • When shopping online at a coffee house or other public spot, sit with your back to a wall so that “visual hackers” don’t spy over your shoulder. Better yet, avoid using public Wi-Fi for online shopping.
  • Back up your data. When shopping online it’s highly probable you’ll stumble upon an infected website designed to inject malicious code on your device. Malware called “ransomware” will hold your data hostage. Backing up your data in the cloud to Carbonite protects you from having to pay the ransom.
  • Save all your financial, banking and other sensitive online transactions for when you’re at home to avoid unsecure public Wi-Fi networks.
  • Change all of your passwords to increase your protection should a retailer you shop at fall victim to a data breach. Every account of yours should have a different and very unique password.
  • Ditch the debit card; a thief could drain your bank account in seconds. Use only credit cards. Why? If a fraudster gets your number and you claim the unauthorized purchase within 60 days, you’ll get reimbursed.
  • Review your credit card statements monthly and carefully. Investigate even tiny unauthorized charges, since thieves often start out small to “test the waters.”

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Online Shopping Warnings and Advice

Shopping online can be just as dangerous to your security as leaving your car unlocked in the mall parking lot.

2CConsumer Reports notes the following:

Don’t judge a website by its cover. A malicious website can look legitimate, even though it aims to nab your personal data, even identity, or sell counterfeit products.

Others aim to lure you in “with low prices they honor only if you buy extra items, or quietly adding unexpected charges based on fine-print disclosures they know you won’t read.”

  • Look up any unfamiliar online store on bbb.org (Better Business Bureau). Check the rating, any adverse reviews and confirm its address. Search it out with keywords like “complaints.”
  • Carefully read the seller’s fine print.
  • Don’t use a debit card; use a credit card, so that the dispute process is easier.

Defective products. Read the fine print; it may say that all goods “are sold as is.” This means you won’t have the right to receive a replacement for bad merchandise.

You may be able to get a refund within 30 days of purchase, but beyond that, many sites say you must deal directly with the product’s manufacturer (you’ll need to pay for return shipping). Another problem is when the website is not an authorized dealer for the product you bought.

  • Make sure the site is an authorized dealer. Contact the manufacturer if necessary. Read the terms and conditions.
  • Be suspicious of sites that you know or believe will send you tons of spam after your purchase.
  • Understand the site’s privacy policy before giving personal data. “Many retailers let you elect to receive offers or have your info shared.” Others will automatically spam you or share your information unless you uncheck the pre-checked option boxes. “And limit the info you provide to what’s critical for completing the purchase.”

Infected computer, or your payments are disrupted.

  • Never give out credit card information unless the Internet connection is secured.
  • Don’t peruse the Web unless the computer (or smartphone) is protected.
  • Make sure the retailer’s URL begins with a “https” (the “s” is necessary) preceded by a padlock icon.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

10 Tips to Safe Online Shopping

How times have changed. I can remember when Christmas didn’t start until after Thanksgiving—not before Halloween as we see things in stores and online now. Seems like the holiday season and decorations start earlier and earlier every year.

But one thing that hasn’t changed is that Black Friday is still a big shopping day. And with the advent of online shopping has emerged Cyber Monday (the first Monday after Thanksgiving) which is another big sale day for online shoppers. In fact, a recent McAfee study revealed that 70% of American’s plan to shop online this holiday season. And nearly half (48%) of us will be shopping online on Cyber Monday.

Although many of us may take advantage of these great deals that the holidays offer, we also need to be aware of the risks. Online shopping is a fun and convenient way to make purchases, locate hard-to-find items, and discover bargains, but we need to take steps to protect ourselves.

To stay safe this holiday season while shopping online:

Check the site’s web address—Once you arrive at a site, you need to make sure that it is legitimate and not a fake site. So check the URL and make sure you really are at www.amazon.com and not www.amazan.com even though they make look alike.

Check that the site is secure—The McAfee survey revealed that 20% of Americans cannot ever tell if a site is secure. Some things to look for on a secure site include:

Check to make sure that the web address starts with https instead of http, which indicates that encryption is being to protect your information.

Look for lock symbol on the page which is another indication that the site is using encryption.

Look for a security seal, such as the McAfee SECURE™ trustmark, indicating that the site has been scanned and verified as secure by a trusted third party. This security seal indicates that the site will help protect you from identity theft, credit card fraud, spam, and other malicious threats..

Pay with a credit card—Credit cards on the whole offer better protection against fraud than debit cards. You won’t be liable for fraudulent purchases and the thieves won’t be able to drain your bank account if they get your account #. Most banks now offer virtual or one time use credit cards numbers. You can go to your bank’s online site and enter your credit card number and it will give you a number that you can use for a specific purchase. Any use of that one-time credit card number will be automatically flagged or not approved by your bank.

Do not use a public computer or free wireless connection to shop online—If you are using a public computer, strangers may be able to access your browsing history and even your login information. To protect yourself, do all of your online shopping from your home computer or your personal mobile device. Never shop using an unsecured wireless connection (like those free Wi-Fi hotspots at coffee shops) because hackers can access your information.

Make sure you have a clean computer or mobile device—Make sure you have up-to-date security software on all your devices, like McAfee All Access, that can safeguard your privacy, protect against identity theft, and defend against viruses and online threats.

Keep a paper trail—Keep a copy of your order number and receipt, and note which credit card you used. When you receive your credit card statement, review it to make sure that the charge placed on your card is correct and that there are no extra fees or charges.

 

By following some of these simple tips, you can enjoy all the advantages that online shopping has to offer and prevent risking your personal information.

 

I hope you have a safe, enjoyable holiday shopping season.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

5 Smart and Safe eBay Shopper Tips

Shopping is for people with time and money. When I am a consumer, it’s because I need something, and not necessarily the biggest or the best something. I need something practical, safe, and smart. eBay allows consumers to search for exactly what they need, and can be a great place to find hard-to-get items.

Overall, eBay can be a good experience if you know what you are doing. But take it from me: knowing what you are doing takes time and focus. Don’t just jump on eBay and whip out your credit card. You may get burnt in more ways than one.

1. Avoid scams by looking at the sellers’ feedback ratings. A rating of one indicates that the seller is either a “newbie” or a criminal. Certainly, we all have to start somewhere. But personally, I draw the line at sellers with a feedback rating of at least 15, and I still check to see what they’ve bought and sold. If they’ve bought or sold 15 items at $1 each, that’s a red flag. Sellers with higher ratings are generally experienced professionals.

2. Search deeply before bidding. Check to see if the same item is available from a different seller, how the “Buy Now” price varies, and how much others are bidding. The highest bid may be much lower than the “Buy Now” price. Consider how much time is left to bid to help determine what the final sale price may be.

3. Walk before you run. If there are plenty of the item you want available but prices are all over the place, sit back and “Watch” a few to see where the final sales prices end up.

4. Set up alerts. I set up eBay alerts for any items I’m looking for. I receive messages with all the current items for sale, and then only the new ones being listed on eBay each day. This allows me to effectively manage my purchasing.

5. Use Auction Sniper. I never bid on eBay. The more your presence is known the more opportunities there are for criminals to contact you. Protect your identity with Auction Sniper, you bid anonymously the absolute highest dollar amount you’re willing to spend on that item, and walk away. Auction Sniper will snipe the bid for you in the last five seconds while people wonder where the heck you came from.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Marketers (and Criminals) Buzz About Mobile Tuesday

Fresh off the most successful Cyber Monday, which turned into a Cyber Week or even a Cyber Month, spanning from mid-November into December, marketers and advertisers are now positioning themselves for a 2012 Mobile Tuesday.

Forbes reports, “Consumers are going mobile in large numbers, and the 2011 holiday season proved it. IBM Coremetrics recently reported that consumers increased shopping on smartphones and tablets on Black Friday. Purchases made on mobile devices accounted for 9.8% of online sales, which is up 3.2% from last year. GSI announced a 254% increase in US mobile sales on Black Friday. PayPal Mobile announced a 516% increase in global mobile payment volume over last year, and eBay Mobile reported US purchases were nearly two and a half times what they were last year.”

Criminals are paying attention.

The National Cyber Security Alliance and McAfee released a study showing that in the last six months, 50% of Americans have used smartphones to research potential purchases, 27% have used them to shop, 12% have used them to shop at auction websites, specifically, and 18% have used their phones to make online payments.

To stay safe while mobile shopping this holiday season:

1. Keep mobile security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.

Retailers should be aware that criminals aren’t just using desktops to commit fraud, but are also making purchases with stolen credit card information via mobiles and tablets. They should adopt security technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once a device has been identified, its reputation can be assessed in real-time to determine the risk of fraud. Is the device exhibiting suspicious behavior, or it already known to have been used for fraud, money laundering, or account takeovers?

Examining a device’s reputation allows businesses to know which online transactions are trustworthy beforehand, rather than waiting until fraud has already occurred.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Mobile Security on Cyber Monday on Fox Washington. Disclosures

6 More Holiday Shopping Tips

My goal is to not enter a single mall this holiday season. If I can do the majority of my holiday shopping at trusted online retailers, and the rest at Costco, then I’ve done well. To me, malls seem to be places for people with lots of time on their hands to drive around looking for parking spots and then stand in line with other people who apparently all enjoy being annoyed by each other’s pushiness. But maybe that’s just me.

Keep safe and sane this holiday season:

1. Look for indications of online security. Depending on your browser, there may be an icon of a yellow lock at the top of the window, near the address bar, or at the bottom, near the taskbar. If the website is secure, the yellow lock should be closed. Some browsers use a color coding system, displaying red to indicate that a website is not secure and may potentially be infected, or green to indicate that it’s okay.

2. Update your operating system. If your computer’s operating system is out of date, it may invite trouble when heading out to the wild, wild web. Go to your security center to download the latest critical security patches.

3. Update your browser. While your operating system may be up to date, which would mean that Internet Explorer is most likely up to date as well, if you are using Chrome or Firefox, you may need to update manually. Select “About” in your browser’s toolbar to check for updates.

4. Protect your computer with antivirus software. Antivirus protection that includes a firewall will, in most cases, shield you from “drive by downloads” and other malware. Even a major online retailer with a secure website can be vulnerable to criminal hackers.

5. Beware of phantom websites. Criminals love to pull the wool over unsuspecting eyes. One technique is to use “black-hat SEO” to place fake websites at the top of organic search results. Customers who attempt to make purchases via these fake websites are unknowingly transmitting credit card numbers directly to the hackers, and it’s safe to assume they’ll never receive the products they believe they’ve purchased.

6. Check credit card statements often. I still have to search the Internet for the names of unfamiliar retailers that appear on my credit card statements with unauthorized charges. Check your statements online weekly, and refute unauthorized charges within 60 days.

Most major online retailers are already using multiple sophisticated fraud prevention procedures to protect you. Oregon-based iovation Inc. is one hot technology company offering a device reputation service that alerts businesses to suspicious behavior such as someone attempting to hijack your account or use your stolen credentials (and  many others’) to steal from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

Tips to Keep Your Online Shopping Secure

With Christmas coming fast, this is a last ditch effort to enlighten, empower and protect online shoppers.  The abridged source of the following information is from the National Cyber Alert System by US-CERT, a government organization.

How do attackers target online shoppers?

  • Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it.
  • Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites that appear to be legitimate or email messages that appear to have been sent from a legitimate source.
  • Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

  • Use and maintain anti-virus software, a firewall, and anti-spyware software.
  • Keep software, particularly your web browser, up to date – Install software updates so that attackers cannot take advantage of known problems or vulnerabilities.
  • Evaluate your software’s settings – The default settings of most software enable all available functionality. Apply the highest level of security available that still gives you the functionality you need.
  • Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor.
  • Take advantage of security features – Passwords and other security features add layers of protection if used appropriately
  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information.
  • Check privacy policies – Before providing personal or financial information, check the website’s privacy policy.
  • Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information.
  • Use a credit card – There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection for your debit card.
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

Robert Siciliano personal and home security specialist to Home Security Source discussing Cyber Monday on the Mike and Juliet Show.