With the gift giving season coming up, many people will be doing their holiday shopping online. In fact, Americans will spend an estimated $61 billion shopping online this holiday season. Even mobile shopping is up 25% since last year.
With all of this online shopping, lots of personal information—phone numbers, home addresses, and credit cards—will be flying around the Internet. This personal data translates to dollars for cyber criminals who are gearing up for the heavy traffic and increased online sales in the upcoming months.
Protecting Your Data
Even though brick-and-mortar stores like Target and Home Depot have been targets of data theft over the last year, ecommerce transactions are also vulnerable to attacks. In addition, online shoppers are vulnerable to scams like phishing or fraudulent websites, Man-in-the-Middle attacks, spam/phishing emails, pop-ups, social engineering attacks, and fraudulent charities or causes.
Once you give an online retailer your information, it’s their job to protect the data that you gave them, so it’s important that you be careful who you trust with your information online. But how do you know who to trust? How do you know if a site is legitimate and if you should give them your data?
How to know if a Website Is Secure
Before giving any information to a website, you should make sure it is secure. Below are some quick tips that you can use to tell if a site is secure.
Check the SSL Certificate
Look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate (the s stands for secure). SSL Certificates secure all of your data as it is passed from your browser to the website’s server. To get an SSL Certificate, the company must go through a validation process.
However, there are a few different levels of validation—and some of them are easier to get through than others. The lowest level of validation, Domain Validation (DV), simply validates ownership of the domain and not the legitimacy of the organization requesting the certificate. In other words, if you bought the domain “amaz0n.com” and requested a certificate for it, you would get the certificate because you own the domain.
The highest level of validation, Extended Validation (EV), is the safest and most extensive. With Extended Validation the company requesting the certificate has to prove their identity as well as their legitimacy as a business. You can tell if a site has an EV certificate by looking at the address bar. Browsers show a green address bar with a lock icon for websites with EV certificates, as shown in the picture below.
Look at the Domain
Cyber attackers will sometimes create websites that mimic existing websites and try to trick people into purchasing something on or logging into their phishing site. These sites often look exactly like the existing website.
Let’s use the same example as before: a cyber attacker purchases the domain “amaz0n.com” and sets up a website at that location that looks exactly like the amazon.com website. They buy a DV certificate for their website and try to trick users (by using phishing emails or other methods) to purchase items or log into their accounts on the mimic phishing site.
To avoid these kinds of attacks, always look at the domain of the site you are on. If you get an email from your bank or other online vendor, don’t click the link in the email. Type the domain into your browser to make sure you are connecting to the website where you intend to be.
Look for Signs that the Company Is Real
There are a few signs that you can look for to help you know if a company is real or not.
Physical address and phone number – If the company lists a physical address and phone number there is a higher chance that they are a real business. Reputable companies will list their information so you can contact them if there is a problem.
Return policy – Reputable sites should list their return policy as well as their shipping policy. If you can’t find these policies on their site, you probably don’t want to purchase from them.
Prices are too low to believe – It’s great when you find a bargain, but you should be wary of sites that offer products for prices that are far lower than they should be. You could end up with knock off merchandise, stolen goods, or not get anything at all.
Privacy statement – Reputable sites should tell you how they protect your information and whether they give your information to third parties. You should make sure a site has a privacy statement and read it before you make a purchase.
Be Safe Out There
Shopping online is extremely convenient and can make finishing up your holiday gift list quick and easy. But falling victim to an online scam or data theft would ruin anyone’s holidays. Make sure you stay safe online and protect your information by following these quick tips during the holidays, and throughout the year.