Online Shopping Safety Guide

1. Antivirus software isn’t always effective

This is one of the biggest security mistakes online shoppers make. New computers typically come with antivirus software pre-installed. The new owner figures that means the machine is good to go, then proceeds to surf indiscriminately – figuring the software will act as a bodyguard and fight off any attackers.

That’s not always true for several reasons:

• The antivirus software that comes on new computers is a trial version only (unless you specifically purchased it with the machine). Once the trial expires or the subscription period ends, you’ll have to pay to keep the protection in force. Just having the software doesn’t do the job. It must be activated and live.
• There are a number of ways antivirus software can get turned off. Whether you shut it down on purpose to install another program successfully, it gets turned off accidentally, or a cyberattack shuts it down – if it’s not on, it’s not protecting you.
• Antivirus programs are good, but they aren’t perfect. It’s possible a new virus has yet to be identified and added to the library of threats, for instance, or that a software update failed and you didn’t get the most current information.
• Updates are essential. To do the best job, your antivirus software needs the latest data. That only happens via updates.

No tool is perfect, but a robust antivirus program is an essential. You should never go online without that first and persistent line of defense.

Windows users should see this announcement (graphic above) when opening the Windows Defender app.

Here are the steps to take to make sure you have this base covered:

• Check your machine now to make sure you have an antivirus program installed, and that it is turned on and updated. If you have a Windows 10 machine, you probably have Windows Defender pre-installed. It is sufficient. If you have an Apple machine, you will have XProtect, Gatekeeper, and a malware removal tool. Never make the mistake of thinking Apple products don’t need antivirus. They do. To get the best price on top-rated commercial antivirus software, search Coupon Chief.
• Once you’ve determined you have antivirus and it’s turned on, check to be sure it’s updated. Then check to be sure the options are set to keep the software updated automatically. If you’re unsure how to do any of this, use a search engine to find out, or go to the manufacturer’s website and look for Help.
• Rinse and repeat. Get in the habit of checking your antivirus program often. To strengthen the capabilities, search for and install a reliable anti-malware program alongside your antivirus. It will give you broader protection and find things your antivirus program misses.

Having a virus checker that’s updated and turned on is an excellent starting point – but it’s only a starting point. You need to protect yourself on the other four levels too.

2. Do you really know what you’re clicking on?

Soldiers know one of the favorite tricks of the enemy is to bury explosives along the road or trail. It’s a 24/7 way to catch someone off guard and exploit the situation. Cybercrooks do the same thing. They don’t use artillery shells or high-explosive charges for their landmines, though, they use clicks… YOUR clicks.

Whether on a website or in an email, it’s important to be vigilant at all times. The call to action might be “Get 50% Off” or “Unsubscribe from this mail,” but things aren’t always as they appear. To see where a link actually points, hover your mouse over it and look in the corner of your browser window, usually the lower left. You’ll see the address pop-in there.

For example, scammers often send emails that claim to be from or represent Amazon, PayPal, your bank, or another site you trust. There will be an offer that’s difficult to refuse and one or more links to click on.

Here’s a screenshot of one that was recently delivered to my inbox. To save space, I’m just showing you the main part. The mail sender appears to be Amazon.com. There’s a graphic below the text that shows a present tied with a golden ribbon and urges me to get my “FREE $50 Amazon.com Gift Card.”

Sounds great, right? All it takes is 30 seconds to earn a $50 gift card. If I hover over one of the links, though, I can see it doesn’t point to Amazon at all – or to a research company that would be working for Amazon. Rather, it points to a free .gq domain registered in Equatorial Guinea. Symantec Corporation, a security giant, says 99% of the domains from .gq are ‘shady.’ I think I’ll pass on that 50 bucks. Would you?

Taking the trap further, what would happen if you DID click on that link?

Don’t try this at home, but I used an incognito browsing window with fingers at the ready to close the browser if something went haywire. I expected to see a questionnaire that would mine for as much data as the crooks could pull from me – up to and including a credit card number.

Rather, I got the popup shown below:

Would you click on the “Accept” button? I didn’t. It may be just a scam to get me to buy magazine subscriptions… or it could be a quick route to downloading malicious files that would steal my information or harm my computer. Note the Amazon.com logo is used on the upper right. Just because something LOOKS official, that doesn’t mean it IS official.

Threat levels have escalated with the rapid growth of internet speed capabilities. It may take only a few seconds for the crooks to push their code to your machine. Those few seconds could cause major upheaval to your life. Don’t risk clicking on risky links. Always hover to check that a link is going to a familiar, friendly website you trust.

• Hover over the link before you click to see where it will take you if you click. Beware of scammers who use subdomains to fool your eyes. For instance, amazon.sqtzr.com is probably not an Amazon property. Amazon links should go to amazon.com. The part before the dot is the root. Anyone can set a subdomain (the part before the root) to “amazon.”
• Social media posts often contain links that have been changed and shortened to stay within character limits or look better. For instance, the Coupon Chief Guide to Extreme Couponing lives at this address: https://www.couponchief.com/extreme_couponing. We can use a link shortener, though, to make it more concise. Like this: http://bit.ly/couponextreme. Try clicking on both links. Note that they resolve to the same page. You can use a URL expander to find out where shortened links go. If you aren’t sure about the safety of a site, use a tool like Norton Safe Web to investigate it.
• Just as you would be careful about where you go in an unfamiliar city, pay attention to the neighborhood when you’re surfing the web. If you enter a site and get a pop-up wanting you to click a link, stop and close the window, then clear your cache. For maximum safety, follow that by closing the browser, then restarting your computer. Never click a link you’re unsure of, regardless of what the link says.

Common traps include pop-ups saying your computer has been infected with a virus and you must click (or call a phone number) to fix the issue, ‘Unsubscribe’ links in emails that really aren’t unsubscribe links, and pop-ups or emails saying you’ve just won a prize and must click to claim it. As with most things, if it sounds too good (or bad) to be true… it probably is.

When you see a popup like this one (see above) … don’t click. Close the browser, clear your cache, and restart.

3. Every download is a potential landmine

You don’t always have to be tricked into downloading malicious files. Sometimes, you go looking for it. Special dangers are sites offering software, music, or videos for free. ‘Torrent sites’ are especially prone to deliver more than you bargained for in the way of headaches.

Crooks often use greed to catch their victims. They’ll provide a site that will allow you to bypass payment and get a pirated copy of something that would normally cost quite a bit. You may (or may not) get the goods you wanted, and you open yourself up to getting files or code you didn’t want. Do yourself a favor, and don’t take the bait.

Another favorite trick of spammers and scammers is to provide illegitimate links next to good links. That increases the chance you’ll click on something that will either trick you into a download you didn’t want or produce a form to collect information from you.

As mentioned earlier, if you find yourself in a suspicious neighborhood… get out fast. Here’s some tips:

When you click “Okay” to install a file, you’ve no control over what happens next. With many malicious files, you don’t even need to acknowledge the installation. It happens automatically. It’s also possible you won’t know anything’s going on at all.

Place it safe. Be smart. If you need a program, pay for it… otherwise you may pay a whole lot more than you ever intended.

The hacker who accessed Sarah Palin’s Yahoo email account (see screenshot from WikiLeaks above) said “it was easy.” All he needed to do to reset the password was enter her birthday, zip code, and where she met her husband – all readily accessible and guessable with targeted searching online.

4. Be careful of where you leave your digital footprints

Remember: it may feel like just you and your computer are there when you’re online, but that’s a false sense of security. Don’t fall for it.

Every post you make on social media, every website you visit, and every form you enter information into can be a collection point for thieves and scoundrels.

If they can collect enough personal data from your posts, they may be able to ask for a password reset and access your secure locations. Identity thieves and neighborhood break-in artists love social media. You tell them everything they want to know there – including when your home is going to be vacant for an extended period, your mother’s maiden name, and the make of your first automobile.

How can you protect yourself? That’s easy: stop doing that. Wait until you’re home from vacation to post those photos, and never respond to those chain letter inquiries that require you to reveal everything down to the color of your underwear.

Your digital footprints are like your tracks in wet sand. They tell everyone exactly where you’ve been. The digital version doesn’t get washed away with the tide, though. They’ll be there for a long, long time.

Not only does that give potential employers a candid window to check up on what you look like apart from a resume, your online tracks give marketers and cybercrooks an excellent means of finding out more about you.

You’ve probably heard about online ‘cookies’ and how they can be both helpful and harmful. If you need a refresher, here’s an excellent resource that explains how cookies work and how you can manage them: What Are Cookies?

Digital footprints are the reason why you can read about vacationing in Europe, then begin seeing European vacation ads follow you around online. Sometimes, that can be helpful. Other times, it can be downright bothersome.

But advertising targeting won’t hurt you nearly as severely as cyberattack targeting. The more the crooks know about you, the better their chances of tricking you into making a mistake and entering the lair.

Hackers don’t spend much time hacking. Mostly, they collect information to get ready for the hack. Make that difficult for them to do, and they’ll move on to an easier mark.

5. Your passwords say a lot about you

What’s the most common password used? Nope, it’s not “password.” That one now sits at number eight. Last year’s most-often chosen protector of the digital kingdom was “123456.” Running close behind, in second place, was “123456789.”

How hard would that be to break?

Computerized password cracking machines are relatively inexpensive and can allow thieves to access your account in seconds. And if you use the same password for multiple accounts, that means one key fits all.

Don’t try to be cute with passwords. Be safe. You wouldn’t hand out keys to your home indiscriminately, and you hopefully won’t put a key under the doormat.

Passwords pay a huge part in online security. Use them well.

SPECIAL RESOURCE:

Get this cheat sheet to compare the top password managers: [Password Manager Cheat Sheet].