Holiday Shopping 2.0: buying swimwear and other articles securely online
G Data looks at the tactics used by fraudsters and explains what online shoppers need to look out for
Bogus offers – a source of danger
Criminals send spam email in which the fraudsters offer brand-name goods, e.g. expensive designer brands or medicines, at very low prices. The integrated links lure users either to websites infected with malware or to a fake online shop, where banking and other data is stolen during the ordering process. The victims usually wait in vain for the goods they have ordered.
Fake invoices and delivery confirmations
Online purchases are usually delivered to the purchaser via a parcel service. For this reason, cyber criminals send emails with fake delivery confirmations, messages concerning supposed attempts to deliver and invoices that have been issued. The emails involved are usually designed to look deceptively real, and contain either a malicious file attachment or a link to a fake invoice in a bogus customer service centre. If a user clicks on the file attachment or URL, he will infect his computer with malware. In such cases, the perpetrators rely heavily on spyware, which they can use to spy on passwords and credit card information etc.
Security tips when shopping online for last-minute holiday accessories:
- Look closely: Study the online shop before purchasing and take note of its reputation. This includes reading the general terms and conditions, the legal notice, and checking shipping and any additional costs. Users can also research whether the respective online shop or vendor is known as a 'black sheep'.
- Paying over the Internet: During the payment process, users should pay attention to their browser's security notifications to ensure that data is being transferred in encrypted form. The important things to look out for are: the padlock in the status bar or address line, the 'https' abbreviation before the address you entered and the right top level domain being displayed.
- Straight into the digital recycle bin: Ideally all spam email should be deleted without being read. Users should not open integrated links or file attachments under any circumstances. Links to online banking sites, online shops or payment services should ideally be typed into the browser manually, paying particular attention to spelling mistakes when doing so. Criminals use typo domains to lure shoppers to fake sites.
- Close security gaps: The operating system and the installed software and applications should always be kept up-to-date, and updates and patches made available should be installed promptly. This applies not only to PC users, but equally to smartphone and tablet users.
- Online banking – securely: When using online banking services, you should make sure you use a two-way authentication procedure that is as safe as possible. G Data BankGuard – the only protection against known and unknown banking Trojans – provides additional protection during online payment transactions. This unique technology is integrated into all G Data Generation 2014 security solutions by default. Shoppers using a payment service provider to pay invoices should use a provider that offers buyer protection.
- Use one credit card: People who have several credit cards should generally only use one for online purchases. This means that users can see everything at a glance and only need to think about cancelling transactions on one card in the event of a mistake or fraud.
- Use secure passwords: Users should use passwords that are as secure as possible for all shopping, payment and other user accounts. These should consist of a random combination of upper and lower case characters, numbers and special characters. A separate password should be used for each individual account.