Today is Amazon Prime Day. It’s a day for deals, and the risk of being defrauded. We asked two cybersecurity experts for their advice on safe online shopping.
According to Samuel Bakken, Senior Product Marketing Manager, OneSpan, “Many of us will be making purchases from mobile devices – according to Statistica, more than 198 million Americans now do so. Whether shopping while on vacation or grabbing a few deals on-the-fly between meetings, it’s especially important for mobile consumers to protect their identities and payment data. With that in mind, here’s four tips to make sure you shop safely during Prime Day and beyond:
- Beware of Doppelganger Wi-Fi Connections: Check your settings to make sure your device doesn’t connect to open, public Wi-Fi networks by default. Also, always make sure you connect to the correct network. Miscreants have been known to spoof resort Wi-Fi connections and give them seemingly legitimate names such as “Hilton Wi-Fi”. However, this trick is not exclusively confined to hotels. On a flight, for example, some airlines offer Wi-Fi connectivity on the plane and attackers may attempt to execute a similar scheme. Make sure you know the name of the legitimate Wi-Fi network you’re trying to connect to and proceed accordingly. Connecting to an unknown network could expose your login credentials and other sensitive data to thieves on the other end.
- Secure your device with a PIN or password: In the event your mobile device is lost or stolen, it’s possible for someone to pick it up, scroll through any open apps and in some cases make purchases through those apps. Protect yourself against this scenario by enabling a PIN or pass-phrase on your device (or even better with biometric authentication such as fingerprint if available).
- Protect Your Login: If an online retailer offers you the option to enable multi-factor authentication, take advantage of this great security enhancement. Amazon allows multifactor authentication via SMS code or an authenticator app. Strong multi-factor authentication can prevent account takeovers, such as the recent ones we’ve seen in the Macy’s and Timehop breaches.
- Mobile Mindfully: Don’t click on any unexpected or suspicious links sent via SMS or other channels, and only download applications from official app stores. Attackers will download new and trending games and apps, insert malicious code and repackage them, and then distribute those doctored apps through unofficial channels. On the face, these apps might look official and legitimate when in actuality it could be an imposter app with malicious code designed to steal personal information, including banking credentials. Malicious apps still make their way onto official app stores, but Apple and Google do apply some screening to stop some of them.
With these mobile shopping tips you’ll reduce your risk of being defrauded so that you can have a fun and safe Prime Day.”
Robert Capps, Vice President of Business Development, NuData Security, a Mastercard company shared, “It’s worth remembering that 40% of all online purchases tracked by NuData Security in June 2018 were bought through mobile – either on phones or tablets.
He added, “It can be tempting to take shortcuts when making mobile purchases, especially if a good deal is only available for a limited time and the clock’s ticking. Just a few simple steps can help consumers shop safely on mobile – on any vendor, both on Amazon Prime day and every day:
Be sure the web address begins with https (not http) on any page where you input data. The https signifies a more secure website, ensuring your data is submitted via encrypted pages and that the environment you’re shopping in is safe – both physically and digitally. If you’re not on a trusted and secured network, consider yourself in an unsafe digital territory. And don’t log on to any online site when you are on an open Wi-Fi connection.
Check your social media accounts regularly. Ensure that information such as birthdays, education, family, friends, pets, home address, etc. aren’t publicly available and that your privacy settings on social media block non-friends from posting to or seeing what you’ve posted. Review which services and sites you have given permission to access your social media accounts. Remove those that are no longer needed or used
- Keep your phone protected. It’s the gateway to a huge amount of valuable personal information. It should be password protected as a safeguard in the event of loss or theft, and the operating system should be kept stringently up-to-date to guard against attacks. Most phones have the ability to be wiped from another device in the case of theft.
- Consider activating alerts with credit bureaus, your bank, and your credit cards. Most banks and credit card companies offer security alerts as a free service. While the processes differ among various credit bureaus and entities, the goal is the same: immediate alerting of any suspicious activity.
- Stay vigilant: Monitor your bank and credit statements regularly, and be on the lookout for any anomalies – including as small as $1 or even a penny. Likewise, if you’ve had a problem logging into your credit card or banking account, call the institution immediately. Consider purchasing credit and identity protection services that can continuously monitor your account and send you notifications should anything go amiss.