By STEFAN MODRICH
While Black Friday and Cyber Monday have come and gone, online shopping is increasingly a part of the holiday shopping experience. Fewer people are choosing to venture out among crowds of people in malls and shopping centers due to the COVID-19 pandemic.
But with the convenience of one-click orders and scrolling through wish lists comes the responsibility to remain vigilant and safe online, said Rashmi Sheel, a cybersecurity expert in Sugar Land with CMIT Solutions, an Austin-based computer support company with four locations in Greater Houston and more than 150 across the U.S. and Canada.
Sheel referenced a report from the Federal Trade Commission (FTC) that recorded 15,000 online shopping complaints in April and nearly 19,000 in May.
“Many of these consumers, they said that they responded to an ad, you know, on social media, and they ordered but the items never arrived,” Sheel said. “And 94 percent basically identified in their complaints that they were shopping through ads on Facebook or Instagram’s platform. Hackers are becoming very advanced in their methods to obtain compromised information. The tactics are constantly changing, especially with changes in our lifestyle habits. Hackers are taking advantage of the situation and they are very creative. So, again, a lot of people are spending time online. So are the hackers.”
Another report issued by the FTC in October found that Americans lost more than $134 million on scams originating on social media in 2019, and through the first six months of 2020, that number had climbed to $117 million and the number of complaints of such scams has more than tripled compared to the previous year.
Sheel said she generally works with manufacturing, engineering and financial institutions, but some of the same advice she gives her clients is applicable to consumers as well. And though consumer fraud tends to make the most headlines, she said small business owners are among the most frequent victims of scams and also need to be vigilant when managing their online commerce as well. According to Verizon’s 2020 Data Breach Investigations Report, 43 percent of cyberattacks were against small businesses.
“Consumers should be more aware while they are shopping online,” Sheel said. “Right now, people can basically do shopping from anywhere, use any device. But then they have to kind of be aware of their identity, and basically, protect their passwords on tablets or smartphones.”
Below are some of Sheel’s tips for a secure online shopping experience:
- If working on a shared computer, lock the screen before moving away from it.
- Avoid storing passwords on your browser.
- Be sure the URL at the top of your browser contains a lock symbol with HTTPS at the start of your web address, that ensures your connection is encrypted and keeps personal information like credit cards or passwords private.
- Be wary of emails, texts, online ads, or websites that offer heavy discounted or free items.
- Look very carefully for the sender’s email address or any odd language in the email.
- Avoid shopping online with a debit card and use a credit card instead if possible.
- Use a password manager to generate and store complex, unique passwords.
Sheel also urges caution when downloading shopping apps on a mobile device, and suggests searching for Google reviews or Amazon reviews from users.
“If you don’t know a brand, be very careful about it, go look up the brand name’s reviews or Google the brand name with word scam next to it,” Sheel said. “So if there is a store that has been open for less than six months, it may be a red flag. So look for the history and the review of the seller. When the reviews have been written, there should be a period of time, not just a bunch of reviews that appeared on the same day, and it could be a red flag. So always shop from sellers that you know, or have been reviewed consistently.”
Another tip: Use a credit card instead of a debit card, because Sheel said it is crucial to not provide any more information than you need to when shopping online. Additionally, a credit card is a more flexible payment method and offers you more options if your data is compromised.
“This limits your personal liability in the case that it is a scam, or data gets stolen, at least you know you have the ability to block a transaction and dispute it on your credit card,” Sheel said.
If a deal appears too good to be true, Sheel said, that’s because it likely is a scam.
“Never click links in (suspicious) emails or ads, because sometimes these links will download malicious software onto your computer,” Sheel said. “It could be malware, it could be ransomware. So don’t click on the links. Instead, go to the URL, type in the address and if you have a good antivirus or anti-malware (program), it will most probably detect it.”
Sheel also recommends virustotal.com, a free website that detects fake URLs from legitimate public ones and can also scan downloaded files for viruses.
If you suspect you have been victimized in an online shopping scam, COVID-19 related or otherwise, there are several avenues to report wrongdoings.
You can file a complaint or suspicious online activity with the Internet Crime Complaint Center, www.ic3.gov, with the FTC at reportfraud.ftc.gov or the FBI by visiting fbi.gov and contacting your local field office.
Not all hackers are sophisticated, Sheel said, but it is still important to remain cognizant of the risks of working on a public or unsecured network.
“(Hacking) is a lucrative way to kind of get into the dark web,” Sheel said. “There are people sitting in basements looking for somewhere to get easy money. Even small businesses or residential people, we all have tax information or computers, but if we are in an unsecured network, and they are able to access your system, the hacker will try to maximize their financial gains. So in this day and age, we can’t say it’s just a larger organization or government, it is all of us who are vulnerable to attacks.”