Security Matters: Holiday Buyers Beware
POSTED: DECEMBER 10, 2012
Internet retailers expect over 50% of all holiday purchases to be made online this year. So, how can one buy online safely without being taken to the cyber cleaners?
Twelve Simple Tips – for online holiday shoppers:
- Protect your computer – Your computer should always have the most recent operating system patches applied, anti-virus and anti-spyware software updates installed, and a firewall turned on and kept on.
- Only shop on trustworthy websites – Check the seller's reputation and record for customer satisfaction (via the Better Business Bureau or the Federal Trade Commission). Confirm the online seller's physical address and phone number in case you have questions or problems.
- Use strong passwords – If you need to create an account using a password with an online merchant, be sure to create a strong password. Use more than 8 characters (if possible) with a combination of numbers, special characters, and upper and lower case letters. To really safe, don't use the same passwords for online shopping websites that you use for any other account. And never share your password.
- Don’t use public computers or free Wi-Fi – Public computers may contain malicious software that steals your credit card information when you place your order and criminals often steal credit card numbers and other confidential information from people using public wireless networks (like at a coffee shop.).
- Beware of deals that sound too good to be true – Offers on websites and in unsolicited emails can often sound too good to be true, especially extremely low prices on hard-to-get items. Consumers should always go with their instincts and not be afraid to pass up a "deal" that might cost them dearly in the end.
- Beware of "phishing" – Legitimate businesses do not send emails claiming problems with an order or an account to lure the "buyer" into revealing financial information. If you receive such an email, pick up the phone and call the contact number on the website where the purchase was made to confirm that there really is a problem with the transaction.
- Confirm your online purchases are secure – Look in your internet browser’s address box for the "s" in “https://” and in the lower-right corner for the "lock" symbol before paying. If there are any doubts about a site, Right-click anywhere on the page and select "Properties." This will let you see the real URL (website address) and the dialog box will reveal if the site is not encrypted.
- Pay with a credit card – It's best to use a credit card because, under federal law, you can dispute the charges if you don't receive an item. You also have dispute rights if there are unauthorized charges on their credit card and many card issuers have "zero liability" policies under which you may actually pay nothing if someone steals the credit card number and uses it.
- Keep documentation of your order – After completing the online order process, there should be a final confirmation page or you might receive confirmation by email. If so, save a copy of the Web page and any emails for future reference and as a record of the purchase.
- Check your credit card statements often – Don't wait for paper statements. Check your credit card statements for suspicious activity by either calling the credit card companies or by checking statements online regularly.
- Know your rights – Federal law requires that orders made by mail, phone or online be shipped by the date promised or, if no delivery time was stated, within 30 days. If the goods aren't shipped on time, you can cancel and demand a refund. There is no general 3-day cancellation right but you do have the right to reject merchandise if it's defective or was misrepresented. Otherwise, it's the company's policies that determine if you can cancel the purchase and receive a refund or credit.
Additionally, understanding the online retailers’ shipping, return, warranty, and refund policies before you shop may save you hours of offline heartache later.
If you have questions about computer security or have ideas for future topics, please feel free to contact me at Michael.Carr@uky.edu.
Michael Carr is the UK Chief Information Security Officer.