Cybersecurity For Dummies, 2nd Edition
Book image
Explore Book Buy On Amazon
Some scams cyber-criminals use to target online shoppers seem to persist for years. This likely indicates that people are continuously falling prey to the scams, thereby encouraging criminals to keep using the same forms of trickery over and over.

Look here to discover some straightforward tips on how to keep yourself — and your loved ones — safe when using the internet to shop, as well as how to avoid common cybersecurity mistakes.

cybersecurity graphic © GoodStudio/Shutterstock.com

Cyber-protect yourself and your family on the internet

To cyber-protect yourself and your family, make sure everyone in your family knows that they are a target. People who believe that hackers want to breach their computers and phones and that cyber criminals want to steal their data act differently than people who do not understand the true nature of the threat. 

The following tips help you protect your data and keep yourself and your family safe from Internet scams: 

  • Protect your devices. At a minimum, run security software on every device you use to access sensitive information. Configure your devices to auto-lock, and to require a strong password to unlock them. Don’t leave your devices in insecure locations, and install software only from reputable sources, such as official app stores and official vendor and reseller websites. 
  • Protect data. Encrypt all sensitive data and back up often. If you’re unsure as to whether something should be encrypted, it probably should be. If you’re unsure as to whether you back up frequently enough, — you, like most people, probably are not. 
  • Use safe connections. Never access sensitive information over free public Wi-Fi and consider avoiding using such Internet access altogether, especially from any device on which you perform sensitive activities or access sensitive information. The connection provided by your cellular service is likely far more secure than any public Wi-Fi, and such connections can usually be shared by multiple devices if you turn on your phone’s “mobile hotspot” feature. 
  • Use proper authentication and passwords. Every person accessing an important system should have their own login credentials. Do not share passwords for online banking, email, social media, and so on with your children or significant other. Get everyone their own login. Make sure you use strong, unique passwords for your most sensitive systems. 
  • Share wisely. Do not overshare information on social media or using any other platforms. Crooks look for such data and use it to social engineer people. Oversharing exposes yourself and your loved ones to increased risks of being targeted by scammers or of having your identities stolen. 

Avoid common cybersecurity mistakes

Here are some of the common cybersecurity mistakes people make. These mistakes make hacking easier than it should be, and therefore, also help criminals commit cybercrimes. 

  • Thinking it cannot happen to you: Every person, business, organization, and government entity is a potential target for hackers. People who think they do not have anything of value and “why would hackers want to attack me?” often act without proper diligence and learn quite quickly how wrong their perspective is. 
  • Using weak passwords: Despite ubiquitous warnings not to do so, a large number of people still use weak passwords, such as “123456” or “password” — as evidenced by the lists of compromised passwords publicized on the Internet after various breaches. If you use  the same password on a sensitive site that you used elsewhere, or use another form of weak password on a sensitive site, you dramatically increase the risk to yourself of an account being compromised. 
  • Not using multifactor authentication when it is available: All major social media platforms, Google, Amazon, and most major financial institutions offer some form of multifactor authentication capabilities. Multifactor authentication can, in the case of a password compromise, make all the difference between an account being breached and it remaining secure — yet, even today, many people still refuse to take advantage of the security benefits provided by multifactor authentication even when the features are offered for free. 
  • Not running proper security software: Modern security software dramatically increases the odds of a person fending off a whole slew of potential cybersecurity problems, including malware, breaches, spam overloads, and others. Yet, many people still do not run such software on each and every one of their computers (including laptops, tablets, and smartphones), while others run software but fail to keep it up to date, thereby undermining the potency of their product to protect against the latest (and, often, the most dangerous) threats. 
  • Not keeping software up to date: Many operating system and software updates contain fixes for security vulnerabilities discovered by researchers (or hackers) in prior releases. If you do not keep your software up to date, you’re likely to leave your devices vulnerable to attack. Worse yet, once a vendor publicly describes a vulnerability that it has fixed, criminals may seek to create exploit scripts to search for, and target, unpatched machines. 
  • Failing to exercise good judgment: The weakest link in the cybersecurity chain is almost always a human being. Whether it be by clicking a link that should not have been clicked, sending money to a fraudster who sent a bogus email impersonating one’s boss, installing a rogue app, downloading a pirated copy of a movie, or through some other imprudent action, human error often opens a cyber can of worms, and provides criminals with the ability to inflict far more harm that they would have been able to on their own. 
  • Not learning the basics: People who suffer from a medical condition, or whose loved ones do, typically learn about the condition to ensure that proper treatment is administered and that unnecessary danger does not result. When it comes to cybersecurity, however, many folks choose to remain ignorant, thinking that, somehow, if they pretend that there is no danger to them, such will be the reality. 
  • Not hiring a pro: When serious cybersecurity incidents occur, people (often individuals or small business owners) often try to address them on their own. Doing so is not much different than trying to treat a serious medical condition without going to the doctor or defending yourself in criminal court without a lawyer. Hackers, malware designers, and other cybercriminals are skilled and arm themselves with significant knowledge. If you’re locked in a de facto battle against them, you want a pro on your side, too. 

Common cyber scams targeting online shoppers

Cyber-criminals use some common scams to target online shoppers, but you can protect yourself from internet scams easily. 

One simple technique: If you ever receive any communication from a retailer, shipper, or any other party related to an online shopping order, an amazing deal, or other matter that you want to look into, do not click links in the message or open associated attachments. Open a web browser, go to the website of the relevant “sender,” locate its contact information, and contact it directly to ask about the message you received.

The following are common cyber scams that target online shoppers:

  •  “There are problems with your order” emails (or text messages): Criminals often send mass emails that appear to come from an online retailer and that inform recipients that a problem is preventing the store from shipping the order and that the recipient must take action to receive the order. Such emails often contain a link to a bogus website that collects, at a minimum, login information, such as usernames and passwords, for the retailer’s website.
    Such scam emails aren’t normally targeted — they simply impersonate major retailers. Criminals rely on the fact that a large number of people who receive such an email message are likely to have placed an order with the impersonated retailer in the not-so-distant past.
     
  • “There are problems with your payment method” emails (or text messages): Similar to the preceding scam, criminals send mass emails (or text messages) that appear to come from an online retailer and that inform recipients that a problem occurred with the payment method used to pay for an order — with instructions that the recipient submit new payment information via some web page.
    Recipients who had, in fact, recently placed orders, are likely to be caught off-guard, and some will likely click through. Of course, the page that collects that new payment information — sometimes along with login credentials to the retailer’s site — is simply a tool for stealing credit and debit card numbers, along with potentially other data as well.
     
  • Delivery-service problem emails: Criminals send emails that appear to come from a major delivery service and that inform the recipients that an issue of some sort occurred with a delivery, and that the recipient must take action to have delivery reattempted.
    Of course, these messages either deliver malware via attachments or direct users to phishing or malware-spreading websites; they certainly do not help people get any items delivered.
     
  • Bogus deal emails, social media posts, or web links: Criminals frequently either send via email or post to social media or deal websites all sorts of “amazing” offers, which often seem too good to be true. A 5-inch Samsung OLED television for $100?! A brand new 13-inch Mac laptop for $200?! While some such deals may be legitimate — and, if they are advertised by a major reseller, you can check on the website of the relevant seller to determine that — the overwhelming majority are not.
    If the seller is a major reseller and the deal is not legit, the email may link to a bogus site or be spreading malware. If the seller is a firm that you have never heard of, the whole store may be a scam — collecting payments, for example, and never shipping the goods for which the payments were made, shipping defective goods, or shipping stolen goods.
     
  • Fake invoice emails: Criminals send what appear to be invoices from online stores for purchases costing significant amounts and note the sale amounts were charged to the recipients’ credit cards.
    These “invoices” scare people into thinking that they somehow unintentionally placed an order, were charged more than they expected for some item, or were somehow defrauded by someone using their credit card number. This can lead the recipients to contact the seller by clicking links that the sender, of course, conveniently included within the invoice message.
    These links, however, bring the user to a site that either captures information, installs malware, or both. Sometimes the invoices that are sent via email are included as attachments and, you guessed it, contain malware.
     

About This Article

This article is from the book:

About the book author:

Joseph Steinberg is a cybersecurity and emerging technologies advisor with two decades of industry experience. Steinberg is one of only 28 people worldwide to hold the entire suite of advanced information security certifications (CISSP, ISSAP, ISSMP, and CSSLP). He has invented various cybersecurity-related technologies, which are cited in more than 400 U.S. patent filings.

This article can be found in the category: