There is something innately exciting about going shopping online and waiting for your purchase to arrive, it’s like you’re expecting a gift — even though you payed for it! The latest stats prove how popular ecommerce is: in the U.S. alone, 51% of Americans prefer to shop online and 96% have made an online purchase in their life. In fact, ecommerce is growing 23% year-over-year with online orders increasing 8.9% in Q3 2016. Breaking it down to generational trends, 67% of Millennials and 56% of Gen Xers prefer to shop on online rather than in-store and Millennials and Gen Xers spend 6 hours per week shopping online. That’s a lot of hours and it gets better… 43% of online shoppers have made a purchase in bed; 23% at the office; and 20% from the bathroom or in the car (a big plus for mobile commerce). The trend is especially popular during the holiday season when Americans will spend an estimated $61 billion shopping online.
With all of this online shopping going on, lots of personal information is flying around the net — from home addresses, to phone numbers, and credit cards. Also, for cybercriminals to hack your password is easier and quicker than you think. They can use it to further their attack surface and gain access your personal and financial data, which translates into money for them. So, how do you know if you can trust the site you’re about to divulge your personal information to and handover your hard-earned cash on a platter?
Protecting Your Data
While brick-and-mortar stores like Home Depot and Target have been victims of data theft, ecommerce transactions are also vulnerable to attacks. Furthermore, online shoppers are susceptible to scams like fraudulent websites or phishing, Man-in-the-Middle and social engineering attacks, spam/phishing emails, fraudulent charities or causes, and op-ups. There are many online scams to be aware of!
Once you give an online retailer your information, it’s technically their job to protect it, but it’s your job to know who to trust and whether a site is legit or not in the first place.
Tips to Know if a Website is Secure
Before handing out any information over to a website, here are some tips to tell if it’s secure or not:
- HTTPS Not HTTP
If the URL of a website begins with “https” not “http,” it means it has passed an “SSL Certificate” (the “s” is for “secure”) — a validation that as your data passes from your browser to the website’s server, it’s secure. However, there are levels of validation some of which are easy to crack. Domain Validation (DV), the lowest level of validation, just confirms that an organization owns a domain, and as such, requested a certificate. It has nada to do with its legitimacy. Extended Validation (EV), on the other hand, offers the highest, safest, and most extensive validation level. Here the company requesting the cert has to prove their identity and that their business is legit. To tell the difference, look at the site’s address bar — for sites with EV certificates, browsers show a green bar with a lock icon.
- The Domain
Cybercriminals may create phishing sites that convincingly impersonate an existing websites (say the attacker uses the domain amaz0n.com, buys a DV certificate, and designs it to look exactly like amazon.com) to trick people into logging in or buying something using a variety of methods such as phishing emails. To know the difference and avoid these scams, always check the domain of a site, type the intended domain name into your browser yourself, and don’t click links in emails you receive from your bank or other online vendor.
- Look for Signs that the Company is Real
A real company will provide a physical address and phone number so you can contact them if necessary. Reputable — and real — sites also list their return and shipping policy. Also, if the prices are too good to be true, they probably are — items listed could be stolen goods, knock-offs, or non-existent. Lastly, reputable sites should reveal their privacy statement confirming exactly how your information is protected and whether they pass it on to third parties. Read the details!
While shopping online is extremely convenient and more fun than fighting your way through hordes of holiday shoppers at the mall, falling victim to online scams or data theft is less so. Stay safe online by protecting your information with a long, strong and secure password (even use a double authentication method to add a supplementary layer of security), by using free antivirus software like Window’s — some outperform those up for purchase), and remember, think twice about the personal info you dish out on sites — you never know whose watching or whose lurking behind it.