Shopping Safely Online
December 12th, 2007US-CERT has published an article with tips to shop online safely. There are a number of special precautions that shoppers should take to avoid becoming a victim from various online attacks. Here’s an excerpt from the article produced by US-CERT:
How can you protect yourself?
- Use and maintain anti-virus software, a firewall, and
anti-spyware software - Protect yourself against viruses and
Trojan horses that may steal or modify the data on your own computer
and leave you vulnerable by using anti-virus software and a firewall
(see Understanding
Anti-Virus Software and Understanding
Firewalls for more information). Make sure to keep your virus
definitions up to date. Spyware or adware hidden in software programs
may also give attackers access to your data, so use a legitimate
anti-spyware program to scan your computer and remove any of these
files (see Recognizing and
Avoiding Spyware for more information). - Keep software, particularly your web browser, up to
date - Install software patches so that attackers cannot take
advantage of known problems or vulnerabilities (see Understanding
Patches for more information). Many operating systems offer
automatic updates. If this option is available, you should enable
it. - Evaluate your software’s settings - The default
settings of most software enable all available functionality. However,
attackers may be able to take advantage of this functionality to
access your computer (see Evaluating Your
Web Browser’s Security Settings for more information). It is
especially important to check the settings for software that connects
to the Internet (browsers, email clients, etc.). Apply the highest
level of security available that still gives you the functionality you
need. - Do business with reputable vendors - Before
providing any personal or financial information, make sure that you
are interacting with a reputable, established vendor. Some attackers
may try to trick you by creating malicious web sites that appear to be
legitimate, so you should verify the legitimacy before supplying any
information (see Avoiding Social
Engineering and Phishing Attacks and Understanding Web
Site Certificates for more information). Locate and note phone
numbers and physical addresses of vendors in case there is a problem
with your transaction or your bill. - Take advantage of security features - Passwords and
other security features add layers of protection if used appropriately
(see Choosing
and Protecting Passwords and Supplementing
Passwords for more information). - Be wary of emails requesting information - Attackers
may attempt to gather information by sending emails requesting that
you confirm purchase or account information (see Avoiding Social
Engineering and Phishing Attacks for more information). Legitimate
businesses will not solicit this type of information through
email. - Check privacy policies - Before providing personal or
financial information, check the web site’s privacy policy. Make sure
you understand how your information will be stored and used (see Protecting Your
Privacy for more information). - Make sure your information is being encrypted - Many
sites use SSL, or secure sockets layer, to encrypt
information. Indications that your information will be encrypted
include a URL that begins with “https:” instead of “http:” and a lock
icon in the bottom right corner of the window. - Use a credit card - Unlike debit cards, credit cards
may have a limit on the monetary amount you will be responsible for
paying if your information is stolen and used by someone else. You can
further minimize damage by using a single credit card with a low
credit line for all of your online purchases. - Check your statements - Keep a record of your
purchases and copies of confirmation pages, and compare them to your
bank statements. If there is a discrepancy, report it immediately (see
Preventing and
Responding to Identity Theft for more information).