When it comes to keeping your card details safe, a lot of online shopping advice revolves around the idea that a padlock in your search bar means the page you’re on is secure. Sadly, that isn’t always the case. From fake sites and fraudulent apps to hi-tech-sounding hacks like SSL stripping, there are a number of things that threaten online shoppers today.
Stolen credit card details have been found for sale online, priced at as little as £1 per set of payment information. With credit card fraud now making up a huge percentage of annual cybercrime all over the world, it’s worth knowing what to watch out for when indulging in digital retail therapy.
Green padlocks don’t always mean security
The faithful padlock symbol that indicates a site is using HTTPS instead of HTTP – a more secure method for your browser to communicate with the site you’re shopping on – isn’t always to be trusted. Though legitimate retailers and banks will do what they can to keep your information safe, there are hacking tactics specifically designed to strip away the security from these kinds of pages without your knowledge.
An ‘SSL strip’ is a type of cybercrime which removes the added security layer from a neatly padlocked, seemingly secure connection, thereby leaving any details you enter online exposed. While this might seem like something you’d spot, the truth is that a clever criminal can easily set things up so that your browser continues to display a secure URL and padlock symbol even while they’re viewing your connection.
To avoid falling foul of an SSL strip while making purchases online, use your own security to keep things locked down even when a website you’re visiting has been compromised. Virtual private network apps, also known as VPNs, are an easy way to add a heavy layer of encryption to all of your data, meaning that even if a site you visit is compromised, nobody but you and the intended viewer can see it.
Watch out for fraudulent sites and apps
Fraudulent shopping sites and apps created with malicious intent are becoming ever more commonplace. In the case of the latter, the risk remains real for iPhone users as well as those with Android devices, despite common claims that Apple devices are safe from threat.
Apps have become popular in sectors as varied as banking and education, and it’s because of this popularity that people have started to create them for data-theft purposes. Fake versions of popular shopping apps, or apps simply designed to look like a great new shopping tool, expose payment card and address details to cybercriminals.
Before downloading anything to your device, look to see who created the app and check whether reviews appear to be genuine – if in doubt, only install apps you can download straight from official websites.
Of course, it is possible to be tricked by a fraudulent site, but these are often more obvious than their app counterparts. Ads on social media that direct users to “too good to be true” shopping deals on known brands… are usually just that. Before purchasing what seems to be a familiar item from an unfamiliar site, think twice.
Poor imagery, generic or badly written text and the use of personal email addresses for contact details (e.g email@example.com) are all warning signs that a site is either set up to steal payment details or is simply selling counterfeit goods.
Avoid public WiFi
Public WiFi networks are great for checking WhatsApp while you’re in an area with poor mobile data signal, but if you’re entering valuable details online, it’s best to wait until you can connect with 4G. Public networks generally offer little to no security, making them a hotspot for hackers who are looking for easy pickings.
As well as spoof networks, which are set up by criminals under names like “Free Cafe WiFi” to tempt users into logging on, genuine networks simply fail to offer a high enough level of encryption to stop your details being intercepted if someone tries.
If you can’t resist the urge to shop ‘til you drop and there’s only a public network available, you can once again add your own security through a VPN app. Switch on before you shop, and a layer of encryption will be added to your data in spite of the network you’re on.
Use a good password for online accounts
Finally, something that should never be overlooked: your passwords. The simple act of setting up complex passwords can be really important in defending yourself against the theft of personal details, particularly when it comes to shopping accounts. Whether you have passwords that are easy to guess or are simply reused across multiple accounts, this is a common weak area in people’s protection that’s very easy to resolve.
Password reuse can be tempting, but more and more are companies being targeted for attack. It only takes one retailer to be compromised and expose a reused password before all of your accounts become accessible. Use passphrases and passwords that combine letters, numbers and symbols to make them harder to hack.
If, like most people, you struggle to remember numerous complex passwords, try using a password manager to remember them all for you. This is a much smarter move than sticking to the same old thing and means you only have to remember the login details for your management app rather than details for every site and service you use.