by: Camilla Taylor
Approximately 180 billion dollars are spent yearly in online transactions. More and more, online retailing has become a staple for shoppers worldwide, not just because of the convenience of being able to browse from one’s home, but also because online shopping can include more research, faster price comparisons, and more customer-tailored products. No longer do consumers have to waste gas in getting to a location, feel rushed into making decisions by sales people, get lost navigating for their specialized product in a crowded store, or have to wrap and ship items themselves. Internet shopping can give a great deal of information at once that a store cannot, like customer reviews, detailed specs, and professional recommendations. Also, unique items that aren’t mass produced can be shipped directly from artists or manufacturers. All-in-all, shopping online is a quick and convenient way to buy goods and services.
While the benefits of shopping online are great, unfortunately so are the risks. Just as a purse might be stolen in the parking lot of a brick-and-mortar institution, identity theft can take place very easily in an online store as credit card information is entered. Identity thieves seek to steal personal information from online shopping sites in order to make purchases in another person’s name. This can result in not only a loss of money from the victim’s financial accounts, but also damage to their credit rating, or even trouble with the IRS or law enforcement. Consumers who shop online will need to understand how criminals can steal their identity, as well as the steps that they can take to reduce their odds of becoming a victim.
Cyber criminals use a wide variety of methods to gain access to an online shopper’s personal information for the purpose of committing identity theft. For instance, they may attempt to intercept data while it is in transit from the victim’s computer to the online retailer’s website. This is referred to as a “man in the middle” attack. They may also attempt to impersonate a legitimate website in order to trick a user into sending them information, which is a technique called “pharming”. Another related technique known as “phishing” involves sending phony emails to consumers in hopes of getting them to visit a fraudulent website. Phishing and pharming can happen in tandem as consumer are emailed and brought to seemingly legitimate sites. Cyber thieves may also send fraudulent emails posing as a bank or an online retailer in order to convince people to reply with personal information. In addition, hackers often attempt to plant malware on people’s computers. Malware, which comes in many forms including spyware, viruses and worms, can send personal information to a criminal’s computer for later use. One type of spyware known as a keylogger captures actual passwords and other information that users enter into websites via keystrokes. Finally, online retailers themselves also frequently come under attack by cyber criminals. These attacks include infections from viruses and worms which are designed to steal entire databases of customers’ credit card and identifying information.
While there’s no perfect technique for stopping cyber criminals, there are steps that online shoppers can take to make it prohibitively difficult for identity thieves to steal their personal information. Users should avoid shopping via a wireless connection wherever possible, as wireless information is easier to intercept than data sent over a network cable. Public networks, like those at a hotel, airport, or convention hall can be used, but do not make purchases while using those networks. Public computers such as library desktops also should not be used for online shopping, or to enter pay information. When shopping on a wireless network, do not log into a network unless it uses WPA2 and AES encryption, and always use a long and complex password. If you have a router or a networked system at home, be sure that that network is locked with a password that is not the same as on your other accounts (such as an email account), that it is hard to guess (not just your birthday in digits, for instance), and that it involves letters and numbers.
Shoppers should never follow links from outside of an online store into the store itself, because this could redirect them to a fraudulent site. These sites can look like remarkably close copies to the actual site. Instead, always type in the company’s website manually in the address bar. When a customer reaches a page where they need to enter personal information and payment details, they should verify that the site is legitimate by looking at the “https://” prefix in the URL line at the top of the web browser, or the lock icon at the bottom of the browser window. Confirm that the name of the site is not something very different from the site you were originally on.
Emails claiming to be from legitimate retailers or banks which ask for personal information, should be outright ignored – don’t even click them. To avoid viruses via email, users should install email filtering utilities, which may come with their antivirus software. Another way to block viruses via email involves setting an email reader program to display all email as pure text. If you have seen any issues like this on your email lately, definitely consider changing your email password as soon as possible to something long and hard to guess. The same often goes for social network sites that have been hacked.
Antivirus software and software firewall programs help to reduce the risk of spyware, viruses or worms entering a computer. Another important means of keeping infections at bay is to keep one’s computer up to date with the latest software updates. These “patches” are updated continuously by major developers often for the sole purpose of avoid massive hacks. If you feel you may have a virus or worm in your system, open your computer in “safe” mode and run scans on your computer with the antivirus software to find any issues.
No legitimate online retailer should ever ask for your Social Security number or driver’s license information. Do not give out your social security number unless the site ends in “.gov”, and even then, be cautious. Full date-month-year birth dates should not be given out to online retailers as well. If you ever see any level of information that you are not comfortable giving out, feel free to call them using their contact information (and often their contact information and support team can give you a clue as to whether or not they are fraudulent as well).
Sometimes even using all of these techniques, identity theft can still happen. So, one of the best and most efficient ways to watch for identity theft is to monitor your bank statement and credit card account for any purchases that you have not made. If an odd purchase has been made, put a security freeze on your account, and contact your bank along with the three major government-approved credit reporting agencies: Equifax, Experian, and Transunion.
Identity theft is a widespread problem for both online and brick and mortar shoppers. However, when it comes to online identity theft, cyber criminals can strike from all over the world. Because of this, online shoppers are exposed to a larger number of predators looking to steal their personal information. Fortunately there are precautions that customers can take which will make them less attractive to online financial predators.
For more information about how to avoid becoming a victim of identity theft while shopping online, please see the following links:
- Avoiding Identity Theft
- Protect Yourself From Online Counterfeit Goods And Identity Theft
- Cyber Monday Consumers: Tips To Shop Wisely Online
- Online Shopping And Preventing Identity Theft
- Watch Out For Good Ol’ Scammer Claus
- Accounting For Dummies: How To Protect Your Identity Online
- Avoid Identity Theft And Other Crimes: Ten Tips For Safe Cyber Monday Shopping
- 10 Tips To Prevent Id Theft While Holiday Shopping
- Identity Theft: Online Shopping Tips
- BBB Advice: Safe Holiday Shopping Online – How to Prevent ID Theft
- Preventing Identity Theft
- Security Tip (ST07-001): Shopping Safely Online
- On Guard Online: Shopping Online
- ITRC Fact Sheet 103 Online Shopping