Cybersecurity Tips for Online Shoppers During the Holidays

eWEEK SECURITY ANALYSIS: Consumers cannot be too careful when shopping online. Hackers are sitting in wait for excited buyers who unknowingly use fake-front sites that can come back to bite them.


With the upcoming Black Friday/Cyber Monday holiday shopping season beginning this week, cybersecurity experts with Juniper Networks and Gurucul offer advice for consumers.

Consumers cannot be too careful when shopping online. This is the time of year when not only many businesses make up for lack of sales earlier in this pandemic-riddled yearthus the "Black Friday" nomenclaturebut when bad actors know that their potential victims sometimes buy impulsively and excitedly and aren't always paying attention to the websites they use.

Always, always check the URL of the site you're on, and make sure it represents the company you want to patronize. A pair of respected IT security experts offer their advice here in this eWEEK security feature.

Saryu Nayyar, CEO of Gurucul

Saryu-Nayyar, CEO, Gurucul

Malicious actors know people are more likely to open emails with timely subject lines, and the COVID-19 pandemic has led them to create new and clever phishing schemes using subjects related to the pandemic, unemployment, stimulus and vaccine trials.  These emails will frequently offer links for more information, such as discount offers or perhaps even to register as a potential vaccine recipient. It’s important not to follow any of the links or open any attachments, as they often contain malware designed to steal your personal, financial or credit information.

  1. Avoid online shopping scams by shopping on secure sites. Cyber Monday deals can save consumers lots of money, but they can also scam them out of serious money as well. One of the biggest (and FIRST) indicators of a potential Cyber Monday scam is a website with no SSL certificate. Check the URL, and if it is missing an “s” after the “http,” then the site is not secure and you should shop elsewhere.
  2. Check out as a guest. Constantly entering in the details of credit card numbers, shipping and billing addresses, etc., can be tedious, but it will help avoid the headache of having to deal with credit card theft. Consumers should never store credit card information on a website unless they are 100% sure it is secure to do so. And even then, it’s not a guarantee that the merchant can protect customer data from all the bad actors.
  3. Avoid online shopping over public WiFi. Checking out the latest Cyber Monday bargains at the airport coffee shop sounds like a great way to kill time before a flight. However, it is strongly advised that consumers avoid using public WiFi when doing online shopping. Hackers use open networks to access devices, so avoid a sneaky WiFi scam by waiting until you’re on a secure network.
  4. Monitor bank accounts. This should be a no-brainer, but with the chaos surrounding the holidays, hackers are depending on consumers to forget to monitor their transactions. Many of us depend on our banking institution’s fraud monitoring software to alert us if an unusual transaction is made. However, it’s easy for small transactions for small amounts of money to go unnoticed. Make a note to check your accounts daily for extra fraud protection and financial safety during the holidays.
  5. Watch out for malvertising (malicious advertising). When scouring the internet for the best online shopping deals, shoppers are bound to be shown a plethora of advertisements. Cyber-criminals use “malvertisements,” such as bogus pop-ups or alert warnings, to prompt users to click. Once they click or load a bogus web page, they unintentionally install data-stealing malware that infects their system. Consumers can cut their risk by installing an ad-blocking browser plug-in and setting their browser to flag malicious content.

Mounir Hahad, head of Juniper Threat Labs at Juniper Networks:

Mounir Hahad, Juniper Threat Labs

To protect themselves on Black Friday, Cyber Monday and throughout the holiday shopping season, here are three ways consumers can protect their online security.

  1. Don’t register at every website. They don’t need to host your PII or payment data.
  2. Think twice about signing on through Google or a social media account. This gives away much more data than many would care to share.
  3. It’s difficult at this time of year to remember every website you use, but keep track of those you’re using for the first time or have only infrequently used and monitor your charge card data.