Sunday, November 26, 2017

Beware of this smartphone scam on Cyber Monday

Here is how to get deals without getting hacked

This Cyber Monday, nearly $11 billion in holiday shopping could be at risk of diversion and theft.

Black Friday and Cyber Monday is a busy time for scam artists.

American shoppers are gearing up for the biggest shopping week of the year, with revenue expected to surpass the $9.36 billion spent over the four-day Black Friday weekend in 2016 — and fraudsters are ready to cash in on it.

Some $10.8 billion in 2017 holiday shopping could be at risk of diversion and theft, according to a study of five leading e-commerce retail brands from cybersecurity company RiskIQ. Think twice before you download the app for your favorite store: More than 32,000 malicious mobile apps are leveraging the names of those five brands to lure customers into scams, the research found, and 1 in 25 mobile apps found under a “Black Friday” search in app stores were unsafe to use.

Emails are already being sent from scammers impersonating brands including Amazon AMZN, +2.58% Walmart WMT, +0.22% Kohl’s KSS, +1.03% Ray-Ban, and Michael Kors offering huge discounts of up to 80% off, a separate report from security company Barracuda networks found.

With attacks becoming more pervasive and sophisticated, consumers have to be cautious when looking for deals online over the next week.

Here are five ways to protect yourself while shopping online:

1. Create unique usernames and passwords

If you are able to remember your password, it’s probably not a great one. Security experts suggest using complex passwords that include a variety of numbers and characters, or long strings of random words. The majority of internet users have dozens of accounts, making it difficult to remember every password. To keep track, use a password manager like LastPass or 1Password, or go the old school route and write passwords down on paper to be stored in a safe place.

Most consumers know by now that using the same password for every site is poor privacy practice, but many overlook the importance of username security, said Shaun Murphy, CEO of online security-focused social platform SNDR. “To keep your online history private from criminals, create a unique username for each website on which you shop. For example, YourName+StoreName is a better username than your name plus a few numbers.”

Consumers who choose to use a password manager should be sure to keep the master password in a safe place. Password managers aren't impervious to hackers (LastPass announced a hack in 2015) so be sure to change all passwords regularly.

2. Monitor your bank account

This time of year, consumers are often making an unusually high number of purchases, so they should be extra vigilant to make sure account activity is legitimate. “A lot of theft that occurs goes unnoticed, and once it is noticed often the goods and services have been delivered,” said Marc Boroditsky, vice president at security app Authy. He suggests turning on notifications to be alerted when purchases are made. “That kind of visibility gives me confidence I can confirm there is not fraud on my account and allows me to participate in the process.”


Many banking apps allow users to set mobile notifications for all account activity. Some vendor sites like Amazon AMZN, +2.58%   also offer the option to receive text message notifications when purchases are made, and the ability to receive status updates on shipments. The influx of alerts may be a nuisance at any other time of the year, but are worth the distraction around the holiday spending season.

3. Beware of odd links

Thousands of malicious mobile apps and misleading landing pages put users at risk of being hacked, according to the RiskIQ study. When shopping online, make sure you are shopping on a store’s actual website before inputting any personal information or a credit card number. Bad web design is a major red flag for scam webpages.

Users should make sure the URL is correct and begins with “HTTPS,” or has a lock symbol next to the web address, which means it is encrypted. Double check promotional emails that advertise deals to make sure the sender’s email routes to the website of the company it is claiming to be (something like info@walmart.com rather than info@walmart.co or info@wallmartcustomerservice.com, for example).

Nearly 30% of shopping is expected to be done on mobile devices this year, which aren’t as safe as once thought: in 2015 it was found that 85 applications had infected users with malware, according to RiskIQ. Nearly 1 million blacklisted apps used the name of one of the top five e-commerce brands in their app titles or descriptions to trick customers. Be sure to only download apps from the official Google GOOG, +0.45%   or Apple AAPL, +0.01%   app stores, and research them well before using them. Don’t rely on reviews alone, as they can be easily spoofed — your best bet is to download apps that are linked on the retailer’s official website if possible.

4. Don’t shop on public Wi-Fi

When making Cyber Monday purchases, be sure to shop on secure Wi-Fi at home, not a coffee shop, airport, or other public network. If you must shop while on the go, use a mobile device with a data plan or a personal hot spot created from your phone. Stand-alone mobile hot spots can also be purchased from phone providers like Verizon. Users shopping by laptop on public Wi-Fi can also implement a Virtual Private Network (VPN) like Private internet Access or Freedome to obscure and protect their web traffic and better ensure security.

5. Use two-step authentication


Nearly every email client now allows users to opt for two-step authentication, which works as a normal login with a username and password but requires a verification code sent through a separate device like a phone for access. This second layer of security is a great way to ensure the only person who signs into your account is you. In addition to setting up two-step authentication on email, Cyber Monday shoppers should check if the retailers they are purchasing from offer their own security measures. Vendors like Amazon and Etsy ETSY, +1.48%   offer two factor authentication -- check out TwoFactorAuth.org to see if the store you’re purchasing from does as well.

This article was written by KARI PAUL, REPORTER and appears at:  https://www.marketwatch.com/story/5-tips-for-safe-shopping-on-cyber-monday-2016-11-21