- Do not reuse passwords. Websites get hacked all the time and your account will be released to criminals who will then try to use it against you. Always use unique passwords for each online account you have.
- Use a direct path. Links on websites and in emails can be spoofed, making you think you’re clicking through to the intended site. Instead, go directly to the retailer’s website or use bookmarks to ensure you’re going right back to where you want to be.
- Spot the scam. A product or service may look good on the site, but how do you know it’s legitimate before you buy? Consumer watchdogs like the Better Business Bureau can help you check if a business is legitimate — before you give them your credit card number.
- Look for the s. These days, a legitimate shopping site should be using HTTPS rather than HTTP. (The S stands for “secure.”) Look in the upper corner of the screen for the HTTPS and the lock icon.
- If you get a confirmation email about an order you don’t recall placing, go directly to that retailer’s website to verify its legitimacy. All too often, scammers will trick users into clicking links in emails to check tracking on an order that was never actually placed by the consumer. If the user would’ve gone directly to Amazon’s site they could’ve avoided having malware placed on their computer.
- Use privacy.com to generate one-time card numbers for each online account. You can set spending limits, manage who is able to charge the card, and close the card at any time. This is especially helpful during the holidays as cyber crime and credit card fraud skyrocket around that time. If, by chance, a retailer that you’ve used this card on gets breached, the scammer can’t use this card anywhere else AND the only retailer you have to call to give a new card number to is that particular one.
If your organization makes regular online shopping purchases, consider using Privacy.com cards and train your employees on what to look for in these phishing scams. Don’t have time to train your employees on their role in your organization’s cyber security strategy? Our security awareness training covers detecting/preventing this trending phishing attack, as well as many others.