Stay safe during your next online shopping spree

Anton P. | January 13, 2021

Online shopping is the shortest route for some retail therapy. Despite the comfort, near-endless selection, and speedy deliveries, digital threats can overshadow the ecstasy of a new purchase. Differently from traditional brick and mortar approaches, we have to worry whether our transactions are secure. Consumers submit their financial and personal information, expecting retailers to treat it with the utmost care and respect. Unfortunately, with increasing numbers of scams and data breaches, online shopping needs extra layers of protection.

Online shopping dangers on social media

In the golden age of convenience, online shopping deals pop up everywhere. The digital retail wheel spins ever so powerfully, and consumers have nowhere to hide. However, not all online shopping experiences end on a high note. Glaring examples are fake ads on social media, marketing seemingly legit but discounted products.

Tempted by such counterfeit offers, victims would enter websites, make their purchases, and go their merry way. Until the products arrive. Tricked consumers would receive knockoffs or entirely unrelated goods. In some cases, ordered products would never arrive, leaving users irritated and confused.

According to FTC, a range of online scams start on social media, quickly reaching targeted audiences. Out of all reported hoaxes, 28% were online shopping scams, distributed mostly on Facebook and Instagram.

Specialists emphasize that such deceitful operations exploit the lack of supervision on social media marketplaces. Additionally, the pandemic pushed both consumers and retailers to rely heavily on the digital space. Hence, the available supply complicates the process of sorting legitimate offers from counterfeit ones.

Favorite retailers as baits in phishing

Loyal e-shopping enthusiasts should also stay vigilant when checking their emails or text messages. All forms of phishing still cloud the digital skies and advance at a frightening rate. Reported techniques warn about lookalike websites, imitating pages of legitimate and reliable organizations, in hopes of stealing users’ data.

Since duplicates appear authentic, visitors will feel more at ease about revealing information and making transactions. Unfortunately, owners of fake versions are after consumers’ bank details, personal data, and login credentials.

One such incident took place during the Christmas season, the busiest time for retailers and customers. Crooks imitated well-known brands like FedEx, Amazon, UPS, and many other shippers. The campaign distributed false shipping alerts, warning consumers about postponed delivery until they reroute the packages. Upon clicking links in such emails, users would become ransomware victims or be led straight to fake websites. One of the targets recalled the aftermath of clicking this link. In addition to losing all files stored in the infected device, he became a victim of identity theft.

However, phishing attempts might imitate different scenarios. For instance, fake messages could urge you to rate your shopping in exchange for discounts. Others could invite you to participate in season sales or online contests. Typically, such offers will masquerade as well-known e-commerce players. Before you click on the link or download files from such emails, have undeniable proof of its legitimacy.

Theft of data

Retailers receive and manage extensive data on their customers. Most user profiles contain physical and email addresses, payment card details, previous purchases, and other contact information. Some of it serves the typical ordeal: delivering goods and personalizing recommendations in favor of driving sales. Unfortunately, many companies become examples of inadequate data protection. 2020 also marked a range of data breaches, breaking the trust between consumers and retailers.

  • Slickwraps, a store specializing in vinyl skins for electronics, reported a data breach, affecting more than 850,000 customers. The incident occurred after unknown entities exploited a vulnerability, allegedly reported in a now-deleted Medium article. Slickwraps reported the compromised details: users’ names, physical and emails addresses, phone numbers, and purchase histories.
  • A clothing retailer J. Crew became a victim of credential stuffing attacks, granting hackers access to an unidentified number of accounts. Accounts held the last four digits of credit card numbers, expiration dates, billing addresses, card types, and shipment details.
  • Barnes & Noble, a popular bookseller, suffered a cyberattack, affecting both digital and physical services. According to reports from the company, the data breach potentially exposed billing and shipping addresses, phone numbers, and email addresses.

Hence, anxiety among online shoppers accelerates further when well-known brands suffer far-reaching data breaches. Luckily, there are ways to be proactive and protect your data from cybercriminals.

How can you make online shopping safe and private?

  • Stick to reputable retailers. The pandemic triggered an influx of new online shops and services. When you encounter ads for unknown brands, do not be hasty to purchase their products. Check reviews and popular news outlets for any information regarding the new vendor.
  • Double-check emails from companies you know. Cybercriminals imitate reputable companies to get your attention. However, if you examine the received messages, you will find some red flags. Such notifications usually contain grammatical errors, incorrect capitalization, and odd formatting. If these elements do not trigger suspicion, check the links’ destination by hovering over them.
  • Use credit cards instead of debit cards. Credit cards are superior in the event someone steals from your account. They come with extra protection against fraud, and getting refunds will be easier. Debit cards are different as the process of getting your money back can take much longer. Additionally, they do offer zero-fraud liability, meaning victims can be accountable if they do not promptly report fraudulent activities. Also, credit cards provide better conditions for dispute resolution.
  • Buy via secure websites only. If an online shop does not have a small padlock next to its URL, exit it with ease. HTTPS means that the website uses the proper encryption to secure your transactions. If it features HTTP instead, it is not secure enough to protect your information.
  • Use unique and secure passwords. Ensure that all your online shopping accounts feature different and complex passwords. Such decisions will partially mitigate data breaches, as leaked passwords won’t unlock access to other services.
  • Create email addresses for online shopping. It is best to have a separate email address for creating profiles in online stores. All the marketing offers will end up in it. If some suspicious messages from retailers reach your primary email, you are less likely to react to them.
  • Do not shop when connected to public Wi-Fi. Usually, connections to public hotspots are unsecured, meaning that anyone can snoop on your activities. Hence, online shopping could expose your personal information and credit card details. To obviate such dangers safely, you should get a VPN. Atlas VPN will encrypt your web traffic, making it useless to entities attempting to eavesdrop.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

credential stuffingcyberattackhttps

© 2021 Atlas VPN. All rights reserved.