Stay safe when shopping online

In anticipation of increased spending this holiday season, many retailers will kick off their sales a few days early.

As a result, cyber criminals will be hard at work during this period in an attempt to lure consumers with online scams, says Doros Hadjizennonos, sales manager at Check Point Software.

"Consumers can expect to face more malicious applications, techniques and exploits to mobile and portable devices.

"This includes botnets and worms that will infect the devices over Bluetooth / WiFi / NFC / drive-by-download, spyware that will track shoppers' locations, and data espionage," says Hadjizennonos.

In order to avoid becoming a statistic, Hadjizennonos has compiled a list of recommendations that consumers can follow to evade holiday security threats.

Shoppers should use caution when clicking on e-mail links from retailers for offers, even if they appear to be from a large organisation. Malicious links could infect consumers' computers with malware or direct them to a phishing site designed to steal information, Hadjizennonos says.

He advises that shoppers go directly to the company's Web site to determine the legitimacy of an offer.

When paying online, Hadjizennonos says consumers should verify that they are on an SSL-secured site (the Web address will start with https:// and have a little padlock icon next to it).

"Web sites that are SSL-secured will encrypt sensitive information, such as credit card numbers, during the transaction. You can also click on the padlock icon to verify the identity of the certificate owner."

Customers should not respond to e-mails or text messages claiming they have won a contest or sweepstakes that they never entered, Hadjizennonos warns.

These types of phishing scams, called smishing scams, are commonly distributed by e-mail, but are now infiltrating mobile phones, he said.

Hadjizennonos advises that consumers ensure their browsers are updated with the latest version. This will help prevent cyber criminals from taking advantage of vulnerabilities in older versions.

He adds that customers could also consider disabling Java, as it is battling a slew of security vulnerabilities. This will sacrifice some Web sites' functionality, but will prevent potential drive-by download attacks that could infect PCs.

Hadjizennonos suggests that shoppers consider using "virtual credit cards" for online shopping instead of actual credit or debit cards. These are temporary or disposable digits that are issued by banks or credit card companies for free or for a small fee.

Virtual credit cards can typically only be used once or have a limited amount of money on them. The advantage of virtual credit cards is that a consumer's actual bank account is not at risk if a cyber criminal gets hold of the virtual credit card number, he adds.

Many retail sites require an e-mail address to set up an account, to log in, and to make purchases. Hadjizennonos suggests that shoppers set up and use a separate e-mail account for holiday shopping transactions. This lowers the risk of personal information being stolen, he says.

"Monetisation of stolen information is rising and last year's successes encourage criminals to keep pursuing.

"The Internet is becoming accessible to a larger population with no awareness or understanding of the threats; the human factor remains susceptible to social engineering attacks," says Hadjizennonos.

"Everybody is flying somewhere, expecting a package, or just responding to authority. Social engineering remains an important enabling factor for attackers."

Finally, consumers should ensure their security software is running and is up to date. At the very least, they should pick a solution that includes anti-virus and a two-way firewall, he concludes.