Nov. 17, 2020
Contact: Eric Stann, 573-882-3346, StannE@missouri.edu
The views and opinions expressed in this “for expert comment” release are based on research and/or opinions of the researcher(s) and/or faculty member and do not necessarily reflect the university’s official stance.
As more people are shopping online for the holidays, especially during the COVID-19 pandemic, they can unknowingly become prime targets for cybercriminals to steal their online data, such as credit card numbers and other sensitive personal information.
University of Missouri cybersecurity expert Ronny Bazan-Antequera offers five tips for people to help protect themselves from becoming a cyberattack victim while shopping online.
“The upcoming holiday season is the most important season for cybercriminals who will do everything they can to steal your data,” said Bazan, an assistant teaching professor for the Information Technology program in the Electrical Engineering and Computer Science Department. “In previous years, the number of malware attacks had major peaks during the holidays. As more people are shopping from home this year, we could see an even larger spike in cyberattacks.”
Research the company.
Social media ads can look like they were personally designed for someone based on what social media groups they’ve joined, photos they’ve posted and what content they’ve interacted with on social media. But before making a purchase, do an independent online search of the company’s name. If the company has an online presence outside of social media, read their privacy, return and complaint policies. Also, check to see if there are any user reviews about the company or Better Business Bureau complaints.
Check for the security certificate.
When making an online purchase, pay attention to the URL. While many smaller companies rely on a third-party vendor for the transaction, others may request customers input their credit card information directly on the company’s website. If so, make sure the beginning of the URL reads “https” and not just “http.” The addition of the “s” ensures the data will be encrypted with a security certificate and should be accompanied by a small lock icon next to the URL. Without the “s,” anyone can see a person’s information, and that information will not be protected from outside hackers.
Think before clicking on a link.
Anyone can create an email resembling the look and brand of a well-known company, so take an extra step and verify it before clicking on a link. Hover the computer mouse over the link to see the actual website destination. Look for anything odd such as a misspelling or missing letter. Even if the website looks right, be cautious — hackers know how to create fake sites that can look legitimate. If the email contains a discount tied to a person’s account with a company, go to the actual website and log in to view it. Also, don’t download something claiming to be a coupon without first verifying that the email is coming from a trusted source.
Transferring money to others electronically.
Transferring money electronically is safe as long as the company involved with the transfer is trustworthy. For unfamiliar websites or apps, do some research first before signing up for an account and understand whether there are fees associated with the transaction. People can also wire money through a bank or send a gift card.
Safely donating money to charities.
Apply the same principles when donating money as shopping online. Make sure the website has the security certificate before starting a financial transaction. Do your homework and research unfamiliar charities before giving. If an email arrives from a charity asking for money, don’t click on a link without making sure the URL goes to the charity’s website or goes directly to a secure donation page.
Editor’s Note: To arrange an interview with Ronny Bazan-Antequera, please contact Eric Stann at 573-882-3346 or stanne@missouri.edu.
Pronunciation key: Ronny Bazan-Antequera is pronounced RAHN-nee Ba-ZAHN AHNT-tah care-uh