5 Cyber Monday Tips For Hacker-Proof Shopping
Americans spent some $263 billion shopping online in 2013, with over $2 billion spent on Cyber Monday alone. This year is on track to be even bigger.
But as you shop for the perfect holiday gift, hackers are shopping for you. This time of year is rife with email scams, deceptive advertising and criminals lurking to steal information from vulnerable devices and unwary shoppers.
"Increasingly, the bad buys are not targeting weaknesses in your computer, they're targeting the user," Brian Krebs, cybersecurity expert and author of "Spam Nation," told CBS News. "They try to make you do things that are not in your best interest."
So what do you need to do to keep your accounts as safe and secure as possible while you're scouring the Web for today's best deals? Here are five smart ways to stay one step ahead of the hackers.
1. Get email savvy
Email isn't the first thing on a digital shopper's mind while hunting for deals -- but maybe it should be.
"Email is the Achilles heel of security," Marc Boroditsky, president of the cybersecurity start-up Authy, told CBS News.
"Never ever click on a URL you receive in an email, especially one from a merchant or bank ... no matter how persuasive that email looks," warned Steve Bellovin, a computer science professor and cybersecurity expert at Columbia University.
Cyber Monday is primetime for phishing, where hackers send you a forged email to trick you into clicking on the link and entering your login and password onto a fake site, which they control. The easiest way to avoid a phishing scam? Just don't click. Instead, type the URL of the site you want to visit directly into your browser.
It's also important to keep your email clean.
Your inbox is a treasure trove of private information. It's full of password reset links, bank statements and other pieces of sensitive information that hackers can use to get access to your money. They can even use seemingly innocuous emails like birthday cards and party invitations to learn your date of birth, home address and other details that could enable them to answer security questions meant to authenticate your identity.
Boroditsky said that there is a simple way to prevent hackers from getting emails you don't want them to have: "Delete them, and proactively manage your email."
2. Use a credit card rather than a debit card
Most issuers of both credit and debit cards will tell you that you're not liable for fraudulent charges -- and technically that's true.
"You don't need to worry so much about your credit card. Nobody will charge you more than $50 if there is fraud, and nobody does that anyway. Just be sure to check your credit card transactions," said Bellovin. If you report fraudulent transactions, "banks and stores are liable for fraud, not you."
The difference is that fraudulent charges can take time to recoup, and while that may be a nuisance when it happens on your credit card, it can be much more complicated if it happens on your debit card, which is linked directly to your checking account.
"Not everybody's got millions of dollars in their bank account. You wake up one morning and your account's cleaned out, and maybe you just sent your rent check in or your mortgage payment or your car payment and all these checks bounce," Krebs mused. "Who's gonna pay for that?"
3. Practice "good password hygiene"
The new mobile payment system Apple Pay uses your fingerprint to verify that you are who you say you are. But laptops, desktops and most mobile payment systems still rely on passwords to authenticate your identity, so experts urge consumers to practice good password hygiene.
"The risk of Cyber Monday extends back to other tools you use, where you open yourself up to potential risk," Boroditsky lamented.
According to Bellovin, "password reuse is a much worse danger than weak passwords are."
Passwords you use on shopping sites should never match passwords you use for more sensitive sites, such as your bank, social media or cloud storage.
If you have trouble keeping all your passwords in order, password managers, such as LastPass, will organize them for you and give you one master password to access them all.
4. Beware of phantom sites
"One of the biggest mistakes online shoppers make is they search for the store with the lowest price," Krebs said. Comparison shopping is one thing, but a sudden unbelievable deal might be a coupon to nowhere.
"This time of year we always see the same thing -- a whole bunch of phantom stores just pop up. They're there for a couple of weeks, then disappear with your credit card and your money and you don't get anything," Krebs explained.
However convincing a site might look, a deal that seems too good to be true probably is. Try to stick to stores you recognize.
Krebs allowed that getting lured into a fake store is a common mistake, and easy to make, and that it's very hard to tell if a site is legitimate without checking its registration records to see how long it's been online.
One good rule of thumb for confirming that you are on a legitimate site is to look for "https://" at the beginning of the URL and other evidence that the identity of that site has been confirmed by a third party security firm.
5. Keep your browser up to date
Keeping your browser up to date will do more for you than make sure you don't have any glitches interrupting your digital shopping spree (though that certainly counts for something). It can also keep you safer.
Krebs said that most people are familiar with operating system updates intended to protect your computer from viruses and malware, "but a lot of folks don't get that the bad guys have actually moved to targeting the browser because that's the way most people interact with the Web. Increasingly they're targeting vulnerabilities in the browser, all these little programs that plug into the browser -- Flash, Adobe Reader, that stuff."
He stressed that it's crucial to keep up with the monthly security updates that come out for these add-ons, closing off that avenue of threat.