Shopping is one of life’s simple pleasures. It’s a way to treat ourselves, and to indulge in a little luxury. And in today’s day and age, shopping online has never been easier — with targeted ads, free shipping, free returns, stores built into Instagram or TikTok, logins saved on your browser and payment information saved on your devices.
Unfortunately, with shopping easier than ever, the attack surface for cybercriminals who are always on the lookout for unique opportunities to scam people and steal their information is at an all-time high. With shoppers handing over personal and credit card information without batting an eyelash to online retailers, cybercriminals are presented with the perfect opportunity to strike.
Fortunately, shoppers don’t just have to cross their fingers and hope threat actors overlook their shopping carts. Here are a few tips that shoppers can use year-round to stay safe and boost their cybersecurity:
1. Avoid shopping on public WiFi
Most people believe using public WiFi is safe by default. Because of this, shoppers find themselves using public and unsecured WiFi networks as they browse retailers’ websites and input credit card information from airports, coffee shops and other public places.
Unfortunately, many networks use cheap routers and access points that lack essential security measures and allow cybercriminals to infiltrate the network. For example, using a public hotspot without protection makes it easy for attackers to sneak malicious software (malware) into your device. Scammers can use this to launch Man-in-the-Middle (MITM) attacks, where attackers interrupt an existing conversation or data transfer to steal login credentials, account details and credit card numbers.
Shoppers should always use a virtual private network (VPN) on public WiFi to hide their information and add an extra layer of protection.
2. Your “lost package” may be just another phishing scam
Most consumers love the convenience of making purchases online and having them shipped straight to their doorstep. But with millions of packages delivered each year, con artists and thieves have developed many ways to steal from shoppers.
People who buy items online typically get several notifications related to that purchase, such as order, shipping and delivery confirmations. Scammers have taken advantage of this, sending shoppers seemingly identical notes about their orders. For example, they may send messages about a missed delivery attempt, urging you to click a link to reschedule delivery, or say an item is ready to ship but the buyer needs to update their shipping preferences.
While these seem to emulate official correspondence from legitimate carriers, like UPS, FedEx and the USPS, the goal is always the same: to steal your data, money and identity. If you click the link, you might unwittingly download malware onto your device and/or be asked to supply sensitive personal as well as financial information.
3. Be cautious when scanning QR codes
Quick Response (QR) codes are two-dimensional barcodes that allow users to streamline the way they do things. They can be used to show product details, track product delivery, to show menus to customers in restaurants, for accessing social media platforms, to transfer money, pay parking meters and much more. Many stores and retailers especially have taken advantage of this convenience by using QR codes to send shoppers directly to their website or offer them discount coupons.
While QR codes have made shoppers’ and retailers’ daily lives easier, they have also opened new avenues for cybercriminals to exploit. For example, in a tactic known as quishing, a cybercriminal will send malicious QR codes via email or post it in public spaces (i.e. on a parking meter or on a table at a restaurant), which then directs users to a phishing site that can expose their login credentials, credit card information and other financial details. Therefore, shoppers should always be cautious when scanning QR codes and make sure that they are actually leading them to the right place.
4. Watch for sneaky malicious links on social media
Social media apps aren’t just a place for people to share photos and connect with friends. Platforms like TikTok and Instagram are rife with scammers looking to prey on young people who are susceptible to buying things they see advertised on the apps.
Cybercriminals, for example, create and distribute malicious links in various forms, such as a pop-up ad on Instagram, oftentimes using sneaky and barely perceptible changes to common URLs that are hard to catch with the human eye (i.e. Amazon.CORN vs. Amazon.com). Once users click these links and get to their sites, they can be exposed to malicious software, viruses and other dangerous content. These links also can leave users susceptible to malware being downloaded on their devices. A cybercriminal can use mobile malware to steal sensitive data from a smartphone or lock a device before demanding payment to return the data to the user or unlock the device.
We all love a good bargain, and because of that, shoppers often fail to take that second look to make sure they are going to a legitimate URL. The safest way to shop online is to go directly to a trusted retailer’s website.
Cybercriminals will only continue to target shoppers, and with these attacks becoming costlier and more relentless, shoppers can never be too safe. That being said, shoppers should be making cybersecurity a long-term priority. It’s important for shoppers to be aware of their digital surroundings and to shop inside a secure digital environment.
Even careful shoppers sometimes make mistakes: maybe you clicked on a malicious link but closed it immediately, or your phone automatically connected to an unsecure WiFi network. Minor missteps like these can give hackers the foothold they need to access your personal and financial information. Shoppers should utilize these practices year-round to not only strengthen their security posture overall, but ultimately make sure their most private assets remain just that — private.
Krishna Vishnubhotla is VP of Product Strategy at Zimperium. He is a seasoned professional in the SaaS industry, specializing in catalyzing startup growth through adept product and marketing strategies. With a keen focus on mobile application security products, he has a proven track record in defining and executing product visions that drive significant revenue growth. In addition to managing a global customer success portfolio, Vishnubhotla established high-value strategic partnerships. His leadership skills extend to spearheading revenue generation efforts, serving a diverse clientele across multiple industries.