How To Stay Safe Shopping Online
Published November 5, 2020
Neighborhood Credit Union would like to remind our members that we will never contact you in any way to ask for your personal information such as user id(s), password(s), or security questions.
Since October was Cyber-Security Month, I thought it would be a great opportunity for us all to brush up on best practices to stay safe while shopping online. It has become increasingly more popular to shop online over the years, and with the ongoing pandemic many people now depend on it. With this popularity comes the downside: cyber-security attacks. In this article, we will discuss common cyber-security scams and tips on how to stay safe when shopping online.
Common Cyber Security Attacks
While there are hundreds of ways cyber-criminals can get a hold of your personal information, I’d like to highlight the three most common cyber attacks: Malware, Phishing, and Spoofing.
Malware Attacks
Known as one of the most common types of cyber-security attacks, Malware Attacks will attach themselves to legitimate software that is downloaded to the victim's computer without their consent. This type of cyber-attack breaches a network through a vulnerability and could be anything from a questionable link, email attachment, or the ever-annoying popup. Common malware attacks are Malvertising, Trojan Attacks, Spyware Attacks, and Ransomware Attacks.
- Malvertising: Also known as malicious advertising, this attack is a common approach cyber-criminals like to use. A cyber-criminal will buy legitimate ad space to disguise malicious code that will then infect your computer after you click the advertisement.
- Trojan Attacks: A Trojan is a malware attack that hides itself in programs that look legitimate so that fraudsters can gain access to your personal information.
- Spyware Attack: This is a type of malware attack that records and collects data on the victim's computer. The information is stored and then sent to a remote user. Spyware can also be used to download other malicious software.
- Ransomware Attack: A malicious software that infects your computer and displays messages demanding a fee for your system to work again. A ransomware attack gets installed through deceptive links in an email message, instant message, or website.
Phishing Attacks
Another common cyber-security attack that many of us are familiar with is Phishing. This attack is known for sending emails that appear to be from trusted sources to gain personal information or influence victims to do something. A phishing email could hold an attachment to an email that loads malware onto the victim's computer. It could also be a link to an illegitimate website that can trick victims into downloading malware or handing over your personal information.
Spear Phishing is another type of attack that intensely targets victims. Fraudsters will take the time to conduct research and target specific users who may fall victim. For example, fraudsters will create a fake email that appears to be coming from a company the victim made a recent purchase. The email will instruct the victim to click something, and since it looks like a company the victim is familiar with, they are more likely to fall for the attack.
Spoofing Attacks
According to the Federal Communications Commission (FCC), Spoofing is: “When a caller deliberately falsified the information transmitted to your caller ID display to disguise their identity. Fraudsters often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust. If you answer, they use scam scripts to try to steal your money or valuable personal information, which can be used in fraudulent activity.”
Typically, victims of Spoofing will receive a text that appears to be coming from their trusted financial institution. The message is designed to scare the victim into thinking their accounts have been compromised. If the member responds to the text, the fraudster calls the members with a number that also appears to be coming from their financial institution. It is possible that the fraudster will then use the following ways to gain access to the victims' account:
- The fraudster calls the members over the phone and send a passcode via text message. The members must then provide the passcode over the phone. The fraudsters then attempt a transaction that triggers a 2-step verification passcode (such as using the “forgot password” feature or initiating a person-to-person payment transaction) and the passcode is sent to the members via text or email who, in turn, provide it to the fraudsters.
- The fraudster may try to get the victim to download apps that allow for the fraudster to have control of the victim's device. Examples of this type of app are AnyDesk or TeamViewer QuickSupport. We recommend you never download either of these apps at the instructions of a caller.
Once the fraudster has access, they will do as much damage to the account as quickly as possible.
General Safety Tips While Shopping Online
If reading about the common cyber-attacks makes you never want to shop online again, fear not. I’ve done the research and have found the following helpful tips on how to stay safe for the next time you pick up your computer or phone for online purchases:
- Type the site link in directly. Be wary of ads that encourage you to click on links. Buying and creating fake ad space is a common way for fraudsters to get victim’s information.
- Do your research. Make sure you’re buying from a credible source. Research the site and look at reviews. Looking for a physical location of the business and verifying if they have customer service are both great tips in spotting a suspicious website.
- Be careful about what payment methods you use. A general rule of thumb is to use credit cards when online shopping. Credit cards have more consumer protections when it comes to online merchants. It’s also smart to use third-party payment services, such a PayPal.
- Pay attention to the information your giving. When making an online purchase, pay attention to what information the merchant is asking. If you feel you’re giving away too much of your personal information, cancel the payment. If you’re using a site you are not familiar with, do not allow the site to store your payment information.
- Regularly check your bank and credit card statements. Check your accounts frequently to catch any unauthorized activity. An easy way to keep tabs on your account is to set up alerts so that you get a notification each time your card has been used.
Conclusion
I feel it is important to remind you again that Neighborhood Credit Union will never reach out to members and then ask for personal information. If you receive a call from us that seems suspicious, do not hesitate to hang up and physically dial our number to confirm we were trying to contact you.
People fall victim to cyber scams every single day. Simply being aware of the different cyber-attacks can better protect you from falling victim and help you make safe decisions when shopping online.
People fall victim to cyber scams every single day. Simply being aware of the different cyber-attacks can better protect you from falling victim and help you make safe decisions when shopping online.
Skyler has been a Marketing Content Specialist at Neighborhood Credit Union since 2019.
10/01/2020
Get Smart About Debt
09/15/2020
Automated Fraud Alerts at Neighborhood Credit Union
07/20/2020