(No Ratings Yet)

Loading...

• Facebook
• Twitter
• LinkedIn
• Mail

November 23, 2016 Comments closed

How to Stay Safe Shopping Online During the 2016 Holiday Season

in ssl certificates

Don’t be taken advantage of this holiday season – follow these tips

The Holiday Season is upon us, and with it comes tidings of joy, season’s greetings and lots and lots of identity theft.

Identity theft?

Yes, lots of identity theft. And fraud. And plenty of other malfeasance on the part of cybercriminals.

You see, the Holidays, for all the joy they bring, also present a considerable opportunity for hackers and cybercriminals to exploit people online. Think about it, you probably don’t like leaving your house before the table is even cleared on Thanksgiving to go get that door buster deal. You’re probably not a fan of camping out all night to be the first into the store on Black Friday.

Granted, some people legitimately enjoy navigating the Holiday crowds on the busiest shopping day of the year.

But, online retailers like Amazon, along with the advent of Cyber Monday, have given consumers a solid alternative to braving the craziness that comes with Black Friday. And then of course there’s the regular online shopping that occurs in the months leading up to the Holidays.

It all comes together to create the perfect environment for scammers and hackers to commit acts of fraud, steal people’s identities and conduct a whole range of other Grinch-like, malevolent online activity.

So with that in mind, here are some tips to help you stay safe when shopping online this Holiday Season:

Learn to Look for Visual Indicators

Here’s the deal, phishing scams continue to rise in prevalence each year. You probably already know this, but if you didn’t, a phishing scam is one where a third party tries to get you to divulge personal information that they can then use to their benefit. That could be via email or with a fake website.

We’ll get to email in a second, but on the web, here’s a good first trick for weeding out potential scams: check the visual indicators in the website’s address bar.

Any real business or organization will likely have an SSL Certificate installed on their website. If they do, it will be reflected in the address bar with a padlock icon and the connection will be hosted over HTTPS (instead of just HTTP). If you see those two things, it means the website you’re on uses encryption. That doesn’t necessarily mean you can trust that website, but it’s a good first step.

If a website doesn’t have those visual indicators, it means it’s not encrypted. So if that site asks you for any personal information—don’t give it out! That holds especially true for login pages and checkout pages. If you’re logging in or checking out at a site and it doesn’t have a padlock icon and HTTPS in the address bar, then there’s a good chance you’re about to get scammed.

Click the Padlock

Here’s another great trick. That padlock icon is clickable, meaning it will display information about the website you’re on if you click on it. This is incredibly useful.

Now, without getting too granular, there are three kinds of SSL Certificate, Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV). One of them, Domain Validation, is far less trustworthy than the other two.

OV and EV Certificates require a company to undergo what is called “Business Authentication.” During the process the Certificate Authority (CA) that is issuing the Certificate is required to check the company’s business details in order to verify that it is a real, legitimate organization.

If you click on the padlock and under the certificate details it gives information about the company that owns the site (i.e. name, location, etc…) then you are visiting a legitimate website and you have nothing to worry about.

However, if company information is missing you need to be very skeptical. All one has to do to earn a DV SSL Certificate is prove ownership over a domain. This means that almost anyone could be running this website—even though it is encrypted. So if you’re about to buy a $400 smartphone for ten bucks at a website with a DV Certificate, be very careful. You might be about to get scammed or have your identity stolen.

Look for the Green Address Bar

The easiest way to ease your fears about where you’re shopping is to look for the green address bar. The green address bar is not actually green anymore – it used to be – now it just displays a company’s name and country in green text next to the URL. Still, this is an indication that the company in question has invested in Extended Validation SSL.

EV SSL carries with it a number of benefits, but at the top of the list is that green address bar. It cannot be faked. It cannot be duplicated. When you go to a website and see it, you can have 100% certainty that you are indeed at the right place. And almost all of the largest companies have them too.

If you see a green address bar, you don’t even need to click the accompanying padlock, you already know who you’re dealing with. You know that your information will be transmitted safely, and that you’re not being scammed.

Green means go.

Listen to Your Browser

The Browser community is constantly crawling sites, flagging malicious activity and doing everything in its power to keep you safe. So let your browser do its job.

For starters, make sure you have the maximum security settings enabled. There are entire guides on optimizing your browser’s security features available, but to keep it brief, enable the settings that prevent your browser from freely transmitting information about you, disable anything that tracks you across the internet, be careful about cookies and keep your privacy settings high.

Also, if you get a warning about a website you’re trying to visit, heed it! Google, Mozilla, Apple and Microsoft all do a solid job of flagging the sites that are involved in mischief, obviously they can’t catch everything, but chances are if your browser is telling you you’re not safe on a website—you’re not safe on that website!

Be Careful with Email

This is one of the more obvious tips on the list, but be careful with email this Holiday season. You may be signing up to a lot of extra sites’ mailing lists for discounts or promotions around this time of year and that means you could miss a few attempts to phish or scam you that slip through the cracks.

Most mail services have good spam filters, and some are even beginning to mark mail delivered from unencrypted servers, but when you’re opening email always be as skeptical as possible. If you don’t know the sender, don’t open attachments. If you think you know the sender, make sure that this is something they would actually send (email accounts get compromised all the time).

And if a retailer sends you something questionable, and its flagged as being from an unencrypted server, discard it immediately.

Use Common Sense

And finally, just use good common sense. If you’re seeing a product advertised at a huge markdown – like a $20 iPad – it’s probably a scam. As the old saying goes, if it seems too good to be true—it probably is.

Cybercriminals are incredibly creative. They know how to make fake websites that look identical to the real thing. They know how to create emails that look just like real ones. They’re always finding new ways to lure you into giving them personal information, clicking bad links or surrendering your login credentials.

Sometimes the best defense is just good common sense. We all want to score an amazing deal, but be realistic. Cybercriminals know that, they’re trying to exploit that desire. Always try to use common sense.

Wrapping Up

We hope these tips help you to stay safe shopping online this Holiday Season. In reality, it’s a shame we even have to put together a list like this at all. But keep these tips in mind and you should be able to shop for your friends and family without fear of being taken advantage of.

And from all of us at The SSL Store™, Happy Holidays!