Cybercriminals take advantage of more intense periods of online shopping to put into practice old ways of attacking customers
With the Black Friday proximity and soon after Christmas, and with the announced the “Good Old Man”arrival, who really strip the beards are cyber criminals. After all, as bad as the economy seems to be, Brazilians will not stop shopping, and the Internet will certainly be the most used channel, whether for price, transportation or simply for convenience. Let’s agree, on the Internet, just a few simple clicks and that wonderful shoe, or your dreams purse, will be on your way to your house in a few seconds. At least imagine!
But be aware that criminals may be lurking, not to intercept your beautiful fashion shoe, but to get something even more valuable: your Credit Card details. In 2014, Brazil recorded a 197% increase in attacks on Internet networks compared to 2013; is what the Center for Studies, Response and Treatment of Security Incidents in Brazil (CERT.br), linked to the Internet Steering Committee in Brazil (CGI.br), points out. Attempts at fraud were the first occurrence place. CERT.br received 467,621 in 2014, five times more than in the previous year.
Classic phishing attacks (an Internet fraud type used by cyber criminals to entice users to voluntarily provide their data – usernames, account passwords, and other personal information – by creating fake sites that mimic online resources, popular), like fake bank and store pages, grew by 80%. False sites not related to financial activity increased by 73%, and attacks on web servers increased by 54%, totaling 28,808 reported cases. It’s really alarming.
But stay calm, your Black Friday and Christmas shopping can be saved. Although the numbers are facts, and somewhat worrying, these statistics should not stop you from doing your shopping online. You just have to have a good “common sense” dose and follow some practical advice, or what we call good shopping practices on the Internet. So follow these basic guidelines and you can shop online with more confidence and less risk.
Here are 11 practical tips on how to have security in online shopping; and ensure that the good old man list does not bring disorder to his financial life:
1 – Use familiar sites: Always start your purchases for a reliable website, instead of making purchases using a search engine. Unfortunately, search results can be manipulated to divert them, especially when you browse and go ahead the desired site first pages/link. If you know the site, the chances of being a fraud are much lower. We all know www.amazon.com and the offers amount they have on your site; in the same way, most of the largest Brazilian magazines also have an online store. Be very careful with misspellings or sites using a different domain (.net instead of .com.br, for example). These are the oldest and most successful tricks. Note that sales on these sites may seem more attractive since it is from this that they induce you to purchase.
2 – Observe the famous PADDLE: Never, ever, buy anything online using your credit card on a site that does not have at least SSL encryption installed (Secure Sockets Layer). Do not worry as it is easy to identify, the site URL will always start with https:// (instead of just http://). Also, a closed padlock icon appears in the status bar, usually at your browser bottom, or in other cases, to the right of the URL in the address bar. It will obviously depend on the browser used.
Never, never e-mail your Credit Card information
3 – Search information of the company: By definition, every company, properly and properly established, must have a CNPJ (National Registry of Legal Entity) number to operate. Thus, it is
possible to obtain this number through a service called “who is?”. In order to do so, just go to the address http://registro.br/ and with the store URL, click on the “Who is” option. In possession of the CNPJ, go to http://www.receita.fazenda.gov.br and access the menu: Corporate> CNPJ> Registration Proof. There, enter the CNPJ number, and you will have access to information such as the company name, and especially, the date it was created. It is not uncommon to find companies claiming to have more than 10 years in the market, when in fact they were opened last month. You are no longer a fraudulent consumer, or would you say, a victim of this system; always look for the company CNPJ, if it is not on the site, call directly there.
4 – Check your Credit Card Statement: Do not wait until the next month beginning to verify that your purchases have been posted to your card correctly. The vast credit card operators majority, and especially the debit card provider, make online postings available. Make sure there are no undue charges that indicate fraudulent or malicious action, even if they come from trusted sites. If something irregular is identified, pick up the phone and resolve the issue immediately. In the credit cards case, as the payments are made on a monthly basis, you have up to 30 days to notify the operator/bank about the deviation, after that period you will take over the purchase. With the online payment services advent such as PayPal, PagSeguro and MoIP, it is possible to keep your credit card information stored on a secure server while you make your purchases, without having to provide your financial information to the retailer . In this case, pay attention only to the fees charged, and your acceptance in the local and foreign market.
5 – Much attention to Security Seals: Where there is need, there is opportunity, and in this context, we notice a real Security Seals flooding the online shopping sites. They adorn the sites footers with their coats and glittering padlocks in the “inoculating” expectation into the prospective future client, the assurance that their transaction will be as safe as if it were held in a physical store. Mere mistake. Although legitimate and legitimate sites make use of them, any malicious website can display them also without any burden; in fact any website on the Internet can display the image you want. Exceptions aside, their vast majority does not guarantee anything, and especially, can not be challenged as to their legitimacy. So make the search use. There are several sites reporting other users experiences while they perform their purchases on a particular site. Although the truth is debatable, they serve as a thermometer that they may eventually face in similar situations. Finally, read the Privacy Policy and understand what they do with your data, after all you do not want any telemarketing calling you 50 times a day to sell something.
6 – Use strong passwords: We all know how important it is, however, we still use common passwords, since complex passwords are harder to decorate than your son or wife’s birthday, don’t you agree? Even worse, not content, we use the same password for several different services. Opt for non-mnemonic passwords, which use high, low, special characters and have at least 8 digits. There are hundreds of programs with dictionaries ready to crack common passwords, no longer a sameness victim.
7 – Think Mobility: See how interesting: a quarterly “Mobile Commerce State” survey details that in Brazil 10% of purchases occurred via smartphones and 4% in tablets. The report also indicates that the transactions share via mobile in Brazil should reach 22% by the end of 2015, in the world average this number should correspond to 40%. Again, there is no reason to panic and to discard your tablet or smartphone, the “charade” here is to use applications provided directly by retailers, (Amazon, Submarine, Drop, etc.) and made available via Apple or Play Store. Use the apps to find what you want, then make the purchase directly, without having to access the store’s website
8 – Make sure you are using a safe device: If your computer is not protected against malicious software, chances are your financial information and passwords will be stolen (and everything else you store on your computer). This concept is so basic, but only a small fraction of the population protects their computers, whether out of ignorance or sloppiness. Use a secure connection and always have an antivirus, antimalware, and personal firewall installed on your computer. If you use a wireless network, make sure it is encrypted, after all cyber criminals are always on the lookout.
9 – Do not use public Wi-Fi to make purchases: With the Internet popularization, compelled by the Federal Government National Broadband Program (PNBL), it is increasingly common to have free access in a public square or in a small store. However, what seems to be free can become an unimaginable cost to an ordinary or unprepared user. Whenever you enter personal information using a public network, be aware that your information may be stolen. Most Wi-Fi hotspots do not encrypt the trafficked data, so any cyber criminal with a small tools arsenal can easily access your information while sharing the same WiFi hotspot. The same goes for smartphones and tablets. Be well aware of the risk and assess whether it is not worth waiting until you get home to make that purchase that seems to be imperative and unavailable at that time.
10 – Gift cards, last-minute salvation: Gift cards are, and always will be, many people lifeline, and with the Christmas closeness, it will become indispensable; this year will be no exception. Be very careful with the shops that offer this service; make sure that the store is legitimate, that the person will use the card only in the store object of purchase, and that this will not require too much information of the gift, so that this one enjoy your gift.
11 – Too Good to Be True: Who has never received an unmissable offer to purchase their dreams cell phone, or even a lightning discount coupon for their treat in an electronics store. Social engineering is still the most successful cyber criminals method, since it acts directly in one of the most human being susceptible senses – that Desire one. Beware, very carefully, with any online store that promises a price well below the market. If the value is too low, consider whether the merchant operates by legal means; if the item matches the brand and model desired or is a cheap substitute; if you will be able to return goods eventually damaged; if the trader will not bill you by selling your financial information, and so on. The same applies to the e-mails and discount coupons received, some including people known, who allegedly made a purchase and indicated it for a solidarity discount. There is no free lunch.
It is a fact that at Christmas the “good old man” only presents those who do the right things in the right way. So if you follow the above tips, it is very likely that in addition to earning a gift, you will make shopping much safer and more secure.
Lastly, remember that the Consumer Defense Code is also valid for online purchases, especially regarding Article 49, which allows any product to be returned within seven delivery days. Once you have exercised your consumer right, the store must return any amount paid, including with monetary correction, if applicable.
Good shopping!!!!
* Aluisio Andrade is Operations and Services Director at Nap IT.