Have a Secure Holiday Shopping Season

Normally, I don’t dwell on all the bad things that can happen on the Internet (if I did, I’d be writing almost exclusively about it).   However, the approaching Cyber-Monday is an excellent time to have a short discussion about phishing and other malware that can be captured on your computer as the result of shopping on-line.

The Boston Globe had a short, but excellent article about it in yesterday’s paper and I thought it’s a good idea to pass it on.  It was written by the Washington Post’s Michelle Singletary.   Since it may only be available to folks with a subscription, here’s the critical except from the article:

Some tips from the Better Business Bureau:

  • Keep in mind this is prime phishing season. Identity thieves are skilled at sending e-mails that look authentic. Often the goal is to install malicious software on your computer or steal personal data off of your computer. The messages may claim there is a problem with your holiday order or your account in an effort to lure you into revealing passwords or personal information. Don’t click on links or open attachments. If you receive this type of e-mail, call the contact number on the website where you made your purchase to confirm there really is a problem.
  • Be careful about clicking on links that are displayed as part of your top results from an online search. Hackers know how to snare victims through a technique called search engine optimization poisoning. They know people might be searching for “holiday sales” or “Black Friday deals.” Using such keywords, they then drive you to websites set up to capture your personal information or to sell you inferior or fake products. Or you might not get anything at all. If I see a deal in a search purportedly from a well-known retailer, I go to that retailer’s website directly, by typing in the address. If you are unsure about a link without clicking on it, hover over it with your cursor to see what comes up. The string of cryptic numbers won’t match a company’s real Web address.
  • Double-check that a website is secure. Enter personal data such as credit card numbers only on encrypted websites. Look in the address box for the “s” in “https://” and in the lower right corner for the “lock” symbol.

A couple more comments:

  • When I look for deals on-line, I usually scan all the offers for a given product, then I go to a well-known on-line purveyor (e.g., Amazon, Walmart, Bestbuy).  I usually find that their prices are close to the lowest and I’m wiling to pay a small premium to know that I’m dealing with a reputable company.
  • As noted above, I always hover over the link to insure that the URL has the company’s real web address.  However, even if it appears to be correct,  you need to be careful as a bad address could have something minor wrong about it, like an incorrect character or different domain extension.  For several years, going to http://www.whitehouse.com would take you to a porn site (the real Whitehouse URL is www.whitehouse.gov).

Finally, I’d recommend signing up for Paul Lubic’s Internet Security Blog.  He offers up a steady diet of posts about what the bad guys are up to, which will help you be a safer, better user of the Internet.

I hope you have a safe, spiritual and enjoyable holiday season!


  1. Maria

    Thanks for the very timely advice, Greg!


  1. FLASH: Amazon phishing email | The Family HelpDesk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: