Blog / Web Surfing Tips for the Holidays: Try to Remain Safely on the Web this Christmas.
Well, the lockdown restrictions are finally getting tighter, and the holidays are approaching very rapidly…
As Hamlet very prophetically says in Act III, Scene II (pages 380-391): “Tis now the very witching time of night, when churchyards yawn and hell itself breathes out Contagion on this world.”
Make no mistake, cyber criminals are cognizant of two very important things going on right now. First, COVID. They are fully aware that more people are home and spending a lot of their time on the Internet. Second, the Holidays are almost here. These two things together mean many more folks will be doing a lot more shopping online. To a criminal, this is potentially a huge payday…
A lot of my newsletters are aimed at the organization level. The advice is generally meant for small outfits to help them better protect themselves. The last few blogs have been primarily tips aimed at individuals. The sort of things people can do to better to protect themselves. So, without further ado, here’s a bunch of tips that could help keep you safer on the web, this Holiday Season:
1) Do not use the browser to remember your passwords.
The way browsers store your passwords is not secure. It’s not supposed to be safe. It’s intended to be convenient and useful, so that you can do things like import stored passwords from one browser to another. They’re easy for an attacker to find and copy, so never use it.
Make use of a Password Manager. There are multiple managers out there like LastPass or 1Password. Find a good one and make use of it. This way you will only need to remember one password, for your Password Manager. The only thing to be fully certain about is that your password for this is VERY good.
2) Don’t go ordering things off every website out there.
The more places you give out your credit card information to, the higher the chances that one of the sites you order from will be compromised. This is true as a general rule, but there is more to it than just that. There are only a limited number of credit card payment systems out there that a website can use. It’s almost guaranteed that they did not create their own custom system for their website, which means they have most likely licensed something off the shelf.
Is it any good? Is it secure? Maybe. The problem is you don’t know. The more places you go to, the more likely you’ll run into one using a vulnerable or compromised system. So, think extra carefully about which websites you’re going to give your information to.
3) Have a separate credit card that is only used for Online Shopping.
This may sound like a hassle, but the reasoning is very simple. If you know that the only activity on that card is online, then you can easily keep track of what purchases you made with it. This makes it very easy to spot suspicious purchases.
Since it’s just for purchases online, it’s also a good idea to set the credit limit on this to be fairly low. This will help limit the damage, in the event of a breach, and help curb overspending.
4) Set-up Free Credit Monitoring.
The information you put out on the Internet about yourself could potentially be used for identity theft. There are websites, like CreditKarma, that can do free monitoring of your credit rating. They can also send you alerts when credit checks are done on you (like someone trying to get a new credit card, for example.) You can see your credit score, but more importantly, you can also see all the various debts registered in your name.
5) When reading reviews, put on your thinking cap.
Reviews are a double-edged sword that you need to be very careful with. The vendors know how they work and put a lot of effort into making themselves look good. The smart ones anyway. Some of them even try to cheat the system, but not all of them do it well.
Look for discrepancies in the number of reviews and how many you can see. Maybe some are hidden. Also, check the language in the review to see if it’s useful. A bad review which says: “That sucks”, is as useless as a 5-star review, saying: “This is great.” What you should be looking for is not good or bad reviews, but useful feedback on either the item you’re looking at or their experience with the company.
6) Don’t leave useless reviews.
Reviews are nice, so if you leave one, try to make it useful for someone who’s never run into the product before. Those are the people that the reviews are meant for, after all. Think about the sort of things you were thinking about and the questions you had before you first purchased the product.
7) Pay attention to the Hostnames.
When you visit a website, there’s all sorts of information that shows up in your address bar. Honestly, it can be very, very, VERY long. For example, if you try going to “microsoft.com“, what you get sent to will wind-up being: “https://www.microsoft.com/en-ca.” That entire string is called the URL; the hostname is “www.microsoft.com.” After just a couple of clicks, you can reach somewhere like: “https://www.microsoft.com/en-ca/p/surface-pro-7-intel-core-i5-type-cover-pen-bundle/8t8q199ljdvk?icid=mscom_marcom_H1a_SurfacePro7Bundle_Store_TS21.” Now that’s a MUCH bigger URL but look at the hostname. It’s still “www.microsoft.com.”
Pay attention to changes on the hostname. If something about it looks fishy, then shut down the page. Generally, as you surf around on a website, you should be staying within that organization. So, for a place like Microsoft, you should pretty much always have a hostname that is: “?????.microsoft.com.” If that hostname suddenly becomes “micros0ft.com“, that’s bad news.
At the end of the day, the reason that most of the attacks out there do work, is because the guys are betting on knowledge that you don’t have. Learning how websites work isn’t difficult. Understanding how the Internet functions, is not scary. Take it from someone who knows a bit about those things.
If you have any questions about Safely Surfing on the Internet, please reach out to your TRINUS Account Manager for stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.