Years ago, when online shopping first became a popular way to do business, I remember being one of the many cynics who thought it would never catch on. I was certain that most people would be wary of giving websites access to credit card and financial information when there was always a possibility those sites might be hacked.
Fast-forward a decade and a half, and I and the other naysayers are happily partaking in mobile banking and one-click shopping. In some ways, this is the story of how technology disarms even the most nervous critics.
On the other hand, however, recent events have proven that risks do indeed exist. In January 2012, the online shoe retailer Zappos.com revealed that hackers had caused a data breach that compromised the information of up to 24 million customers. But that data breach was nothing compared to the hacking scandals that hit both Sony and Citigroup in 2011. Hackers were able to steal complete credit card information and millions of dollars from those major sites and their customers.
Before you abandon online shopping and banking entirely, it’s important to remember there are ways to protect yourself from hackers – both before and after a site you frequent is attacked.
Strong Password Protection
Creating a Secure Password
It’s a major pain in the neck having to come up with a different password for each secure site you frequent, not to mention the frustration that results when you can’t remember a password. But having a strong password can mean the difference between keeping your accounts secure and someone living large on your dime.
According to CNN Money, the most popular password on business systems is “Password1.” We’ve all been guilty of coming up with something overly simple. However, hackers are aware of our mental blocks when it comes to remembering these passwords, and they use it to their advantage. As CNN points out, “The number one way hackers get into protected systems isn’t through a fancy technical exploit. It’s by guessing the password.” So it pays to make your password longer and more complex.
To create a strong password, it must be relatively lengthy (eight characters or more) and have a complex string of characters, including numbers and non-letter symbols. If that kind of mental gymnastics is already making you feel exhausted, don’t worry. You can make an easy-to-remember password that is difficult for anyone else to crack. For example, instead of using a name or a word, start with a sentence:
“I want to run a marathon before I turn 40.”
Then take the first letter of each word for your password, and change at least one letter to a symbol:
If you’re afraid of forgetting something that is basically a random string of characters, find a secure place to record the original sentence – without stating the exact password – so you can remember how you got to the password. According to the U.S. Securities and Exchange Commission, you should never store a password on your computer. One way to make this information secure but accessible is to write down the sentence in your calendar or address book. You’ll know where and how to find it (and what it means), and it will simply look like a mental note to yourself to anyone else who sees it.
Passwords After a Security Breach
As soon as Zappos.com became aware of their security breach, the company reset every customer’s password so they were forced to create new ones. Most companies will take that basic precaution for their customers after a breach, but just changing your password for the hacked site may not be enough to protect yourself, particularly if you use the same password for multiple sites.
After your information has been compromised, take the time to reset the site password and your email password, especially if your email address is part of the information that was taken. However, you should probably take a hard look at all of your passwords. Do you use a different password for each commercial site you use? If not, now is the time to set that up. It will only take a moment to change your passwords.
Be sure to record a memory device in your secure spot – like the sentence above – and it will help protect you from hackers who might now know you use your pet’s name for all your Internet shopping and banking passwords.
Avoiding Phishing Scams
How to Detect Phishing
Phishing is an easy way for hackers to get your information: You receive an email or other electronic communication that appears legitimate, asking you to confirm your information. But when you click on the site provided, you’re directed to a spoofed website that looks just like the real one.
Phishing scams have become sophisticated enough that they can even recreate the “https” connection on the spoofed site (“https” denotes a secure site, while the “http” connection is used for everything else), complete with the padlock icon. According to the U.S. SEC, you can double-check a spoofed “https” site by “clicking on the padlock icon on the status bar to see the security certificate for the site. Following the ‘Issued to’ in the pop-up window, you should see the name matching the site you think you’re on. If the name differs, you are probably on a spoofed site.”
Phishing After a Security Breach
Phishing could become a problem if your email address falls into the hands of hackers. Once they know how to reach you – and where you shop – you are more vulnerable to a phishing email asking you to confirm a transaction. Even if the link you are invited to click on appears to be the actual website, that does not guarantee its legitimacy.
Instead of clicking on the link in an email, type in the known address yourself. And as always, double-check that the site really is trying to reach you before disclosing any information. Your favorite sites will be happy to answer questions about the legitimacy of an email, as it helps keep their reputation untarnished.
The Importance of a Second Email Account
One of the most convenient aspects of living in a world of connectivity is the ease of linking together all of your regular activities online. However, if you use the same email account for your online shopping that you do for your online banking, then you are leaving yourself vulnerable.
If you simply set up a second email account that you use solely for your banking, then hackers who are able to breach a retail site you frequent cannot follow the trail back to your bank or credit card information. This is a simple precaution you can take that will help make your information more difficult for hackers to access.
Using Public Internet Access
Whether you’re checking your account balance on your smartphone in a WiFi hotspot, running your business remotely from your laptop, or using a public computer to do some Internet shopping, you need to be very careful when you access vulnerable information in public. Although WiFi connections are theoretically secure, the U.S. SEC states that “wireless networks may not provide as much security as wired Internet connections. In fact, many ‘hotspots’…reduce their security so it’s easier for individuals to access and use these wireless networks.”
Utilizing a shared computer presents its own set of unique challenges and online security threats. While you probably know that you should log out completely from any site you access on a public computer, it can be easy to forget to do so if you’re not in the habit of using shared computers. Make sure that you treat any public access to financial information the same way you would treat a stop at the ATM, and be wary of what information you might leave behind.
The ubiquity of the Internet makes it seem like a trustworthy tool – and it usually is. However, rather than allowing yourself to be lulled into complacency, take simple precautions against malicious hackers and viruses. The best time to do this is before any information has been compromised. But even if you are mopping up after a security breach, you can still protect yourself.
Just remember that you need to consider your information as valuable as the hackers do. That simple change in mindset will probably be enough to help you browse, shop, and bank more securely.
What other tips do you have for protecting yourself against hackers and phishing scams?