I love online shopping, and I have the shoes to prove it.
In addition to my shopping habit, I also travel abroad frequently and use my credit card for business. So protecting my credentials is crucial. I secure my PC, stick to reputable retailers and monitor my credit card account. And this generally has kept me safe, until just recently…
Just after Easter, I got the alert on my Outlook calendar that reminds me to review my credit card accounts—both for fraud and my own personal overspending. I checked my account and found that my card was used to purchase about €700 worth of goods in the Manchester, England. Here’s the problem: I haven’t been in the United Kingdom for more than a year and a half.
Immediately I called my bank. A representative connected me to a special fraud line. I identified all the suspicious charges and received a letter in which I had to verify under oath that I had not made these charges. In two weeks, all of the fraudulent charges were off my account. Nice.
However, the mystery lingers. How was my card compromised?
This is where I should mention that in addition to being an avid shoe buyer, I am also a gamer. I’ve been a member of the Sony PlayStation Network for a while. You probably know that PSN was hacked right before Easter time affecting up to 100 million people. However, I don’t believe I was one of those people as I wasn’t contacted by Sony.
I can’t think of the number of times I’ve handed my card to a waiter or salesperson for them to charge me—in addition to all of online stores and services that have had access to my credentials.
So here’s what I’ve decided to do to make sure I’m not a victim again: I’ve set my Outlook alert to remind me to check my account weekly instead of twice a month. I no longer let online retailers store my account information—and I’m looking into getting an extra online shopping credit card with a very low limit. When I’m abroad, I will be very selective where I use my card and cash will be king – again.
One unexpected consequence of this little drama is that my bank is now closely monitoring my account. Twice they’ve called me about suspicious purchases and both times I’ve had to say, “Yes, Big Brother. I did pay that much for those shoes.”
Have you ever had a similar experience? Do you have any hints that might help me figure out where I went wrong?
Every year Cyber Monday sets new sales records. The Monday after the U.S.'s biggest brick-and-mortar shopping day a year opens the online shopping season with a flood of sales and deals that are often better than what you'll find in person, without the crowds. But whether you're shopping for presents or not during the next month, advertisers and online criminals will assume you are. And if they aren't targeting your wallet, they may be after the private photos and videos we all keep on the hard drives of our computers or devices. Right now, you can get our F-Secure SAFE protection on 5 PCs or devices with 200 GB of free secure cloud storage. Until December 6, we're giving away one free license for SAFE on 5 devices along with 200 GB of storage and a SAFE hoodie for free each day on our Facebook page. Read the the rules and enter now. And while you're shopping on any device, stay skeptical. Stay focused. And keep up the same online shopping and storage hygiene you should be practicing all year long: 1. Make sure your system, browser and security software are patched and protected. If it's software, it requires updates. As developers have become better at reminding you to update your software, there's become more to update. So keep up with your operating system updates and make sure you're running updated security software. 2. Do all your shopping in in one browser. No Java. Our Security Advisor Sean Sullivan advises that you do all of your financial transactions in one browser that you only use for shopping and banking. “Too many tabs open, too many things going on – that’s when you’re most prone to click on a malicious link or download something you shouldn’t have," he said. So use Chrome for surfing and Firefox for the serious stuff. Whichever browser you use for your transactions, you should disable Java in it -- and all your browsers if possible. If a certain website you need to use requires Java, enable it in just one browser that you use only for that site. 3. Stick to stores/sites you trust. Bad grammar and poor design have been the warning signs of malicious sites and emails for years. But criminals are always upping their game. Your best bet is to avoid untrustworthy sites in general, just as you likely avoid unprofessional looking stores and people who randomly try to sell you stereo equipment from their van. Avoid shopping via Google. Go directly to sites you trust and search there. 4. Only shop over a secure connection -- VPN and https. If you're shopping via Wi-Fi, make sure you're on a network you trust or secure yourself with a virtual private network like F-Secure Freedome. This will encrypt your data to protect your passwords and other private data. Freedome also protects you from scams and trackers, which may use your data to sell you things that do not fit your budget. To make sure your data is secure as it's being transmitted, don't enter your private data unless you see you're on a secured connection where the url starts with "https". If you're not seeing that, move on to the next store. 5. Use one credit card for all your online shopping -- or use credit card alternatives. Limit your damages. If your data is captured by a crook, chances are your credit card company will catch any irregularities. However, you still may be left without a card during the holiday season. Using only one card for online purchases also makes it simpler to keep focused on how much you're spending. For extra security, Sean recommends that you see if your bank offers virtual credit card numbers that can only be used once. 6. Check your statements. You do this? Right? If you don't check your statements to make sure all the charges are yours, who will? 7. Do not reuse passwords. It's like putting the same lock on your house, car, boat and safe. Your passwords for your crucial accounts are sacred and need to be unique and strong. This isn't easy, which is why we recommend a password manager. You can use our F-Secure KEY on one device for free. 8. Have a secret email account for online shopping. Sites like Amazon allowing you to use your email for a login, which is convenient. It also means anyone who knows your email, knows your login and is halfway to cracking your account. A simple solution is to use a special email account that you with with no one that you use as login for financial accounts. 9. Back up everything. What's on our devices and PCs is worth more than the hardware themselves because they represent the thing we can never get back -- time. During the holiday season, your phone is filled with memories of celebrations and gatherings that will only happen in that exact way once. So make sure all your devices are backed up, all the time. 10. Use a cloud service you can trust. As you know from the series of nude photos of celebrities released this year, the security of your cloud storage matters. The more people you have trying to hack you, the more your content is at risk. Using a service -- like our younited -- that offers two-factor authentication and is designed to protect your privacy. Happy holidays, Sandra [Photo by Mike McCune via Flickr]
We all know that there are scammers on the net, actually a lot of them. The common forms of scams are already well known, Nigerian letters and advance payment scams for example. But scammers do develop their methods to fool more people. I recently saw a warning about an interesting variant where the scammers ask for advance payments for travel services. This warning involved booking.com so you should be extra careful if you have used them recently. But the advices I share here are generic and not specific to booking.com anyway. The warning I refer to is in Swedish but I’ll provide the main points here in English. Here’s what happened according to the story. Someone books a trip on-line. Booking information leaks out to scammers somehow. This could be because of a hacking incident at booking.com, a crooked employee or maybe also through a hacked customer mail account. Now the scammers contact the customer. They claim to be the hotel and require advance payment for the stay. This can be quite convincing as they know what hotel has been booked and at what dates. The payment must be a wire transfer, credit cards are not accepted. Sadly, some customers fall for this and do the payment. They never see the money again and still have to pay the full price for the hotel. Here the key differentiator from ordinary scams is that the scammers have info about a valid purchase done by the customer. This enables them to be very convincing and impersonate the hotel (or some other provider of services) in a believable way. Fortunately it is quite easy to defeat this, and many other scam attempts, with some simple rules. Always pay your on-line purchases with a credit card. Period. If this isn’t possible, shop somewhere else instead. The credit card company acts as a buffer between you and the recipient of the payment, and adds a significant amount of security. Never use wire transfers of money. Period. This is the standard method for scammers as it is next to impossible to get transactions reversed. If someone claims that no other method is available, it is a very strong signal that something is wrong. If you have selected to pay by credit card, as you always should do, then it is a strong warning signal if someone tries to deviate from that and ask for money using some other payment method. Remember that it is next to impossible to verify the identity of the other part if someone contacts you. If you get contacted like this and have any kind of doubts, you can always contact the company you bought from to verify if they really have contacted you. The risk with credit cards is that your card number may be shared with several companies, like airline, car rental and the hotel, in the case of travel booking. Each of these may charge your card. Incorrect charges may occur either by mistake or deliberately. Always check your credit card bill carefully and complain about unauthorized charges. This is some extra work, but the customer will usually get unauthorized charges corrected. And a last hint not really related to scammers. Be careful with the grand total of your on-line purchase. Travel bookers are notorious for not showing the real grand total until at a very late stage in the purchase process. It is very easy to make price comparisons on figures that aren’t comparable. If possible, prefer honest sites that show you the real price upfront. Memorize these rules and the likelihood that you will be scammed is very small. The best way to fight scam is to not take the bait. So by being careful you not only save your own money, you also participate in fighting this form of crime as you make it less profitable. If you want to do even more, share the info and help others become aware. If you liked this post, you may also like the story about when I sold my boat. Safe surfing, Micke PS. The story I base this on was seen on Facebook. It is not verified, but I find it to be believable. It doesn’t really matter anyway if the story is true or not. The story is plausible and forms an excellent warning about Internet scams, which unfortunately is a widespread and very real form of crime. Image by Ho John Lee
If you're still a Windows XP user, you're probably singing a sad song knowing that after 12 long years Microsoft will end its support for the world's second most popular operating system on April 8, 2014. Microsoft warns you that if you continue to use its OS first introduced before the iPhone even existed "your computer will still work but it might become more vulnerable to security risks and viruses." And if that isn't enough to encourage you to upgrade or get a computer, maybe the fact that "you can expect to encounter greater numbers of apps and devices that do not work with Windows XP" will. But given the millions of PCs running the OS and the scarce amount of time and resources many people have, some people will certainly be XP users well after its "expiration date." If you're going to be one of these daredevils, our Security Advisor Sean Sullivan has some suggestions. "Folks that continue to use XP at home can do so with some reasonable amount of safety, but they absolutely need to review their Internet and computing habits as April draws near," he told us. And he broke down 7 ways to avoid the trouble from the criminals who will surely be targeting these unsupported systems. 1) Install an alternative browser -- not Internet Explorer. 2) Review the third-party software you've installed and uninstall anything that isn’t needed. 3) For the third-party software that you keep – consider disabling or uninstalling the browser plugins. Or at least set the browser to “always ask” what to do about things such as PDF files. (Personally, I always download PDFs to my desktop and open them from there. I don’t want the PDF viewer plugin installed, and I don’t like being in the habit of opening certain file types in my browser’s window.) 4) Have an up-to-date security product with antivirus and firewall installed. 5) Keep your XP computer connected to a NAT router, which will act as a hardware firewall. (Practically speaking, this means you shouldn’t be roaming around outside of your home with an XP computer. Don’t plug into a university network for connectivity – keep your computer at home on a trusted network.) As you can see, living in the past may not make life easy. But if it's your only option, you should at least try to stay as safe as possible. Cheers, Sandra [Image via Patrick Hoesly via Flickr.com]