Q&A: Cyber Monday shoppers: Avoid getting hooked by holiday cybercrooks

As holiday shoppers rev up for today’s Cyber Monday – the official start of the online shopping season, it’s also a time for cybercriminals to pounce.

During the holidays, “Criminals know that people are online in a big way. And they know we’re distracted,” said Robert Siciliano, online security expert for McAfee, the Santa Clara-based Internet security firm.

“The data is flying around from so many e-tailers and from so many devices (laptops, PCs, smartphones, tablets) There are so many points of vulnerability, if you’re not doing something to protect yourself,” said Siciliano.

To avoid getting accosted online, here are his top five safe-shopping tips:

Arm your devices

Whether it’s your iPad, smartphone or laptop, be sure it’s password protected. “If it’s not (and it’s lost or stolen), bad guys have complete access to all your data and everything you’re looking at online,” from emails to financial records, said Siciliano. With a password, you’ve got an extra layer of protection.

Be sure that all your anti-virus, anti-spyware, anti-phishing and firewalls are updated.

Consider installing a VPN, or Virtual Private Network, which encrypts data when you’re using public Wi-Fi networks. “A VPN will lock it down. It’s like a tunnel you go through that shields your Internet traffic,” said Siciliano. He and PC World recommend free downloads such as Hotspot Shield.

Beware fake notices

Chances are you’ve seen them: phony notices from FedEx, UPS or the U.S. Postal Service about a package you’ve supposedly been shipped. Or the notices come from a supposed retailer.

Consumers might be fooled into thinking it’s for something they’ve already ordered or a holiday gift from friends or family. In most cases, they’re a ruse to get you to click on a link that will install malicious software or trick you into disclosing bank account or personal financial information.

“It’s a new version of a phishing scam,” said Siciliano. “With more and more people buying online, there are more and more opportunities” for scammers to fool buyers with these fake notifications.

If you get such a notice, hit “Delete,” he said. If you want to confirm or track a shipment, type in the Web address yourself.

Use safe sites

When using your credit card on an online shopping site, be sure the URL address starts with “https.” That “s” indicates it’s a secure, encrypted site.

When browsing online, don’t fall for phony look-alike, sound-alike websites, such as Best Buye or Amazonn.com, that try to fool you into thinking you’ve landed on a legitimate site. Siciliano said crooks often buy up domain names of commonly misspelled or mistyped sites, a form of “cyber-squatting” or “typo-squatting.” These phony “e-tailers,” whose sites mimic legitimate retailers, often pop up during the holidays.

Be diligent about checking your credit card statements for fraudulent, duplicate or erroneous charges. “Refute them as quickly as possible with your credit card issuer, so they can reset the charges,” said Siciliano.

Dubious ‘deals’

One of the easiest holiday scams is tempting shoppers with deep discounts. When you’re looking online for gifts or gift cards, be leery of sites that offer too-good-to-be-true deals or discounts.

“If you’re searching online and find a random website that offers big discounts, that’s risky,” said Siciliano.

Don’t click on links

It could be a holiday “best wishes” email or a phone text that wants your attention. If there’s a link you’re invited to click, don’t be tempted. “Never click on links, unless it’s from somebody you’re corresponding with” who’s mentioned they’re sending a link, he said. “And never click on links in text messages. Ever.”

Too often, they’re simply a tool to launch spyware. “It’s like a video camera over your shoulder that spies on everything you look at, the forms you fill out, the data you store,” he noted.

Overall, Siciliano said, it’s everyone’s responsibility to be diligent about thwarting cybertheft. “It’s a constant battle,” he said, but the best defense starts with “common-sense” precautions.