There is one thing cybercriminals can count on when seeking ways to steal your personal information when you’re shopping online — that people are too trusting.
As we approach Cyber Monday, the online version of Black Friday, I need you to institute a healthy dose of skepticism. Be suspicious of all e-mail you get, including those that appear to be from a person or company you know.
There’s a lot of money to be had on Cyber Monday. Online sales reached $1.2 billion last year, according to ComScore, a Web tracking firm. The cyber crooks get into the action by obtaining personal information that can be used to steal credit card numbers or open accounts in a victim’s name.
When shopping online, beware of pop-up ads claiming you can get incredible deals on consumer items.
And since many of you are going to do some of your Cyber Monday shopping during work hours, I’m going to need you — speaking on behalf of your employers — to exercise extreme caution so you don’t compromise the computer systems at work. This year, 72 million people, or 56.8 percent of all Cyber Monday shoppers, are projected to shop for a holiday gift from the office, according to the National Retail Federation’s annual holiday spending survey.
You might be thinking: Don’t people know this already? Don’t they know what it takes to avoid being a victim of identity theft? Haven’t they already been warned not to open e-mails that appear to be from legitimate companies but then ask for information those companies would already have? Don’t they know not to click on links offering deals that sound too good to be true?
Yes, I believe many people know the drill. They’ve been warned repeatedly. Or they’ve heard the tips offered year after year during the holidays. But it’s one thing to know how to protect yourself. It’s quite another to use this knowledge to protect yourself effectively, especially when a great deal is being dangled online. People get distracted and lose their common sense when they think they might miss out on a sale. They second-guess themselves because the e-mails can look convincing.
Most online retailers will be offering special promotions during the Thanksgiving weekend, according to Shop.org’s eHoliday survey.
So, follow these cyber safety tips from the Better Business Bureau:
●Keep in mind that this is prime phishing season. Identity thieves have become extremely skilled at sending e-mails that look authentic. Often the goal is to install malicious software on your computer or steal personal information from your computer. The messages in e-mails might claim there is a problem with your holiday order or your account in an effort to lure you into revealing passwords or personal information. Don’t click on links or open attachments. If you receive this type of e-mail, call the contact number on the Web site where you made your purchase to confirm that there really is a problem with your transaction.
●Be careful about clicking on links that are displayed as part of your top results from an online search. Hackers know how to snare victims through a technique called search engine optimization poisoning. They know that people might be searching for “holiday sales” or “Black Friday deals.” Using such keywords, they then drive you to Web sites set up to capture your personal information or to sell you inferior or fake products. Or you might not get anything at all. If I see a deal in a search purportedly from a well-known retailer, I instead go to that retailer’s Web site directly by typing in the address. If you are unsure about a link, without clicking on it hover over it with your cursor to see what comes up. The string of cryptic numbers won’t match a company’s real Web address.
●Double-check that a Web site is secure. Only enter personal information such as credit card numbers in secure, encrypted Web sites. Look in the address box for the “s” in “https://” and in the lower-right corner for the “lock” symbol before paying.
Promise me you will print out these tips and tape them to your computer at home and at work. Before you shop online, review the warnings so that you can stay out of the path of cybercriminals.
Readers can write to Michelle Singletary at The Washington Post, 1150 15th St. NW, Washington, D.C. 20071, or email@example.com. Personal responses may not be possible, and comments or questions may be used in a future column, with the writer’s name, unless otherwise requested. To read previous Color of Money columns, go to postbusiness.com.