US-CERT Cyber Security Tip ST07-001 -- Shopping Safely Online

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		  Cyber Security Tip ST07-001
		    Shopping Safely Online  	 	   


   Online shopping has become a popular way to purchase items without the
   hassles of traffic and crowds. However, the Internet has unique risks,
   so it is important to take steps to protect yourself when shopping
   online.

Why do online shoppers have to take special precautions?

   The Internet offers a convenience that is not available from any other
   shopping  outlet.  From  the  comfort of your home, you can search for
   items  from  countless vendors, compare prices with a few simple mouse
   clicks,  and  make  purchases  without  waiting  in line. However, the
   Internet  is  also convenient for attackers, giving them multiple ways
   to  access  the  personal  and  financial  information of unsuspecting
   shoppers. Attackers who are able to obtain this information may use it
   for their own financial gain, either by making purchases themselves or
   by selling the information to someone else.

How do attackers target online shoppers?

   There  are  three  common  ways  that  attackers can take advantage of
   online shoppers:
     * Targeting  vulnerable  computers  -  If  you  do not take steps to
       protect  your  computer  from  viruses or other malicious code, an
       attacker  may  be  able to gain access to your computer and all of
       the information on it. It is also important for vendors to protect
       their  computers  to  prevent  attackers  from  accessing customer
       databases.
     * Creating  fraudulent sites and email messages - Unlike traditional
       shopping,  where  you  know  that a store is actually the store it
       claims  to be, attackers can create malicious web sites that mimic
       legitimate  ones or create email messages that appear to have been
       sent   from   a   legitimate   source.   Charities   may  also  be
       misrepresented  in this way, especially after natural disasters or
       during holiday seasons. Attackers create these malicious sites and
       email  messages  to  try  to  convince  you to supply personal and
       financial information.
     * Intercepting  insecure  transactions  -  If  a vendor does not use
       encryption,  an attacker may be able to intercept your information
       as it is being transmitted.

How can you protect yourself?

     * Use and maintain anti-virus software, a firewall, and anti-spyware
       software - Protect yourself against viruses and Trojan horses that
       may  steal  or  modify the data on your own computer and leave you
       vulnerable  by  using  anti-virus  software  and  a  firewall (see
       Understanding  Anti-Virus Software and Understanding Firewalls for
       more  information). Make sure to keep your virus definitions up to
       date.  Spyware or adware hidden in software programs may also give
       attackers  access  to  your data, so use a legitimate anti-spyware
       program  to  scan your computer and remove any of these files (see
       Recognizing and Avoiding Spyware for more information).
     * Keep software, particularly your web browser, up to date - Install
       software  patches so that attackers cannot take advantage of known
       problems  or  vulnerabilities  (see Understanding Patches for more
       information).  Many  operating systems offer automatic updates. If
       this option is available, you should enable it.
     * Evaluate  your  software's settings - The default settings of most
       software  enable  all  available functionality. However, attackers
       may be able to take advantage of this functionality to access your
       computer  (see Evaluating Your Web Browser's Security Settings for
       more  information).  It  is  especially  important  to  check  the
       settings  for  software  that  connects to the Internet (browsers,
       email   clients,  etc.).  Apply  the  highest  level  of  security
       available that still gives you the functionality you need.
     * Do business with reputable vendors - Before providing any personal
       or  financial information, make sure that you are interacting with
       a  reputable,  established vendor. Some attackers may try to trick
       you  by creating malicious web sites that appear to be legitimate,
       so   you   should  verify  the  legitimacy  before  supplying  any
       information  (see Avoiding Social Engineering and Phishing Attacks
       and  Understanding  Web  Site  Certificates for more information).
       Locate and note phone numbers and physical addresses of vendors in
       case there is a problem with your transaction or your bill.
     * Take advantage of security features - Passwords and other security
       features  add  layers  of  protection  if  used appropriately (see
       Choosing  and Protecting Passwords and Supplementing Passwords for
       more information).
     * Be  wary  of emails requesting information - Attackers may attempt
       to  gather  information  by  sending  emails  requesting  that you
       confirm  purchase  or  account  information  (see  Avoiding Social
       Engineering and Phishing Attacks for more information). Legitimate
       businesses  will  not  solicit  this  type  of information through
       email.
     * Check  privacy  policies  - Before providing personal or financial
       information,  check  the  web site's privacy policy. Make sure you
       understand  how  your  information  will  be  stored and used (see
       Protecting Your Privacy for more information).
     * Make  sure  your  information  is being encrypted - Many sites use
       SSL,  or secure sockets layer, to encrypt information. Indications
       that  your information will be encrypted include a URL that begins
       with  "https:"  instead  of  "http:" and a lock icon in the bottom
       right corner of the window.
     * Use  a  credit  card - Unlike debit cards, credit cards may have a
       limit on the monetary amount you will be responsible for paying if
       your  information  is  stolen  and  used  by someone else. You can
       further  minimize  damage by using a single credit card with a low
       credit line for all of your online purchases.
     * Check your statements - Keep a record of your purchases and copies
       of  confirmation  pages, and compare them to your bank statements.
       If  there  is a discrepancy, report it immediately (see Preventing
       and Responding to Identity Theft for more information).
     _________________________________________________________________

     Authors: Mindi McDowell, Monica Maher
     _________________________________________________________________

     Produced 2007 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST07-001.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSTb3RnIHljM+H4irAQKZgAgAkvDhitJ6g0Lz9L65dS9YmxYk3mAvKDRb
QmrN/wij4WhHa2DBI6aJuXB+mmcmwLVwtzCbwVvaenHcs583NlpQNYANupAsqNtG
BK3oSQWN1LtrEReekisi75/vzvJtoo6jsP3ue7OhWZztmw82RT6/EznA3CEqQtke
pSxCrFQKnWnd8EUYyGudK19vcFholQ9+d1K9+TAWWb+SDhfz42N9RfEb0Wkx/5XX
kqDva+ewcJXCUxwUbuA0B9J4SASTcG95O3Jg/JR95BgLq0RUgl/whw58xC/xdmcH
0zRSahaUuKZgEzOddIUayzWbQ8aAmcneJ8Zh2vfA2QENbrdoSQsl/g==
=EJnk
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux