Annual sales season is in full swing! Black Friday, Cyber Monday and Christmas Sales cause an unprecedented stock-jobbing. Everyone wants to make his or her best bargain in 2015. Besides, today there is no need in exhausting shopping in malls and emporiums. We can order everything from home with the help of the computer or smartphone.

But, in anticipation of the holidays and bargains we should not forget about the importance of data protection. After all, hackers are also preparing for the holidays. They invent new ways to celebrate them in the expense of other people. We decided to remind you the basic rules of cybersecurity, which you should follow during shopping at online stores. Following these rules, you will avoid becoming a victim of fraud, and will celebrate Christmas with joy in your eyes.

Data protection rules during online shopping:

Attachments to the letters from online stores may contain Trojan viruses. Especially those, who promise fabulous discounts. Often the references in letters from unknown emails lead to phishing sites. The only task of such websites is to steal information (card numbers, passwords). When you receive the letter from an unverified source, it is better to delete immediately. Don’t open attachments and don’t follow links it contains. Before you order anything in the online store and provide the information about your payment card number, spend some time to read the comments from other users of this particular website. Public Wi-Fi can be created by hackers to steal passwords and logins. We don’t recommend making purchases by connecting to an open channel. If you are going to buy something using a smartphone, it is better to turn off Bluetooth and to use the mobile connection to get access to the Internet. The mobile connection provides better protection. Data protection starts with strong passwords. To be so, the password must consist of letters in different cases, numbers, and special characters. We repeat once again: the name of your pet and your own date of birth – is not the best choice for the password. On the Internet, we often meet offers to install different useful programs for free. Remember, such a “gift” can hide an adware or even Trojan virus. Two-factor authentication (2FA) should be turned on any website that holds or obtains confidential users’ data. This is especially important for the resources which transfer the funds on the Internet. Among them are banks, payment systems, currency exchanges, etc. With this method of payment, the fraudsters do not even need to steal someone’s plastic card. It is enough to know its number (PAN), expiration date, CVV, and the name of the owner. But if the system uses two-way authentication, then even owning all the information about the payment card and its owner, attackers will not be able to carry out any transaction on behalf of the user. One-time passwords are delivered of generated in different ways: SMS, token, email, mobile token. The most popular method of organizing data protection today presupposes the installation of a special application for one-time passwords generation on the smartphone. For example, Protectimus developed a software token Protectimus SMART, which can be installed on Android and iOS smartphones, and even on the smart watch. Mobile authentication is enough reliable and does not require much effort from the user. In the pre-holiday fuss, it is easy to forget where and what you have already ordered. Such situation is a good field for fraudsters, who send phishing messages on behalf of the shipping services. All with the same goal: to get users’ data. Make a shopping list in advance. You will be able to check if the company that has sent you the email is in your list or not. And if you can’t find this company in the list, you can delete the message without hesitation. During online shopping, it is better to pay only when you have already received the goods. Everyone has heard of cases where the “sellers”, who took the money forward, dissolved in cyberspace without leaving a trace. Real representatives of payment systems or banks will never ask you to indicate the one-time password or the answer to your secret question in the letter. The bank is aware of this information. Otherwise how could it identify its customers when they log in to their accounts? If you receive such a request, be sure, it is from the hacker.

Personal data protection is not so complex not to deal with it. With a little effort, you can make the upcoming season of pre-holiday online shopping enjoyable and safe. And hackers will be left with nothing.