Online Shopping and Cybersecurity

Summary

Quarantine has forced many people to shop online more than ever in order to purchase items, from electronics to groceries. Some have been shopping online for years and apply best practices to do so securely; however, many people are new to this purchasing platform and could be increasing their risk for cybersecurity and identity theft incidents. According to Adobe’s Digital Economy Index , online retail sales increased 49 percent between March and April 2020. Threat actors can target online shoppers through a variety of methods, including email, compromised websites, spoofed websites, and text-based phishing messages (known as SMiShing). When purchasing goods and services online, users are encouraged to follow best practices to reduce their risk of victimization.

Recommendations

The NJCCIC advises online shoppers to exercise caution with unsolicited emails that contain links or attachments advertising discounts on purchases or requesting verification of account information. Instead of clicking links in emails, navigate directly to websites by manually typing the URL into the browser. Additionally, we recommend using credit cards over debit cards for online purchases. Credit cards often have greater consumer protections that limit a victim’s liability if fraudulent purchases are made. Magecart attacks – malicious code injected into online payment websites to steal financial data – are prevalent and pose a risk when online shopping. Lastly, the NJCCIC highly encourages all users to enable multi-factor authentication (MFA) on every account that offers it, including any online shopping websites. MFA significantly reduces a user’s risk of account compromise via credential theft, increasing the user’s resiliency to the unauthorized purchase of goods and services via a compromised account.