BIZ: Safe holiday internet shopping 2023; is it possible?

Greta Samwel, The Norman Transcript, Okla.
Updated ·4 min read

Nov. 26—Dave Moore, CISSP

Every year about this time I have to reassess the Internet Christmas shopping situation. This year is again unique; even though COVID still plods along, with a consistent 200 (or so) Oklahomans being hospitalized for COVID every week in October and November, we have pretty much decided we're done with COVID restrictions. Still, the world has changed the way it does business. The "new normal" is we're never going back to the way things were done in the "before times."

One thing has stayed the same, though: the Internet bad guys are still busy, working on new ways to steal your money.

The criticality of having safe backups of your files has never been more urgent. That means you have separate copies of all your important family photos, financial documents, medical records, spreadsheets, tax returns, etc., kept on separate devices like external hard drives and online backup services like Carbonite.

That's the only defense you have against "ransomware" attacks, where the Internet bad guys encrypt your files and hold them hostage for ransom. Do you remember the ransomware nightmare that happened at the Norman Public School system in November of last year? You don't want the same thing happening to you. Your files are gone, and there's no way to fix them. Back them up now, while you can.

Bogus scam phone calls are increasing at an accelerated rate. I get at least 10 calls a day now, on my business cell phone, from scammers pitching everything from free Medicare to reduced credit card interest rates. Some scammers try to terrify me into worrying that my Windows license has expired, my new iPhone purchase has failed, or that the local sheriff is coming to arrest me because my Social Security number "has been expired," and I haven't paid its renewal fee.

Fake shopping apps are becoming a problem, too, as more people mindlessly move their online shopping from semi-secure desktop and laptop computers to completely insecure "smart" phones. The only "smart" thing about these phones is that they help smart online crooks trick honest folks into installing bogus "help you shop" apps, thereby moving money from your account to theirs in a very smart way.

Watch out for scams on social networking sites like Facebook. Bogus "work from home to make extra holiday money" scams are turning up everywhere. Look out for fake "gift cards" and phony "gift exchange" scams that are also infesting all the social networking websites, not just Facebook.

Internet safety is your responsibility. Keep your computer updated and patched. Use current, updated antivirus software. Beware of where you click. Research companies with which you wish to do business. Never answer or click on links found in unsolicited emails. Don't believe emails claiming that UPS, the USPS or FedEx are trying to deliver a package to you, need you to pay your bill, or owe you a refund. Remember that your bank, as well as eBay, PayPal, Amazon and your Internet service provider will never send you an email saying, "You need to visit our website and update your personal information."

Use strong passwords, and keep them secret. Use multi-factor authentication (MFA) on every account you have. Stop using the Google Chrome and Microsoft Edge browsers; as far as security and privacy go, they are horrible. Use a Web browser (the program you use to visit websites) that complies with Internet security standards, and that lets you easily access its safety settings, such as Mozilla's Firefox.

Use only PayPal or credit cards for online purchases. They offer anti-fraud protection; at least those purchases are protected by the Fair Credit Billing Act.

If you pay bills or send any personal information using U.S. Mail, deposit that mail in collection boxes, rather than in the mailbox in front of your house. The lady who brings the U.S. Mail to my neighborhood actually stopped once and asked me if I had seen any suspicious people in the neighborhood. Turns out a gang of crooks had been raiding local mailboxes, stealing checks and bills, which can lead crooks to accounts and cash.

Finally, keep printed records of all of your purchases. Play it safe, and have a happy Internet shopping holiday.

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org