With stay-at-home orders, MCO in Malaysia and Circuit Breaker in Singapore being imposed during 2020 and into 2021, online shopping and home delivery is at an all-time high. Figures from analysts indicate that orders placed with Lazada, Shopee and Amazon have increased by nearly 60% in 2020 and 2021. Certain products have been even more popular for home delivery – notably wellness and vitamin products, sporting good items plus liquor and groceries.
But with all this online commerce activity in 2020 and 2021, there has been a corresponding spike in the rate of cyber-fraud, phishing and account hacking.
Online fraudsters seek to gain access to an online buying account so they can steal your personal information and credit card details stored in the account. The fraudsters can use the hacked account to purchase things on your funds or else on sell the account access and details to other online thieves.
News reports have focused on cybercrime during the COVID-19 pandemic affecting individuals, but we should highlight the cyber fraud threats to businesses too. As many smaller businesses have turned to online commerce to survive the drop in normal retail due to shuttered stores or restaurants, many of these retailers currently have less measures in place that would assist in fighting and repelling cyber criminals.
With this in mind, here are 8 pointers to help you stay safe while shopping online.
- Create robust passwords for new accounts.
Be sure to create complex, hard-to-guess passwords using upper- and lower-case letters plus numbers & symbols. Look to enable two-factor authentication [2FA] whenever you’re given the option via your mobile number. With this extra step of verification in place, 2FA makes your data more difficult to compromise and easier to recover your own account via SMS.
- Avoid using repeat passwords
When you’re creating longer, complex passwords, avoid using the same password or passphrase across multiple platforms. A common error for victims of hacking is using the same password and email address for different accounts and sites – one leak and a fraudster can hack into all your accounts with just those two pieces of information
Consider using in a password manager such as Keeper or else antivirus software has password vaults, such as Trend Micro – they can store different and long passwords with no effort.
- Avoid disclosing your Personal Identifying Information (PPI)
Do not submit unnecessary PPI while making purchases from a retail site. Websites that ask for your Identity Card Number or date of birth could be scams, as commercial sites do not need this information to process shopping orders.
- Review the site’s security status
Ascertain whether the website you’re surfing is safe by looking for a locked padlock icon to the left of the site’s URL – or else the URL begins with https://www. If neither of these appear, go back to Google or Bing and make sure you’re on the intended website.
Scammers may register false domains that appear similar to frequently trafficked sites and provide links to these fake sites in a phishing email. These fraudulent sites will have slight spelling differences in the domain name or else use a digit for a number [for example, they may use a `5’ instead of an `s’] and will not have the secure padlock icon.
- Employ safer alternative payment options.
There are payment options other than a credit card which are more secure or more private than others. Online services such as PayPal, Google Pay provide a payment method without giving away your credit or debit card information. PayPal and others also offer some coverage against scams sales on eBay or other approved venues. Malaysia now has several eWallet providers such as Boost, TouchNGo plus GrabPay whilst Singapore has PayLah!, NETSPay, favePay and YouTrip.
- Enable security alerts.
Arrange to activate digital alerts from your bank to receive notifications via SMS or email should there be any suspicious or unusual activity on your account. A good method is to have SMS or App alerts that notify you whenever a transfer is made directly from your account – with any attempts to submit your card for a payment.
- Stick with known and trusted vendors
Though an advert for a commerce site may appear on in your social media channels or on a paid news site, this doesn’t mean the site is trustworthy. Sadly, some dubious sites or even app developers can get listed on reputable channels and get victims to sign up. Don’t rely on social media or paid news sites to have vetted every advert or app recommend – use your intuition, anti-virus browser add-ons and some research to see whether the offering is genuine.
- Reduce what personal information you disclose about yourself online
Scammers seeking to target an individual can obtain valuable personal information such as a list of employers or university affiliations, or even more specific data such as cities you have lived and names of your family members. This available online information makes it much easier for fraudsters to do their research and build their own credibility to convince they’re calling from a reputable source such as an employer. Much of this information can be used by cyber criminals as pointers or clues for security questions during the password reset process on your accounts should they have access to your email account.