12/12/07
10:49 am

MacMost Now 10: Online Shopping Safety

Gary Rosenzweig gives some basic tips for being safe while shopping online. Look for secure checkout pages, use a credit card, have good passwords, and trust your instincts.

Video Transcript (Click to Expand)
Hi. This is Gary Rosenzweig with MacMost Now. You may be watching this while you're taking a break from your online holiday shopping so it seems like a good a time as any to review some safety and security tips for online shopping.
So the first thing you want to do is when you're at your shopping site and you're checking out make sure you have a secure connection. You can do that in Safari by looking for the little lock symbol. That means you've got a secure connection to their server so your data is safe, especially your credit card number. Another thing you want to do is look for the fact that you're logged into a server that's https, 's' for security. This will only happen of course during the check out phase of most shopping sites but it is another good indicator that you're secure in giving your credit card information to the merchant.
The next thing you should do when shopping online is use credit cards. Credit cards are probably the safest way to shop online. A lot of people are afraid to give their credit card number online but those same people will give their credit card number to a waiter or a waitress in a restaurant and let them take it into the back to run it through. Which is more secure? Doing it online through an encrypted connection or just giving it to a random waiter at a restaurant? Doing it online with a credit card means you've got certain protections. Check with your credit card company to see exactly what they are but chances are that if there was some sort of fraudulent activity on your credit card you'd be able to get your money back and correct the problem.
Now a word about passwords. If you're logging into a shopping site chances are they want you to establish an account and have a password with that account. Make sure this password is a good, secure password. A good secure password is not the name of your dog or your date of birth or your favorite food. A good, secure password is a random set of characters, letters and numbers, some capital letters. Yeah. It's harder to remember but it's very easy for somebody to get into your account if you use a real word as a password. So for instance if you use the word 'swordfish' it's very easy for them to run what's called the Dictionary Attack against that. In other words they take a dictionary of say the 10,000 most common words and they'll basically try to log into your account 10,000 times and one of those words is going to be your password. So never use a real word as a password. Also make sure that your email password is secure, because even if you have a great secure password to your shopping site all somebody has to do is basically break into your email account, using your insecure password and then go ahead to the shopping site and say 'Hey. I lost my password.' They're going to email a copy to you, they'll break into your email account, get it and now they can change information in your shopping site account so they can basically buy stuff for themselves and ship it to themselves. So make sure you have secure shopping site passwords and email passwords, random numbers and letters.
Now after you're done shopping there's more you can do to stay secure. Most credit cards allow you to log on online right now to go and check your account so you can actually see some of your recent transactions without waiting until the end of the month. Some even allow you to see transactions on the same day. So during a busy shopping season like this it's always good to log on when you get a chance every day, every couple days, every week and see what activity's there and make sure there's nothing suspicious going on. The same thing for shopping sites. If there's several shopping site you use frequently you may want to log on there and view your orders and see exactly what's been ordered and make sure it's things that you've ordered. If you get to the information first before you actually see the money is missing you have a much better chance of recovering the money and stopping the fraud.
One thing to watch out for are phishing attacks. Phishing attacks, that's spelled with a 'ph', are emails that you get that pretend to come from a site you trust, like a shopping site. And they may say there's something wrong with your account or your order and you need to log on. So you log on but you actually aren't logging on to the site at all, you're logging on to something that looks like it and then it asks for your user ID and password and you give it to them and now they've got your user ID and password to that shopping site.
In general, learn to trust your instincts. If something seems suspicious look into it. For instance, if you're at a new shopping site look around before ordering from them. If they have a phone number call them and maybe chat with them about their store. See if they have a retail presence and also see if there's any reviews online at other sites about them of if any of your friends have ever used them. Also never give out any information that isn't necessary. For instance, never give an online merchant your social security number. It isn't necessary and it's private.
If you'd like some more information I found one great site, Safeshopping.org. You can check there for some other great tips including some privacy tips while shopping online.
So be safe while shopping online. If you have any questions for me that you'd like me to answer later in this week about Apple, Mac, anything, just email me at questions (-at-) macmost.com. Until next time this is Gary Rosenzweig with MacMost Now.