At least online, the world of retail is still intact. Despite financial crisis and consumer strikes more and more people are using their PCs to shop. Whether it's books, music, fashion or electric household appliances, there is hardly anything left that you cannot order online and have delivered to your home.
But along with the undeniable advantages, the mouse click shopping creates negative headlines time and again. Contrary to buying in a shop, the buyer has to rely on the information on the website of the provider. It should be correct, but there is no guarantee. The first security measure should therefore be common sense. For example if the price for an expensive brand item sounds too good to be true, this should raise your suspicions. Therefore you should thoroughly check the website. Are the credits exhaustive, containing the CEO, address and tax number of the provider? Are the terms and conditions stated clearly and easily accessible? If you are unsure, a search for the seller's name on evaluations forums such as Ciao.com will give you the necessary information, whether the company is recommended or not.
But even if the dealer has all suspicions, other dangers can lurk in the background. Cybercriminals are increasingly using the internet for their activities. There is a lot of money at stake. In the United States alone computer users have suffered damages of close to $8.5 billion dollars over a period of two years. The attackers are using more and more refined programmes that work automatically and in a number of different ways. The best known method is the transmission of malware by e-mail. If the computer is not protected by updated antivirus software, the programme installs itself with a click in the background and spies on passwords, credit card details or TAN numbers. Such programmes are called Trojan horses or Trojans, because they have a harmless façade but does damage in a hidden way. Once a Trojan is on your machine, it is quite tedious to get rid of it. Most malware avails of a host of tricks in order to protect itself from detection. You will not notice your unwelcome guest. On the contrary, Trojans avoid anything that could point your attention to them. Some of these programmes even block attacks from other programmes.
Very often Trojans are used to re-direct you computer to other websites. You believe that you are on your usual online shopping site, but in reality you are on the fake page of a cybercriminal. These phishing attacks can be so professional that even experienced computer users do not recognise them. If you are entering your access data on the fake internet page (where you have possibly stored your bank details) an error message asking you to be patient due to a technical problem appears. But in the meantime your username and password have been sent to the attacker, who will store it for later use.
Protection by ‘watchdog’
Protection from these cybercrime attacks targeting your digital identity and your money can be achieved with the help of security softwares. These programmes have gone through a significant evolution over the last few years. Nowadays most malware avails of a host of tricks in order to camouflage and hide itself. The security programmes had to adapt to these circumstances. The list of signatures still exists, but nowadays the “guardians” are identifying the malware already by its suspicious behaviour. This is called ‘behaviour monitoring’ by security software producers. Security programmes also monitor web browsers and recognise if you are re-directed to a phishing website. With all these functions the ‘cyber watchdogs’ are protecting you from attacks on the internet and provide you with a carefree ‘digital way of life’.
All these dangers call for your active collaboration. The payment process is the critical moment in the online shopping procedure. Many people feel a little uneasy when using the digital check-out. On the internet you can either pay by credit card or debit transfer. Providing account details or a card number always means taking a certain risk. Therefore the shop operator should offer an encrypted connection for the transaction. Many sellers are pointing this out at their virtual check-outs, but you can also recognise an encryption by the small lock symbol or the changed colour of the address in the web browser. Encryptions tend to be very secure and cannot be cracked without considerable effort and investment. These sites are indeed not representing a threat.
Your name and address please
A more precarious situation arises if the provider is not serious about the protection of your privacy. As demonstrated by the privacy protection scandals over the last months, personal data are is in demand in the market and are illegally sold for a lot of money. Many websites, especially from foreign providers, ask for pages full of information before you even get to see a single product. Being asked for your personal data, even though you do not want to buy anything, should always raise suspicions. Check the website carefully, whether somewhere in the small print or off the currently visible screen, there is a direct debit or sales agreement that they are trying to make you agree to. An even better protection is provided by the golden rules of BITKOM. Experts recommend to take a screen shot of every step of the online sale or to make printouts at all steps. This might seem like an extreme measure, but in the case of a later dispute you can avail of valid evidence.
The writer is Alex Gostev, Director of Global Research & Analysis Team - KASPERSKY LAB, World Leaders in Internet Security Solutions.