Be wary of online shopping scams, security group warns

Holiday shoppers searching online should keep an eye on suspicious e-mails and websites to avoid spammers and hackers who would rather receive than give, security experts warn.

According to Deloitte's Security & Privacy Services Group, the holiday season is one of the busiest times of the year for internet scam artists trying to lure shoppers to disclose passwords, credit card and bank numbers, or other personal identification.

Canadians spent $7.9 billion in goods and services online in 2005, with three quarters of the online shoppers using the internet to pay for the products, according to a Statistics Canada study released in October.

Despite the growth of online shopping, four out of five Canadians said they still had concerns about paying for goods over the internet.

Deloitte's security and privacy professionals offer a few tips to avoid sending gifts to people not on your shopping list:

• Make sure the firewall, anti-virus and anti-spyware software on your computer is up to date and that your web browser has all the latest security upgrades.
• When using a wireless network, make sure the wireless access point has security and controls built in like Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA).
• Never click on website links that have been sent to you via e-mail. Scam artists use this technique, known as phishing, to lure customers to bogus, look-alike sites to collect personal information for use in identity theft and credit card fraud. Never respond to e-mails from shopping or financial websites claiming your login credentials need updating or an account needs payment.
• Avoid clicking on links in pop-up ads as well. Some of these are traps allowing hackers to install harmful files on your computer.
• Make sure the site you are using for online shopping is secure. A lock icon on the browser's status bar or a URL for a website that begins https (the "s" stands for secure) are indicators the site might be safe, though no indicator is foolproof.
• Don't use internet kiosks and internet cafes to pay bills or shop online. The computers may contain malicious code such as keystroke loggers to record your user name and password, allowing someone to access other personal information.
• Avoid using the "Remember password and username" option. A tool of convenience for many users, it also allows others with access to your computer to gain access to your account and personal information. Always log out when finished with a password-required site.

And as with shopping in person, online shoppers should also pay attention to their credit card statements to make sure all of the charges on the bill match expenditures.