Tips for Secure Online Shopping

The internet has revolutionized the way we shop. You can search for items from many different sellers from the comfort of your living room, easily compare pricing between vendors, and purchase products with the click of a mouse. While this has made shopping easier than ever, it leaves you vulnerable to attackers attempting to steal your personal and financial information. Criminals who get a hold of sensitive data can use it for their personal gain, making purchases with your account or selling the information to the highest bidder, while negatively affecting your financial security.

How do criminals target consumers?

There are four methods criminals commonly use to take advantage of online shoppers:

• Target vulnerable computers – Hackers will try to gain access to your computer and all the data contained therein. That's why it's important to take steps to protect your personal computers from viruses or malicious code. This also applies to vendors handling sensitive information; they must protect any customer data stored on their business devices.
• Intercept financial transactions – If transaction information isn't encrypted at the point of sale, criminals may be able to intercept the information as it is being transmitted.
• Sending phishing emails – Scammers don't need to infect your computer with a virus or malware in order to gain access to personal information. Attackers will often send emails that appear to be legitimate in order to convince you to supply them with information.
• Creating fraudulent websites – Hackers have become very good at creating phony websites that look like official webpages in order to trick people into entering in personal information.

How can you protect yourself?

Now that you know the tactics attackers will use to gain access to your information, it's important to keep these tips in mind when shopping online:

• Be skeptical of emails asking for your personal information – You should never assume the legitimacy of any email that asks you to provide account information. Most businesses do not solicit account information or ask for purchase confirmations via email. A good rule of thumb: never provide sensitive information through email. If an email asks you to click a link, you should instead visit the company's website directly.
• Only do business with reputable vendors – Any time you visit a shopping site, you should verify that you're working with a reputable vendor. Always review the site certificate information (paying special attention to the "issued to" information) and take note of phone numbers and physical addresses in case there is a problem with your purchase or your bill.
• Use a credit card – Credit cards usually offer greater fraud protection than debit cards. Also, because they are not tied directly to your bank account, you'll still have access to your money in the event that you need to deactivate your card.
• Make sure your information is encrypted – If a site is using a secure, encrypted connection, the URL will begin with "https" instead of "http" and your address bar will show a locked padlock icon like this 🔒. Some attackers will use a fake padlock icon on the website itself; you want to make sure the icon appears in your browser's address bar.
• Check your shopping app's settings – Be careful when using an app to shop. There is no legal limit on your liability for funds stored on a shopping app or gift card.
• Check your statements – Keep a record of any purchases you make online and compare them with your regular financial statements. Any discrepancies should immediately be reported to your financial institution.
• Read the vendor's privacy policy – You should always be aware of how your sensitive data is being used before you provide a seller with any personal or financial information.

One of the descriptors most commonly attributed to millennials is "tech-savvy." Coming of age in the late 90's and early 00's, during the Information Age and the rise of social media, we think of millennials as "plugged in" and exceptionally cognizant of how to navigate the internet. Consequently, one would assume millennials are skilled at avoiding the pitfalls of an increasingly connected world.

However, millennials are just as vulnerable to scams as previous generations. In fact, millennials are twice as likely as people 40 or older to report losing money while shopping online and 77% more likely to report losing money to an email scam. Even more worrying, Generation Y is 93% more likely than people age 40 or older to fall victim to fake check scams. According to the FTC, millennials reported losing nearly $450 million to fraud since 2017, with $71 million the result of online shopping scams alone.

The basics of these fraud schemes are familiar, but utilize new technology in ways that make them more difficult to recognize. Here are some schemes that scammers are using and how you can avoid becoming a victim:

Fake Employment Offers

Finding a job can be stressful and many millennials are willing to look past some red flags if it means landing a well-paying job. Here's how it works: the scammer will offer a position to their target, often with great pay, then send them a fake cashier's check to purchase equipment needed for the job. The best way to avoid these types of scams: if you're sent a large check from someone you don't know well, always check with the financial institution on any check you cash to make sure the check is real.

Device Activation Scams

Millennials are the generation of smart phones, iPads, and Alexa. Scammers know this, which is why one of the most common scams involves sending an email alerting the consumer of an activation fee for their new device. The scammer includes a fake customer support number or creates a fake website that looks like the actual product website, where the consumer is asked to provide credit card and device information to pay the activation fee. Not only does this give the scammer access to your device, it will also give them access to your identity.

The best way to avoid this: most devices don't require an activation fee! Device activation is usually handled at the point of sale, rather than in a follow-up email. If you're still unsure (or if you receive a suspicious email asking you to call a customer support number or visit a website to enter personal information in general), you should visit the manufacturer's website directly instead of clicking any links or calling numbers in suspicious emails.

Social Media Scams

It is true that millennials are much better at avoiding scams that involve phone and email. However, when the same scams are attempted through social media, 53% of consumers report having lost money to fraud. Because we share so much on social media, scammers are better able to find vulnerable consumers, such as those who are lonely or recently experienced a loss, or younger adults feeling financial pressure. Always be skeptical of offers made through social media, doubly so if you don't know the person contacting you.

Social media can actually help you avoid these scams; if you suspect a scam, search social media to see if others have encountered something similar. People often post warnings about scams after they've become victims. While the internet has provided scammers increased access to consumers, it has also given consumers access to knowledge to fight back against fraud.

In recognition of National Cybersecurity Month in October, New Tripoli Bank is reminding consumers of simple steps they can take to safeguard their sensitive data when making purchases online or via a smart device and what to do if they suspect their information has been compromised.

Educating customers about account security and cyber threats is something we all must be conscious about if we want to reduce the risk of sensitive information being exploited for criminal use. New Tripoli Bank takes great care in handling our customers’ sensitive information and we want to equip you with practical steps you can take to help strengthen our nation’s cybersecurity ecosystem and avoid falling prey to identity theft and fraud this holiday season.

There are steps consumers can take to reduce their chances of becoming a victim of identity theft or fraud. New Tripoli Bank encourages consumers to:

• Enable the strongest authentication tools offered by their bank. New Tripoli Bank asks that our customers set up security questions and provide nick names for their bank accounts to help protect their information when using our online banking tool. You can also set up the mobile banking app to quickly display account balances without having to log in and risk someone seeing your information.
• Use complex passwords and differentiate them across multiple platforms. For example, customers should use one password for their online bank account and another for their email account. Another strong security practice is to answer your security questions with fake answers that only you know, so someone with knowledge of your personal history can't use that information against you.
• Do a system check. Purge unused apps and outdated or sensitive information stored in old files and emails and ensure all software on internet-connected devices is current.

Consumers can also make sure their account has not been compromised by taking the following steps:

• Check bank statements regularly to ensure the purchases are legitimate.
• Read the fine print when purchasing items online. Often a website or application will ask for permission to save account information.
• Stay vigilant. Be mindful when shopping online and look for signs of illegitimate websites. Spelling or grammatical errors, missing contact information, and suspicious URLs or email addresses are all red flags.

If you are worried about the security of your account, you can de-activate access to your debit or ATM cards through our online banking tool or mobile banking app.

Learn more about how to protect your digital life during National Cybersecurity Awareness Month by visiting the Stay Safe Online website.