Internet User’s Guide to Safe Online Purchases

Internet User’s Guide to Safe Online Purchases

Learning Outcomes:

1. Keeping your money safe.
2. Protecting your credit.
3. Identify email Phishing scams.
4. Keeping your PC/Mac safe.
5. Importance of security.

You must choose, but choose wisely!

Before you begin to do online purchases, you should select a computer that you will primarily do your banking/purchases from. If you are not sure how, ask a friend or computer professional to help you scan your selected machine for viruses and other forms of malicious software. Once done, keep this software up to date at all times and perform periodic full scans.

Do not assume that just because you are using a Mac that you can skip this step! Alternatively, you could use an iPad as long as it is not “jail-broken”. Windows tablets still require antivirus and malware scanning.

Never use a foreign computer to do any commercial transactions. You do not know if that machine has been compromised. Spyware could be installed and you should assume it is. Spyware can harvest usernames/passwords and send them to unsavory people for their unscrupulous use.

Never allow your browsers to save passwords. Other forms of malicious software can scan you machine to look for the saved username/password values.

Finally, use strong passwords. Experts say that they should contain digits and special characters (see the XKCD link at the end). But, the longer the better!

Whose money is it?

Never shop online with a DEBIT card! This is your money drawn directly from your checking (or savings) account. When (not if) the card is compromised, your balance will be adversely affected. This means you will need to file paperwork, identify good versus fraudulent transactions, setup special circumstances if you have automatic withdrawals from your checking account (like a mortgage), etc. It quickly becomes a nightmare try and stop checks from bouncing.

Always use one credit card to shop online. This card should have a low credit limit, say $2000. You still want to be able to make a big purchase from time to time. It should also NOT be a debit card. When this card is compromised, you call the credit agency and you’re done. It’s their problem – not yours. They will simply issue a new card.

Another alternative is PayPal in which you can set up a credit card with them. Although you can use a checking account, and one may be needed to establish credit with PayPal, go the PayPal credit card route – it’s safer and easier for everyone.

Catch of the day!

Email phishing scams have become much more clever since the days of receiving an email from someone in Somalia offering to give you $1,000,000. They prey on you by using information they can glean from the Internet – a form of social engineering. If they know you are a member of SEFCU, they may craft an email that looks like it came from SEFCU containing links to lure you to a fraudulent site to enter your username/password.

If you suspect the email is fraudulent, especially if you do not remember the payment they are claiming was made or denied, simply delete it. No reputable financial institution or government agency will ever ask you to provide username, password or account information in an email.

Still, if you think that your account has been compromised, contact your institution and explain the situation. At the very least, they can put a watch on your account.

Trust no one!

Well, mostly. By scanning your computer regularly, assuming all email is suspect and using a specific credit card not tied to any real funds like checking or savings, you should feel pretty secure. But, it is still not a guarantee.

Use only valid web links for reputable merchants like Amazon. Make sure you see the lock symbol when connecting to their web sites. This signifies that the transaction is being encrypted. Do not just assume the connection is secure. Never send any information without the lock!

Even with all of this planning, it is easy to become complacent. Use different passwords for different accounts. Never use the same password for everything – especially if you are always using the same username. If they can get just one, they've got them all!

Change your passwords regularly. At least every six months. With all of this in place, you should have good peace of mind.

Links to additional resources

http://www.foxnews.com/tech/2010/11/29/tips-safe-online-shopping-cyber-monday/

https://xkcd.com/936/

An interview with my son...

I intended to use my son for the interview. This was because I wanted the viewpoint of an adolescent who has not had a lot exposure to social media, but has used it on occasion, and has a friend or two that uses it.

My laptop was stolen when I began this project. As a result, I chose to use the event as a teaching moment during the interview. We homeschool and this year we tried a period of time where my son went to public school. He decided that it was not moving at the same pace as home and did not like the approach of such brief intervals on each subject, so he is back homeschooling full time.

This was also a part of the discussion. An excerpt of our interview is below.

Me: What kind of technology do you like to use?

Son: Apple and Nintendo.When I used Windows in school, I was as lost as if i was in Russia.

Me: If you had to use Windows for homework?

Son: I feel like I’d spend a month just figuring out the basic controls.

Me: Was this because we only have Mac and iPads or because the Apple interface was more intuitive?

Son: Mac was easier because first one used and because of little exposure to windows.

Me: Do you understand the purpose of social media?

Son: Familiar with Facebook, YouTube, Twitter, etc.

Me: Why so you think people use it?

Son: To keep in touch and talk with friends over long distances. Some people are careless. I’d say 50/50 on the carelessness.

Me: Do you know I use very little social media? Why?

Son: Yes. Not enough time.

Me: Yes, but my job also requires me to be involved in security. Privacy is a big issue and people put themselves out there in peculiar ways.

Me: Why do your parents not let you use social media beyond YouTube and such?

Son: Don’t want me to be careless or do something that could affect me later. Mostly due to privacy.

Me: If you could, how would you participate in social media? Explain.

Son: Not really interested. There are few friends that are on it and therefore it would be pointless. Maybe grandparents.

Me: You know my laptop was stolen.

Son: Yes.

Me: What do you think went through my mind?

Son: Private records, passcodes, credit cards and stuff.

Me: No. Because I don’t keep that on my laptop.

Son: Wow, that’s a good thing!

Me: I changed all of my passwords anyway because you can never be too careful. I just though wow, that sucked. That’s the machine I keep my homework on and I have work due! And I just edited two chapters of my book that I had not yet backed up. I lost some personal pictures. But, I wasn’t worried because the laptop was encrypted.

Son: So they can’t get your data?

Me: Nope. Not without the key or my password.

Son: Cool.

Me: What do you like most about technology?

Son: Sometimes makes things easier and faster. Makes learning and entertainment much more fun.

In the end I think he enjoys technology and understands what social media is used for. Like me, he doesn’t seem too eager to be an overly active participant. You could certainly say that we are not prosumers in the Jenkins sense of the term. We consume much more than we produce. Perhaps that will change in the not too distant future.

In the meantime, I am grateful that our children will understand the use of social media before being thrust into that world. I am also grateful that my wife is even more about privacy and safety concerns than I am.

We make a great team. We may be restrictive, but at least my son knows why and he really understands the issues.

As for the literacies and things like critical thinking, he knows that this restricted environment has a way of making him do some research before relying on the Interwebs for the answers. He is very much a book person, but likes that he can get missing pieces from the Interwebs.