Internet
User’s Guide to Safe Online Purchases
Learning
Outcomes:
-
Keeping your money safe.
-
Protecting your credit.
-
Identify email Phishing scams.
-
Keeping your PC/Mac safe.
-
Importance of security.
You
must choose, but choose wisely!
Before
you begin to do online purchases, you should select a computer that
you will primarily do your banking/purchases from. If you are not
sure how, ask a friend or
computer professional to
help you scan your selected machine for viruses and other forms of
malicious software. Once done, keep this software up to date at all
times and perform periodic full scans.
Do
not assume that just because you are using a Mac that you can skip
this step! Alternatively, you could use an iPad as long as it is not
“jail-broken”. Windows
tablets still require antivirus and malware scanning.
Never
use a foreign computer to do any commercial transactions. You do not
know if that machine has been compromised. Spyware could be installed
and
you should assume it is.
Spyware can harvest usernames/passwords and send them to unsavory
people for their unscrupulous use.
Never
allow your browsers to save passwords. Other forms of malicious
software can scan you machine to look for the saved username/password
values.
Finally,
use strong passwords. Experts say that they should contain digits and
special characters (see the XKCD link at the end). But, the longer
the better!
Whose
money is it?
Never
shop online with a DEBIT card! This is your money drawn directly from
your checking (or
savings)
account. When (not if) the card is compromised, your balance will be
adversely affected. This means you will need to file paperwork,
identify good versus fraudulent transactions, setup special
circumstances if you have automatic withdrawals from your checking
account (like a mortgage), etc. It
quickly becomes a nightmare try and stop checks from bouncing.
Always
use one credit
card
to shop online. This card should have a low credit limit, say $2000.
You
still want to be able to make a big purchase from time to time.
It
should also
NOT
be a debit card. When this card is compromised, you call the credit
agency and you’re done. It’s their problem
– not
yours. They
will simply issue a new card.
Another
alternative is PayPal in which you can set up a credit card with
them. Although you can use a checking account, and one may be needed
to establish credit with PayPal, go the PayPal credit card route
– it’s
safer and
easier for
everyone.
Catch
of the day!
Email phishing
scams have become much more clever since the days of receiving
an email from someone
in Somalia offering to give you $1,000,000. They prey on you by using
information they can glean from the Internet
– a
form of social engineering. If they know you are a member of SEFCU,
they may craft an email that looks like it came from SEFCU containing
links to lure you to a fraudulent site to enter your
username/password.
If
you suspect the email is fraudulent, especially if you do not
remember the payment they are claiming was made or denied, simply
delete it. No reputable financial institution or government agency
will ever ask you to provide username, password or account
information in an email.
Still,
if you think that your account has been compromised, contact your
institution and explain the situation. At the very least, they can
put a watch on your account.
Trust
no one!
Well,
mostly.
By scanning your computer regularly, assuming all email is suspect
and using a specific credit card not tied to any real funds like
checking or savings, you should feel pretty secure. But, it is still
not a guarantee.
Use
only valid web links for reputable merchants like Amazon. Make
sure you see the lock symbol when connecting to their
web sites. This signifies that the transaction is being encrypted. Do
not just assume the connection is secure. Never
send any information without the lock!
Even
with all of this planning,
it is easy to become complacent. Use different passwords for
different accounts. Never use the same password for everything
– especially
if you are always using the same username. If they can get just one,
they've got them all!
Change
your passwords regularly. At least every six months. With all of this
in place, you should have good peace of mind.
Links
to additional resources
Hi! a very practical topic, that had me scurrying back to various websites to find out if I had saved my password on the browser. And yes, when you clear your cache you have to tick the box for password or it gets left 'uncleared'. Anyway, you give lots of good advice, most of which I already follow, but some of which is new. So thanks for the tips which in the end are appropriate for all Internet users. M
ReplyDeleteTo Bill:
ReplyDeleteThanks for all this free advice. I have not had a problem yet, but I know it is a never-ending nightmare once your accounts are hit. I pray that I never have these types of problems. I have heard some horror stories that go on and on and on...time-wise when someone hacks your account(s). For the grace of God...
Robert