Story image

Last-minute online Xmas shopping poses security risks

29 Nov 2016

Consumers are being warned of security risks in the rush to buy Christmas gifts online, with security firm Centrify releasing some worrying data from their latest survey.

The recent Centrify 2016 Online Shopping Survey reveals that one in eight respondents would accept discounts and special offers from retailers in exchange for their passwords. Centrify says this highlights the risks consumers are willing to take in order to save money online.

“Disturbingly, the Australian Payments Clearing Association has reported that Card Not Present fraud – typically where credit cards are used for online purchases – jumped by 21% last year,” Centrify says in a statement.

Niall King, Centrify senior director APAC Sales, says the recent Centrify Online Shopping survey showed many consumers still make basic security mistakes.

“Nearly 14% admitted they share passwords with friends and family so they can login to their accounts,” he says.

“Other problems with password hygiene include more than 50% reporting they save passwords to the retailer’s websites so as not to forget them. More than half also admitted they sometimes reuse the same password for different retailers’ websites,” King explains.

“A very disturbing finding is that one in eight respondents said they would accept discounts and special offers from retailers in exchange for their passwords, highlighting the risks consumers are willing to take in order to save money online,” he adds.

King says discerning shoppers needed to put their online safety first rather trying to save a few dollars from their Christmas shopping list.

“Ignoring online security risks gives cyber-crooks the best Christmas gift they could ask for – your identity details and money,” he says.

With the Christmas shopping season for 2016 well under way, Centrify has issued 10 tips for online shopping safety to help consumers recognise security risks and ensure they shop online in safety:

1. Resist temptation: Deals that look too good to be true often are, so treat them skeptically 2. Secure your mobile phone with a password and encryption if you plan to use it for shopping 3. Always buy from reputable retailers and enter web addresses carefully. A misspelled domain name or non-‘https’ site could lead you to a false site designed to steal your details 4. Suspect links in unsolicited emails: Always type hyperlinks directly into your browser rather than clicking on them within the email. Hovering your cursor over a hyperlink should identify if it’s dodgy by showing if the embedded link differs from its displayed text 5. Reject requests by online retailers for extra personal information, such as a password for your email or bank account as part of the shopping process 6. Use unique, complex passwords (or passphrases) for each site. Using the same password for multiple sites is a gift to the hacker who steals your password for one account and can get into the rest – with devastating consequences where sites store your personal and credit card details 7. Keep your passwords private: Passwords lose their power if you share them, so never give out your passwords online, on the phone or even to friends or family! 8. Do not store passwords. Many browsers, programs or web applications offer to store your password for convenience. This is a bad idea, especially for passwords associated with personal or financial accounts or if you use public or shared computers 9. Enable multi-factor authentication where possible. This involves combining two or more different ‘factors’ for extra security when logging in: Something you know (e.g. password); something you have (e.g. an ATM card or smart card); or something you are (e.g. a fingerprint or retina scan). 10. Review each site’s privacy policy to learn how and where your personal information is being used. Treat a missing or buried privacy policy as a red flag against using that site.

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.
Partnership brings AI maths tutor to NZ schools
“AMY can understand why students make a mistake, and then teach them what they need straight away so they don't get stuck."
Polycom & Plantronics rebrand to Poly, a new UC powerhouse
The name change comes after last year’s Plantronics acquisition of Polycom, a deal that was worth US $2 billion.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.