The latest applications enable us to make numerous transactions online, including purchasing music, movies, and other digital content; purchasing physical goods; bidding for products; and playing games with other gaming aficionados. But making these transactions online doesn’t mean putting yourself at risk. Value your privacy and personal information. By understanding how to conduct online transactions securely, you can avoid many of the security threats associated with these online venues.
You don’t have to be an expert to know the difference between good and bad websites. Using free tools such as McAfee SiteAdvisor, you can return web search results that convey the “reputation” of the website, so that you know which sites to use and which to avoid. By simply highlighting a website with a red, yellow, or green rating, McAfee SiteAdvisor can help you confidently choose only those websites marked with “green,” and proceed cautiously to those flagged as “yellow.”
Why Do Criminals Prey on Web Search Results? Online criminals can download malicious software (malware) to your device without your knowledge by enticing you to follow a particular link to a website. These criminals go so far as to select newsworthy topics in your local language and set up websites meant to lure you to click. They also monitor trends for the most popular search topics, such as names of movie stars or free screensavers, which tempt you to their websites. Tweets and other communications with short URLs or embedded links work the same way by luring you to these malicious websites. When you download this malicious software, you may see pop-up ads to entice you to purchase fake anti-virus software, enabling the cybercriminals to make significant proceeds, or you might end up installing software that takes control of your computer, forcing it to perpetrate attacks against companies or governments, or send spam. Read more about risky websites in McAfee’s report, Mapping the Mal Web.
Financial Transactions (Banking, Retail, Auctions, and Online Payments)
Banking, conducting stock trades, or executing other financial transactions online — whether from your mobile device, laptop, or home PC — can be very convenient, but there are risks. Criminals can get access to your financial accounts or open new accounts to defraud you by stealing your identity. Online criminals may also send you a very legitimate-looking email, purportedly from a financial service provider. These “phishing” emails tell you that you must reset a password, update account information, or take another action, all to entice you to click a link that directs to a malicious website rather than the legitimate website operated by your financial service provider. In addition, criminals can steal information in the physical world, including checkbooks, financial statements, and other personal information to attempt to defraud you in the online world. They can attempt to guess your password on the financial service’s website and can be successful if you have a weak or easily guessed password. Accessing public wireless hotspots in cafes or other locations, or using public kiosks to conduct financial transactions, also creates risk as many criminals can find account information if it’s not appropriately protected. If you see any fraudulent activity on your accounts, report it to your financial service provider or retailer immediately.
Mobile Apps for Banking and Other Financial Transactions
While it’s enormously convenient to use your smartphone to conduct these transactions, be aware that many new mobile apps have not passed through the same security scrutiny that financial websites have undergone, simply due to the great demand to be fast to market. Don’t be among the first users to try out new apps. Frequently, banks and other companies learn from the security community that their apps have vulnerabilities which reveal account information. Use caution until such apps have been on the market for some time and have been tested for such vulnerabilities. Read more tips on how to safely use mobile devices.
Common Online Retail and Auction Fraud
According to the U.S. Federal Trade Commission, common complaints about online auction sites include:
- Failure to send the merchandise
- Seller sends something of lesser value than advertised
- Failure to deliver in a timely manner
- Failure to disclose all relevant information about a product or terms of the sale
Some buyers experience other problems, including:
- Bid siphoning: Con artists lure bidders off legitimate auction sites by offering to sell the same item at a lower price. They try to trick consumers into sending money without delivering the item. By leaving the legitimate auction site, buyers lose any protections the original site may provide, such as insurance, feedback forms, and guarantees.
- Second-chance offers: Con artists offer losing bidders of a closed auction a second chance to purchase the item that they lost in the auction. Second-chance buyers lose any protections the original site may provide once they go off to another site.
- Shill bidding: Fraudulent sellers or their partners, known as "shills," bid on sellers' items to drive up the price.
- Bid shielding: Fraudulent buyers submit very high bids to discourage other bidders from competing for the same item, then retract their bids so that people they know can get the item at a lower price.
Escrow Service Complaints
Another type of fraud occurs when sellers or buyers pose as escrow services to improperly obtain money or goods. The so-called seller puts goods up for sale on an Internet auction and insists that prospective buyers use a particular escrow service. Once buyers provide the escrow service with their payment information, the escrow service doesn't hold the payment; it is sent directly to the seller. The buyer never receives the promised goods, can't locate the seller, and, because the escrow service was part of the scheme, can't get any money back.
In some cases, a fraudster poses as a buyer and, after placing the highest bid on an item, insists that the seller use a particular escrow service. The escrow service tricks the seller into sending the merchandise and doesn't send the payment or return the goods to the seller.Fake Check Scams Targeting Sellers
As a seller, you can also a be victim of fraud when buyers send fake checks or money orders that are detected by the bank only after the seller has shipped the goods. A buyer might offer to use a cashier's check, personal check, or corporate check to pay for the item you're selling. Sometimes, the buyer sends a fake check or money order that exceeds the cost of the item that has been purchased. The so-called buyer (or the buyer's "agent") states that he made a mistake, or comes up with another reason for writing the check for more than the purchase price. In either case, the buyer asks you to wire back the difference after you deposit the check. You deposit the check, learn that it has cleared, and wire the funds back to the buyer. Later, the bank determines that the check is fraudulent, leaving you liable for the entire amount. The checks were counterfeit, but good enough to fool unsuspecting bank tellers.
The good news is that you can protect yourself from fraud by checking your provider websites for “seals of approval” from trusted vendors and taking these precautions:
- Create strong account passwords and PIN numbers. Avoid using easily attained information such as your dog’s name, your mother’s maiden name, the last four digits of your Social Security number, and other information that could be gleaned from Facebook or other public accounts.
- Avoid writing down passwords.
- Avoid using the same password for all accounts. If one account is compromised, you avoid the rest from being accessed if different passwords are used.
- For safe search, use free tools such as McAfee SiteAdvisor, which indicate a website’s trustworthiness before you click on it.
- Ensure you are going to a legitimate website for your selected vendor. Type in the website address directly — and correctly. Never click on links in an email from a vendor which purports to need you to verify information or reset your password. Criminals often create websites based on commonly mistyped vendor names, in hopes to lure you to the wrong one.
- Never use public computers or kiosks to conduct your financial transactions. If you use public kiosks to do activities such as print boarding passes which require account information, make sure to quit the browser entirely and never check a box to keep you logged in or remember your account number and password after the single session.
- If you use wireless networks in restaurants, coffee shops, libraries, or other public locations, try to use a virtual private network (VPN) so that your transactions and communications will be encrypted.
- Regularly check your bank accounts, stock accounts, and other financial accounts, as well as your credit history, to ensure normal activity. Immediately report any unusual activity directly to your financial services provider or reference our list of cybersecurity contacts.
- Do not respond to any emails that purport to be from online auction sites, payment processors such as PayPal, or online retailers. If you doubt the legitimacy of an email, contact the vendor directly by phone.
- McAfee SECURE trustmark: Look for McAfee SECURE trustmarks on sites and in search results. These sites are tested daily for security vulnerabilities.
- McAfee SECURE shopping: Enjoy a more secure online shopping experience with thousands of McAfee SECURE sites. Each one is tested daily for vulnerabilities to hackers.
Security information for popular online retailers and payment processors:
Other ways to educate yourself about online risks:
- Learn about risky websites in the McAfee report, Mapping the Mal Web
- Play OnGuardOnline’s Auction Action game
- Follow McAfee’s recommended Security Best Practices
- Take the McAfee Safe Shopping Quiz
- Learn the Do’s and Don’ts of Online Shopping
- Watch the Queensland Police Service video to learn more about protecting yourself from ATM skimming
- Read How to Protect Your Children's Privacy and Safety in Cyberspace
- Watch Staying Safe and Secure in a Digital World
- Read Music & Movies: Entertainment Versus Online Risk