The focus on gift giving this time of year, together with the increasing ease of online shopping, means that many workers may find themselves using their work computers or devices to shop online, either to purchase gifts for their departments or for their friends and family. Unfortunately, in the search for low prices and expedited shipping times, many people forget to think about security. What can organizations do to ensure that their workers—and their data—are protected? We’ve prepared a list of reminders that will help organizations and their employees stay secure this holiday season.
Using Chat Boxes
Chat boxes—both automated (aka chatbots) and live—have begun popping up on almost every website as shoppers increasingly expect “always on” customer service and websites strive to provide a seamless, personalized experience. Chats allow shoppers to ask a question about an item and are often easier than placing a phone call. Unfortunately, many customers assume that a website’s security extends to the site’s chat function, but this may not be the case.
The danger can come from a few different directions. A website’s poor coding could leave it open to hackers. In other cases, the website may be relying on an external vendor to manage the chat. If the third-party vendor doesn’t secure the chat box, it’s vulnerable. In extreme cases, the chat vendor itself is the bad actor.
Where could these vulnerabilities lead? An unsecure chat box could allow hackers to eavesdrop, steal passwords or credit card numbers, or convince a customer to install a malicious program. An evil bot could even control the whole website.
How can chatbots be used securely?
- Confirm that the website is real. Users should confirm that the website is legitimate before using a chat box or purchasing items. Criminals can create a look-alike website that uses a malicious chat box.
- Be wary of typing personal information into a chat box. Personal information such as names, addresses, and credit card numbers could be stolen if the chat box is not secure. Before entering this information, users should take a moment to determine if the site is secure or if the information instead should be shared through a phone call or other means.
- Inform the website if there are reasons to suspect that the chat box is malicious. If interactions with the chat box seem suspicious—for example, if the chatbot asks for unnecessary personal information—the user should report this to the website and to their bank, and monitor their credit card for suspicious activity.
Making a Purchase
As online shopping has increased, so have scams, risks, and schemes as cyber criminals take advantage of consumers. For example, Amazon has already initiated takedowns of more than 20,000 phishing websites and 10,000 phone numbers associated with impersonation schemes this year.
How can online items be ordered securely?
- Use familiar, trusted sites and apps for purchases. Before purchasing from a new shopping site or app, research it first to confirm its legitimacy.
- Be wary of deals that are “too good to be true” or have a short time limit. Criminals advertise major discounts to draw victims to their site.
- Use a credit card for online purchases. Remember that secure and well-known payment services, such as PayPal, limit users’ financial exposure if a site or app is fraudulent.
- Only shop on sites that have “https” in the URL. This ensures that information is encrypted and offers a higher level of protection.
- Don’t click on links in emails from unknown senders or on adverts from unfamiliar sites. Even adverts in social media could have a virus. Just one click could download a virus or malware.
To report a scam, notify the FTC at ReportFraud.ftc.gov or the FBI at the Internet Crime Complaint Center.