How To Protect Your Online Shopping From Holiday Hackers
A recent data leak at Amazon that exposed an untold number of users’ personal data to potential hackers should serve as a warning sign to protect your online accounts. Here’s how.
One of the most vulnerable points of attack any decent hacker will exploit can literally give them a skeleton key to any and all of your online accounts, including access to shopping and eCommerce accounts, as well as your personal information. That weak point? Your primary email account.
If you’re like most people, you might have a few emails accounts, but you use one more than the rest - which means you’ve probably used the same email address to register with most, if not all, of the websites you use. For example, your Amazon account probably ties back to it, along with sites like Paypal, eBay, and your bank. Add in other retailers that do business online (which is pretty much all of them these days), and that one email address is likely tied to nearly everything you do online.
So why does that matter? Because if a hacker manages to gain access to that email account, they can use it to access all of your other online accounts by simply going to them and clicking the Forgot Password link. The site will then send a password reset link to your email address, which the hacker can then click to reset and change your password, effectively locking you out and hijacking your account. And they can do that for every single site where you’ve registered with that email address.
Imagine this scenario: first, a hacker gets into your email account. Not only can they search through all of your private email and find out about that thing you did back in college, they can also use it to hijack your wireless account and shut off or suspend your phone so you won't receive any alerts about the rest of the stuff they're about to get up to. Then, once they've got themselves as hidden as they can, they start going through a list, checking off all the big names: they take your Amazon account, your bank account, your PayPal account, your Target and Best Buy and Walmart accounts. They keep going until something stops them, and the longer they can poke around before you notice, the more damage they can do.
There are ways to help make sure that doesn’t happen, though. The first thing you should do is make sure your email account has a very strong password and that you’re not using that password anywhere else online. Then, make sure two-factor authentication is on. Yeah, it’s a bit of a pain to have to wait on a text message with the code you need to access your account whenever you log in, but it’s one of the best things you can do to protect yourself online.
In fact, you should have a different password for every site and service you use, and you should have two-factor authentication enabled for each and every site that offers it.
You might think your password is secure, but it isn’t. Especially not if you’re using the same one all across the internet. All it takes is for one site to get hacked, and your login information could be exposed. If you’re using the same password anywhere else (like, say, your primary email address), then that site’s data breach just handed hackers the keys to all of your other online accounts.
It’s important to note here that, no matter how much you guard your password or how careful you are online, it doesn’t mean much if Online Retailer X gets their database hacked. The breach is on them, not you - but you’re the one that gets hurt, not them.
Unfortunately, there are no laws that require sites to divulge data breaches to their users. Even major big-box retailers don’t have to tell you when their data center exposed your credit or debit card information. They often do, but they don’t have to, which means your info could already be out there right now and you’ll never know until it’s too late and someone’s already ordered seventeen boxes of Pampers to a trailer park in Ohio.
It’s not just the sites you use that put you at risk, either. Public Wi-Fi networks are a security nightmare, and you really shouldn’t use them. Why? Because most of them are unencrypted, offering hackers a virtually limitless buffet of your data.
First, there are Man-in-the-Middle attacks, where that weird guy a few tables over from you at the coffee shop is effectively eavesdropping on the conversation between your device and the store’s Wi-Fi router. And, since most public Wi-Fi networks are unencrypted, they can easily see everything you’re doing online, from what sites you’re going to and what you’re typing in to access them. They can also exploit any number of software vulnerabilities to install malware directly onto your device that they can then use to snoop through your device, looking for sensitive information like your login credentials.
You can limit your exposure by making sure you only enter information into secure websites (they’ll have an https:// in the address instead of just http://), which encrypt the data transferred between your computer and the site you’re using - but even then, it’s best to just not log in to any site that could reveal sensitive information to hackers. (Again, using the same password across multiple sites is a really bad idea.)
Using a secure virtual private network (VPN) is the safest way to access public Wi-Fi, but open hotspots are generally best avoided altogether. If you absolutely must use them, then either use a VPN or at least only go to secure sites.
Too Long; Didn’t Read:
- Your email address is a skeleton key to all of your online accounts: PROTECT IT. Keep it secure with a very strong, unique password that you change regularly and don’t use anywhere else.
- Never use the same password on more than one site
- Use two-factor authentication whenever and wherever you can
- Avoid public Wi-Fi if at all possible
- Only shop at secure sites (https://)
- Get off the internet and shop local, save local