SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 208: Safe Shopping Online in 2020

Posted on November 19, 2020

The holiday season is here again…but this year, of course, is a little bit different. With more of us shopping from home than ever before, we’ll show you the safest ways to buy gifts online. On this Checklist, we cover:

Safe shopping: a Checklist checklist

Checklist listeners may be familiar with some of the following tips, but it’s always a good idea to review best practices every so often—and especially around this time of year, when scams and cyberattacks are at their peak. Here are 5 things you need to be doing to make sure you’re safe when you shop online this season:

  1. 1

    Use secure connections

    You don’t want to be sending unencrypted data over the web while you’re shopping, and you definitely don’t want to be conducting financial transactions over an insecure public network. That’s why you’ll want to make sure that the connections you use to do your shopping are as secure as possible.

    For individual websites, look for the lock icon in the web browser bar, which means that the website is using the more secure HTTPS data transfer protocol. In addition, if you’re using a public Wi-Fi network, bear in mind that it might not be secure. As a rule, you should avoid conducting any important business or transmitting financial details over public Wi-Fi if possible. If you absolutely have to use a public network, then use a VPN to make sure your connection is both private and secure (if you haven’t used a VPN before, check out our complete guide to VPNs for Mac users for more information).

  2. 2

    Pay it safe

    The holidays are prime time for financial fraud, so pay attention to how you pay!

    Only shop on websites that offer secure payment options (i.e. credit cards or PayPal) that will allow you to dispute a payment if an issue arises. If you have the option, consider using an e-wallet payment service such as Apple Pay for even better security. Additionally, if you aren’t that familiar with the website or company you’re thinking of buying from, take a moment to check if they’ve been verified by a third-party organization like the Better Business Bureau, VeriSign, or DigiCert.

  3. 3

    Follow cybersecurity best practices

    During this time of year, cyberthreats spike considerably, and this year has been worse than usual. In the coming weeks, it’s more important than ever to do all of those little things that we hope you’ve been doing all year long!

    Since you’re going to be online more than usual, start by taking the time to run all available software updates, so that your system doesn’t have unpatched (and potentially exploitable) vulnerabilities. In addition, be on the lookout for malicious emails, and take a moment to review some basic tips for how to spot a phishing email. Lastly, make sure you’re using an up-to-date malware detection tool for your computer: keyloggers and spyware are hard to spot on your own, and they can turn into serious dangers if they manage to infect your system at a time when you’re typing in credit card numbers and passwords more frequently than usual!

  4. 4

    Do your research

    If you’re buying from an independent seller, try to read reviews from past buyers and do some basic research about them in order to minimize issues that you might face.

    Generally speaking, if you’re buying any service or product online, try to read reviews from active users or from people who have purchased the item themselves, and keep an eye out for any red flags or recurring issues that other customers seem to have experienced.

  5. 5

    Use strong passwords

    Weak or reused passwords put you a data breach away from disaster, because they mean that bad guys can use credentials stolen in one breach to compromise multiple accounts elsewhere.

    At this point, everyone should be using safe passwords on all of their accounts. If this seems daunting, then use a password manager to make it easy — and remember that the new Safari now has secure password generation, password management, and data breach monitoring capabilities that put it on par with full-featured, standalone password manager apps. For even more secure logins, consider turning on two-factor authentication for important (or better yet, all) accounts.

Shopping extension safety

Web browser shopping extensions like Honey are all the rage — and why wouldn’t they be? They can help you comparison shop across websites, get the best deals on large marketplace platforms like Amazon, find and apply coupon codes at checkout, and even earn cash back on purchases.

All of this is great — but it’s worth considering how these extensions actually function, and then asking yourself if there are any security and privacy implications that you need to think about (spoiler alert: there are!).

Extensions work by adding functionality to your web browser, but to do this, they usually need to have some special permissions. For example, some extensions might need to be able to see your location, others your web activity or search history, and so on. In addition, to provide an interactive experience, browser extensions will often require the ability to make changes on web pages you’re visiting: altering the content that gets displayed on the page, or adding helpful new content to the page you’re currently on.

As you can probably see, that’s a lot of power to give to any piece of software on your system — and as such, it carries some degree of risk. To begin with, there are browser extension privacy issues to consider when an extension can see your web activity and history. But there are also security issues to be aware of if extensions can alter the web pages you visit: lots of macOS adware, for example, works by injecting unwanted ads and bogus search results into web pages, and these can range from the merely annoying to the genuinely harmful. Unfortunately, there’s nothing stopping a bad actor from calling a malicious extension “XYZ Shopping Buddy” and then causing all sorts of problems for users.

So if you are thinking about installing a shopping extension, how can you make sure that the one you’re about to add to your browser is actually legitimate, and not malicious? Here are a few general guidelines:

  1. 1

    Do your homework

    There are lots of reputable, well-established shopping toolbars and extensions out there. So if you’re considering a particular extension, look it up first! You should be able to find customer reviews online, including negative reports that would warn you of a potential danger. If you can’t find anything written about an extension, good or bad, it’s probably best to avoid it (it might sound harsh, but sometimes it’s best to let somebody else be the guinea pig!).

  2. 2

    Read the privacy policy

    Yeah, we know. These can be somewhat boring. But they’re important, because they spell out exactly how the developers are planning to collect and use your data, and let you know if they’re going to be sharing it with third parties. If you’re not happy with what you see there — or if you just find the privacy policy confusing or vague — it’s time to look for another extension.

  3. 3

    Shut it off

    If you do install an extension, remember there’s no rule that says you have to leave it on all the time! In Safari, for example, you can manually shut off an extension when you’re not using it (i.e. without actually uninstalling it) by going to the Safari menu > Preferences > Extensions. From there, just uncheck the box next to the extension you want to disable, and it won’t be active on your system until you switch it back on. When you’re ready for another shopping session, you can simply go back to this menu and turn the extension on by checking the box again./p>

  4. 4

    Watch for trouble

    Finally, if you’ve installed a new shopping extension, keep an eye out for any signs that it may be adware in disguise. If you install an extension and you suddenly start to notice weird redirects, ads popping up in random web pages that you visit, or a proliferation of low-quality (read: spammy) search results, then it’s time to remove that extension! If this happens, you should also run a systemwide malware scan just to be on the safe side: malicious toolbars and adware are often intentionally difficult to uninstall, but a good malware detection and removal tool can help you completely eliminate an infection.

That takes us to the end of this week’s Checklist. We’d love to hear from you if you have a security question or an idea for a future show, so be sure to drop us a line while you’re waiting for the next episode to air!

Join our mailing list for the latest security news and deals