Shop Online Without Falling Prey to Evil Elves

First off, on behalf of the whole team at FRSecure, I want to wish you a Merry Christmas, happy holidays and a blessed new year.  But before you get too caught up in the joy and fervor of online shopping, take a few minutes to get your mental and technological defenses sharpened up.  Because when you open your browser and head to, you want to make sure it’s you who is going to max out your credit cards, and not the bad guys.

Get your shields up

Check last month’s article about patching all your things to ensure that your operating system, Web browser and other third party software are completely patched and up to date.  Doing so will give you a good first layer of defense as you begin your online shopping adventures.

Use reputable e-tailers

When it comes to finding the best deals on the season’s hottest items, your Google searches might lead you to some shopping sites you’ve never heard of.  Be wary of these, and take time to read the customer reviews and feedback.  Do your homework and get a feel for the site’s reputation before you trust it with your sensitive payment data.

Generate awesome passwords

We’ve covered creating awesome passwords, and it’s especially important that you use them anywhere you shop.  Don’t ever, ever use the same password twice.  I recently had a personal situation that highlights the importance of this.  I was notified by a breach notification service called HaveIBeenPwned that my account credentials were compromised in a recent online attack.  In the notification was a link to a page with hundreds of usernames and passwords.  Now I wasn’t overly concerned about this because it was a service I signed up for just so I could download a trial of some software.  I used a weak password just to get through the annoying obligatory sign up page, and never used the site again.  But imagine that the password I used on that site was the same one I used for my Amazon or online banking accounts.  Someone could very easily have made my life difficult – all because I chose to use a weak password.

Choose the best payment option

This is more personal preference, but if a site offers payment through PayPal or Google Wallet, I lean towards using those over entering my “raw” credit card data directly into a site – especially if it is site I haven’t shopped at before.  Either way, you should make sure you check with your financial institution and understand what kind of safeguards they offer you from fraudulent charges, as the FDIC points out some important differences in the way debit, credit, and prepaid cards are used and protected.

Track what you buy

It is important to keep some sort of electronic or paper trail of what you are buying, and from where.  This time of year you are likely to receive a lot more spam messages claiming there is a problem with an order you placed from site XYZ.  If you have been doing a lot of shopping, you might click that link only to find it is a malicious trap to install malware on your machine.

Don’t click on anything (well, almost anything)

December is going to be a huge month for spam and other links inviting you to “click me!”  You will likely be bombarded with deals promising free electronics, free meals at your favorite restaurant, or even free trips – if you just click the link!  And there will still be plenty of other links designed to generate an emotional reaction, enticing you to click first and think later.  Personally, my Facebook feed is regularly sprinkled with links claiming my favorite Walking Dead character is dead, or that I’m one link away from getting the secret inside scoop on Bill Cosby’s allegations.  So be on your guard, take a deep breath, and scrutinize each and every link you click on the Web or in your email.  Use Google and Snopes to check out any deals that look too good to be true.

Final tip: for super nerds only!

Ok, this final tip is for pocket-protector-wearing, uber-hardcore nerds.  Regular mortals can skip this section.

One strategy I have been researching as it relates to safer online shopping is to use a special CD for my most sensitive online transactions.  I got the idea from a Brian Krebs article, in which he shows you how to boot your computer off of a CD rather than your regular operating system.  Why would you want to do this?  Well, viruses and malware have extremely sneaky ways of remaining quiet on your machine.  Your Web site usage, keystrokes and even Webcam images could be monitored and you might not even know it.  But by using a CD (there are many to choose from), you are booting off of its known good, clean operating system.  Your hard drive is completely out of the equation, and thus has no way to affect what you do while using the boot CD.

So the idea is you boot to the CD, do your banking and online shopping, and then reboot back into your normal operating system for regular tasks.  Is it a huge pain to do this every time you want to log into one of your important sites?  Sure could be.  But the trade-off for better security could be worth it.


You can conduct your online shopping safely by keeping your hardware and software patched, using reputable sites and strong passwords, and being extremely careful what you click.  If you have questions about online security, I would welcome the chance to talk with you.  I can be reached at 952-467-6385 or at

Coming up next

In January, we will look at some tips and software to speed up your PC and help it lose some holiday “weight.”

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *