4 Ways To Shop More Securely On Your Mobile

4 Ways To Shop More Securely On Your Mobile

The end of the year is fast approaching, which of course, means frantic Christmas shopping.

While brick and mortar stores are still seeing their increased influx of shoppers as Christmas draws closer, many are choosing instead to do their Christmas shopping online.

In a survey conducted by Deloitte, 68% of shoppers who own smartphones and 63% who own tablets plan to use them to help in holiday shopping. The survey also showed that “the Internet moved into the top spot among holiday shopping destinations for the first time in its 15 years represented in the survey”, indicating that online shopping is rapidly gaining popularity.

While convenient (and a lot less stressful), there are also security concerns every user should be aware of. It’s no secret anymore that hackers are turning their attention to smartphone and tablet users, as more and more personal information is stored or accessed on these mobile devices.

So, this festive season, if you plan on doing your Christmas shopping on your mobile, to prevent someone accessing your personal information, check out our tips on how to be more secure when shopping on your mobile device.

[divider_line]

1 of 4  

Shopping Over Wi-Fi

Security tips for mobile shoppingYour favourite coffee shop might seem like a great place to get some Christmas shopping done, especially with that free Wi-Fi! But we’ve got some bad news for you; public Wi-Fi’s attract hackers like your lack of sleep attracts the need for caffeine.

Public Wi-Fi networks are usually not encrypted, which makes it relatively easy for hackers to access the information you type and send over an unsecured Wi-Fi network. This means that if you enter any credit card details, addresses, phone numbers, passwords and other personal information, even when shopping on a secure shopping site (i.e. an URL starting with https://) a cyber criminal could be intercepting your information.

The general consensus among security experts is to avoid using Public Wi-Fi networks as much as possible unless you are just browsing. If you need to login to a web service or complete a transaction, rather turn off Wi-Fi and use cellular data or wait until a secured Wi-Fi network can be accessed to make sure any online transactions are done safely.

However, if you must use a public Wi-Fi, make sure it is a legitimate one i.e. ensure it is a network offered by the Coffee shop or airport, as hackers can set up wireless networks disguised as legitimate ones to steal data.

Check Applications

trojanApplications are notorious for accessing more information on the phone than needed, such as contacts or GPS location. Cybercriminals with web development knowledge can easily create malware laden apps disguised as legitimate shopping apps, which when downloaded can be used to steal personal information.

As such, it is important to only download apps from legitimate app stores such as Apple’s App Store or the Google Play Store. These official app stores have processes in place to identify malicious applications, which reduces the chance of downloading malware.

However, while these app stores have these measures in place, some malicious apps do fall through the cracks, so it is important to be cautious when downloading any application from any app store, particularly if the developer is unknown. To find out whether an app is safe to download, read the reviews of the app to see what other user’s have to say. Any issues with the app will most likely be added to the reviews, giving you an indication of whether this app is safe or not. Also, doing a search on the Developer with the word ‘Malware’ is also useful, as it will usually surface any issues with that developer. If you can’t find any reputable information about the app’s developer, or if terms like malware are associated with the name, the app should probably not be downloaded.

If you are downloading a banking or shopping app, it is best to go through the company’s website to ensure you don’t download a copycat app that has managed to bypass the app store’s security measures. Shopping via the company’s website is also another way to reduce your risk of compromising your personal data, however, once again ensure you are accessing the real website by checking out the URL.

It is also important to read what data and services the app will access before downloading the application. A list of required permissions is usually shown either on the description of the app or in a pop-up window before you download the app. An explanation of why the app requires those permissions is included in this list, which should help you decide whether or not the app is safe. If the app requests access to data or services on the smartphone that appear unnecessary, it could signal that the app contains malware. Denying unnecessary permissions “can reduce your risk of exposing mobile data to a malicious entity,” Joe Schumacher, security consultant for Neohapsis, said. While perhaps a bit tedious, reading through these permissions might just save your personal information one day.

You should also always make sure you are using the most updated version of the application, as developers tend to fix security holes in updated versions. However, when updating an app you should also double check what the update includes. There has been instances in which developers have released a malware free app to encourage people to download the app, and then unleashed malware on updates to the app such as the BadNews code discovered earlier this year for Android applications by security firm Lookout Mobile Security.

Web Browsing

tips for more secure mobile shoppingEven though shopping from a company’s website is considered safer than an application, users still need to take some steps to safe online shopping.

One of the first thing’s you should be doing when you shop online, either on your phone or your computer, is ensuing that the URL starts with “https”, which stands for HTTP Secure. Most eCommerce website operate using https, which provides a more secure connection for the transfer of data.

Some web browsers may automatically store passwords, which is a security concern particularly when you are logging in to online banking, Pay Pal, or other accounts. Ensure the web browser is not storing passwords, as this information could be exposed for malicious purposes. You can check whether the browser is storing passwords by going into the Security settings of your browser. Also, if a site offers the choice of either storing payment details or making a one-off purchase, it is advised to make a one-off payment to ensure your credit card details are not stored.

If you are buying from an unknown retailer, it is generally a good idea to search for reviews of that retailer. This will help avoid rogue sites, as many users share their stories about bad service or goods that do not appear on forums.

Too-Good-To-Be-True Deals

Tips for more secure mobile shoppingYou are probably on the lookout for some great bargains in the lead up to Christmas, which makes deals sent by email or text messages all the more tempting.

However, when a deal looks too good to be true it usually is. If you receive a deal from a brand you don’t recognise, whether through SMS or email, avoid clicking on any of the links as clicking on the link could download malware or open a malicious website, which leaves your mobile device open to hackers.

Users should be particularly aware of time-sensitive deals or personal messages promising “exclusive deals and discounts”, as these could be phishing scams, which try to get users to give up personal information. Phishing scams are especially successful during the holiday season, with many shoppers after the best deals. If you don’t recognise the brand, or the wording or email address doesn’t seem right, it is best not to click any of the included links. Rather do some research on the brand first to check whether it is legitimate. You should double check the display name and the email address of emails if they appear to be coming from well known brands as well, as cyber criminals have posed as known brands in the past such as financial institutions.