Gretel Egan | November 29, 2018

Shopping on Your Smartphone? 3 Mobile Device Security Tips

WombatProofpoint_Blog_OnlineShop2a_Nov2018It’s no secret that mobile devices have become a ubiquitous part of our culture, but you may be surprised to learn how frequently technology users are turning to smartphones for online shopping. According to fresh findings from Adobe Digital Insights (ADI), mobile spending was up 44% year-over-year among US consumers from Thanksgiving through Cyber Monday.

During the five-day span, mobile spending made up $10.1 billion of the $24.2 billion in overall online purchases. With significant dollars on the line — and the popularity of mobile shopping on the rise — it’s important for smartphone and tablet users to educate themselves about best practices for shopping from their mobile devices.  

The Tale of the (Register) Tape

According to ADI director Taylor Schreiner, “Converting mobile traffic to sales has long been a thorn in the side of retailers, but investments in making the experience faster and easier have paid off.” Several additional data points gathered between November 22 and November 26 support Schreiner’s assertion that the focus on mobile-friendly buying platforms has boosted consumers’ comfort levels with mobile shopping:

  • Smartphones were used to complete 77% ($7.8 billion) of mobile sales, a 60% increase from 2017.
  • Mobile devices drove nearly 55% of all retail site traffic (46.6% from smartphones, 7.7% from tablets).
  • Smartphone purchases on Cyber Monday 2018 were 56% higher than in 2017.
  • Cyber Monday was the busiest shopping day of the holiday weekend, with most online sales coming from direct website traffic (25.9%), email referrals (25.9%), and paid search (21.6%).

Security Considerations for Mobile Shopping

There’s no arguing the convenience factor of mobile shopping, nor the fact that the holiday shopping season is far from over. Retailers, charitable organizations, and event purveyors will be vying for dollars through December (and many other times throughout the year). Whether you’re shopping from your couch or making purchases while on the go, keep these three tips in mind to ensure that your money, data, and mobile devices aren’t left vulnerable to cybercriminals:

Tip #1: Avoid Unprotected WiFi

If you remember only one thing about mobile device security, make it this: Free/open-access WiFi is not secure. Period. Granted, the risk can be hard to comprehend because public WiFi networks — meaning those that are not password-protected — are everywhere. But the threat is real; it’s incredibly easy for enterprising individuals to intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.

Do not confuse a trusted location with a trusted network. Many stores, shopping malls, and restaurants provide free WiFi; yes, these are familiar locations, but that doesn’t mean you can trust their networks to keep your data secure. Using open WiFi networks for web browsing and other “non-confidential” activities is generally safe, but you should avoid making purchases and logging into accounts. The same goes for an unprotected home network: If you have not added a password to your personal WiFi network, it’s not private, it’s public. Everything you do on that network could be vulnerable to hackers (or even curious neighbors with moderate cyber skills).

The safest course of action with mobile shopping is to wait until you are connected to a trusted, secure network (which includes your service provider’s mobile data network). If you are interested, you can find more information about reducing public WiFi risk on our blog, as well as tips for securing your home WiFi network.

color_bar.png

Holiday Shopping Tips for Black Friday, Cyber Monday, and Beyond

color_bar.png

Tip #2: Dodge Potential Phishing and Smishing Attacks

As we noted above, more than a quarter of US online sales over the Thanksgiving holiday weekend resulted from email referrals — meaning that shoppers clicked through an email, visited a website, and ultimately made a purchase. This may seem like a perfectly harmless action, since many reputable sellers communicate sales and special offer codes via email. And while this is certainly true, it’s equally true that cybercriminals take advantage of email-heavy seasons, peppering inboxes and with malicious messages that mimic legitimate emails.

This practice, known as phishing, is a common way for fraudsters to trick unsuspecting shoppers into visiting unsafe websites and revealing login credentials, credit card data, and other personally identifiable information (PII). Unfortunately, imposter emails and websites can be difficult to quickly spot, because they are often designed to look like the marketing tools of a known, trusted brand.

In addition, mobile users should realize that malicious messages aren’t limited to email. You could also receive a fraudulent communication (and dangerous link) via text message — a type of cyberattack known as smishing — or through social messaging channels.

The key in all cases is to take extra care with any link you receive in a message; anti-virus and anti-malware software cannot save you if you navigate to a fraudulent site. The easiest way to avoid these types of attacks is to avoid clicking solicitation links altogether; instead, go directly to the source of the special deal by accessing a trusted app or typing a known address into your mobile browser (Chrome, Safari, etc.). In the case of special offer codes, simply enter them during the checkout process to see if they are real or fake.

To see examples of fraudulent messages and links, view the holiday shopping tips on our blog. And for step-by-step advice on identifying (and avoiding) phishing attacks, check out our “decision tree” infographic.

Tip #3: Verify Before You Buy

This last tip goes hand-in-hand with our tips for avoiding phishing and smishing attacks, but it deserves some separate emphasis because web traffic isn’t solely driven by email, texts, and direct visits (i.e., typing a URL into a browser). You might also end up on a site following a web search (via Google, Bing, or DuckDuckGo, for example) or after clicking an ad or link within a mobile app or website.

As noted above, cybercriminals and scam artists are opportunistic; they also tend to be unscrupulous and quite talented, monitoring buying trends and hot topics to make their lures as enticing as possible. As such, the fraudulent ads, websites, and mobile apps they create can be very difficult to distinguish from legitimate counterparts — at least at first. Consumers generally don’t realize they’ve been duped until information has been compromised, money has been stolen, and/or purchased products don’t arrive. The result is a time-draining nuisance at best and a time-draining nightmare at worst.

But how to avoid these dangerous copycats? First and foremost, direct visits to a known, trusted mobile app or website are best; that means going to a vetted, verified app or typing in a familiar, well-known web address. In the case of an intriguing new app or unfamiliar site, take a few minutes to do your homework. We recommend that you apply a process that many consumers use before buying a new product: check reviews, search online for customer complaints, and ask friends about their experiences (if applicable).

In the end, if your research leaves you feeling less than confident about the application or website you’re considering buying from, save yourself the nuisance or the nightmare and opt for another, more trustworthy outlet. Leave that lump of coal for someone else’s stocking.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now