Main risk for online shoppers is in replying to unsolicited email spoofed to appear as originating from reputable retailers
Survey by Trend Micro shows that many Malaysian users still do not take precautionary steps when they shop online
AFTER reaching the historic mark of US$ 1 trillion last year, global online retails sales is forecast to grow by 17.1% this year, with the Asia Pacific region accounting for over one-third of sales, cyber-security firm Trend Micro Inc said in a statement.
The online shopping craze has also reached Malaysian shores, with a recent study by Trend Micro showing that more than eight out of 10 Internet users in Malaysia shop online.
Furthermore, Nielsen has forecast that the local online shopping market will grow to RM5 billion (US$1.5 billion) by 2015.
There are plenty of local and international websites to choose from when it comes to online shopping, from marketplace listings and group discount websites to online travel agencies.
Currently, two out of 10 top local websites are dedicated to online shopping, while another four offer it as part of their services, according to Alexa rankings.
The risks involved
Internet users should not let their guard down despite of the drop in online fraud in the first quarter of 2013 as reported by Bank Negara, the central bank.
The rapid growth of online shopping worldwide, together with the increase in money changing hands in cyberspace especially after the reduction of the Online Interbank GIRO (IBG) to 10 sen, will attract more cybercriminals to target online shoppers, Trend Micro said.
“The main risk for online shoppers lies in replying to unsolicited emails spoofed to appear as originating from reputable retailers,” said Goh Chee Hoh (pic), managing director of the South-East Asia Region at Trend Micro.
“Clicking through the links in these could lead unsuspecting users to a phishing site designed to steal their credit card credentials.
“Other scam emails feature special offers or luxury goods at knock-down prices – the end goal again being to trick users into giving away their personal and online banking information,” he added.
Goh said that even those who use their mobile devices to shop are not spared. Recently, cybercriminals took advantage of a loophole, dubbed the ‘Master Key,’ which affects 99% of Android devices by offering a malicious update for a legitimate banking app from one of the largest South Korean financial institutions.
Upon updating the app, the genuine but compromised banking app would request users to provide their latest personal information. The app will then seed this information to a remote server operated by cybercriminals who use it to generate ill-gotten gains.
Stay safe when shopping online
A recent survey by Trend Micro shows that many Malaysian Internet users still do not take precautionary steps when they shop or conduct financial transactions online.
About 30% of the respondents in an informal survey on the company’s Facebook page revealed they use the same password across different financial accounts.
Furthermore, a quarter of the respondents admitted they derive their passwords from easily identifiable information like their date of birth and mobile phone number.
The survey also found that one in five respondents had no worry conducting financial transactions at work or via public WiFi connections.
To stay safe, Trend Micro advises online shoppers to practice the habits below:
If the offer’s too good to be true, it most probably is. When looking for the best deals online, watch out for unbelievable offers. Deals that are too good to be true may just be that. Not all online promos are fraudulent though. It’s just a matter of choosing the right websites to buy from. Search for reviews and public opinions to validate your finds.
Bookmark the spot. If you want to keep buying stuff from a site, it is a good idea to bookmark it. Tempting as it is to simply rely on search engines to find the right shop, don’t. Cybercriminals often count on misspelled links to lead victims to spoofed sites. Cybercriminals also employ blackhat search engine optimisation (SEO) techniques to poison search results. They modify the content of malicious sites so these would appear as top results. Clicking links to these puts you at the mercy of phishers and in danger of system infections.
Use payment methods that protect buyers. It is checkout time and this is where you should really be careful as it involves your hard-earned money. Never opt for a payment method that does not offer any kind of buyer protection. Wire transfers and money orders are therefore off the table. These are the methods preferred by scammers as there is no way to stop them from taking your money and not sending you the goods you have paid for. Paying via credit card offers you better protection through consumer rights laws.
Do not shop in a hotspot. You should avoid online shopping in places with unsecure networks or via public hotspots. Not only can bad guys hijack your shopping session while you’re connected to an unsafe network, they can also drop malicious files onto your system. If you are shopping at work or a cybercafe, the system you’re using may already be infected to begin with. Limit your shopping sessions to home. This assures uninterrupted and safe sessions, only if you keep your system patches up to date and your network secure.
A reliable security solution will give you peace of mind. Though you may already know everything above, you may still slip up. It happens to most of us. It only takes one mistake to give cybercriminals access to your money and personal information. Securing the safety of online shoppers certainly goes a long way. Nonetheless, installing a reliable security solution on your devices is a very good place to start, Trend Micro said.
Android ‘Master Key’ vulnerability affects 99% of devices
Indonesians and Malaysians take to ‘social shopping’ in a big way
Malaysians increasingly prefer online shopping to mall visits
Smartphone shopping trend sweeps Asia Pacific: MasterCard survey
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.