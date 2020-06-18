Your personal and credit card information has likely been stored in more places in recent months, opening up to cyber attacks and identity theft. While it's always a good idea to routinely change passwords and protect your home networks, now is a good time to make sure you're also protecting how you shop online.

It is a growing problem. The US Federal Trade Commission. USA It reports that consumers have lost nearly $ 60 million to overall fraud this year alone, with online shopping accounting for the bulk (13%).

Here are some precautions to keep in mind.

Established online retailers, including Amazon and Instacart, have seen dramatic spikes in usage this year, and smaller local businesses are adding more and more online ordering options, but they may not have the same level of protection from data.

"I never thought I'd buy steak online, but I'm buying steak online," Mark Ostrowski, a cybersecurity expert at software firm Check Point, told CNN Business. "People really need to keep track of their footprint and review and delete accounts, delete credit cards, withdraw personal information about many of these things after making purchases, especially if it is a one-time purchase."

It may sound tedious, but keeping an up-to-date list of the websites where you entered your credit card information can be helpful in making sure you delete that data later.

Some browsers like Google Chrome have a built-in password manager that reveals which sites you have accounts with. "You could use that to go back in time and … clean it up," Ostroswki said.

Password managers like LastPass or Dashlane, who can safely store all of your passwords and auto-complete them on websites, or even generate temporary numeric codes so you don't have to enter your password, can also make it easier to protect your data against

Think twice about how you pay

When it comes to online shopping, credit cards are better than debit cards because they are not directly linked to your bank account. "There are laws that limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards," said the US government's Infrastructure Security and Cybersecurity Agency (CISA). USA In a set of guidelines published last year. "You can minimize potential harm by using a single low-limit credit card to make all of your purchases online."

Some banks and credit card companies offer a temporary card number to customers., They generate a unique virtual account number that you can use for online purchases without entering your real credit card.

"These temporary numbers can be useful for one-time purchases," cybersecurity firm Kaspersky said in guidelines published on its website.

Digital payment services like PayPal can also allow you to make purchases without entering your card information on numerous sites.

Watchful navigation

It's the oldest trick in the book, but cybercriminals often try to impersonate popular brands or companies in phishing attacks, emailing fake deals or discounts that may seem real, but they install malware when you click on them. But they continue like this because people fall for these tactics. Getting around can be as simple as typing the website in your browser first.

"Doing a Google search for the company you want to do business with is much safer than clicking a link you receive in an email," Ostrowski said. "And better yet, if you know exactly where you should go, go directly there."

Ostrowski says familiar names like Apple ( AAPL ) , Netflix ( NFLX ) , PayPal ( PYPL ) and ebay ( EBAY ) They are among the most frequent services supplanted by phishing attacks. "If it is too good to be true, it is probably too good to be true."

Many of the best practices for other types of online activity can also be effective when it comes to online shopping, such as making sure the website you are on is encrypted. The best way to do this, according to CISA, is to check if the site URL begins with "https" instead of the more standard "http".

Some browsers also have a padlock icon that indicates a site is encrypted, CISA said. But users should also be careful about that. "Some attackers try to trick users by adding a fake padlock icon, so make sure the icon is in the right location for your browser," added the agency.

Finally, experts warn shoppers that they should never buy anything online when on a public WiFi network, which tend to be less secure and mature for exploitation. If you are away from home and are not on a known secure network, it is "safer to do it through your mobile phone network," according to Kaspersky.

The cybersecurity firm also recommends using a dedicated email address only for online purchases, to prevent attacks disguised as marketing emails from reaching your main inbox.

"If such messages are sent to your primary email address, you know that there is a good chance that they are false or malicious," Kaspersky researchers said.

According to Ostrowski, the large amount of data that users end up exposing while shopping online can make them vulnerable even long after they stop buying.

Every day, people don't think about "how big is their footprint on the Internet with online retailers," Ostrowski said. "In six months or eight months, when you may not need as many of these retailers, that footprint will continue to exist for a long time. So I think people really need to follow up."