Five ways to protect yourself while online shopping

Yubico is a Business Reporter client.

Over the holiday period, many of us purchase gifts for friends and family, bringing a vital boost to retailers. Much of this is done online: 96 per cent of people planned to shop over the internet between October and December, according to a survey conducted by OnePoll for Yubico, a leading provider of multi-factor authentication.

While this is undoubtedly convenient for time-pressed consumers, online shopping also leaves them open to significant risk from cyber-criminals. Around 90 per cent of all cyber-attacks are a result of stolen login details, often gleaned through the use of phishing, where victims are tricked into visiting malicious websites via text or email and inadvertently revealing their passwords or downloading malware. Hackers can access online accounts to steal payment information and make fraudulent purchases, while the use of duplicate passwords across multiple accounts means other sites used by a victim could also be breached.

Faced with these threats, survey results find that 82 per cent of Americans and 78 per cent of Brits are concerned about cyber-security when it comes to their online accounts. However, many are left wondering where to start when it comes to staying secure. The following five tips highlight how you can be better protected while shopping online:

While there’s a good level of concern around the potential danger of cyber-attacks, there’s also a risk of complacency. According to Yubico’s research, nearly seven in 10 UK citizens (69 per cent) and more than half of Americans (52 per cent) believe none of their online accounts have ever been hacked. Considering that most of us have many accounts on diverse online services, and the regularity of password breaches, it’s highly likely accounts have been illicitly accessed without people knowing.

A good starting point is simply being wary of any emails that ask you to confirm your details or click on a link to a website. Always checking the email address used, and looking out for any misspellings, can help you assess whether an email is genuine. If in doubt, go directly to the organisation’s website rather than clicking on links within the email.

While it can be tempting to save card details on retailers’ sites, this means any hacker who successfully accesses your account can instantly make fraudulent purchases. More than half (57 per cent) of Americans and 43 per cent of Brits admit to saving credit card information in online accounts, with those in younger generations most likely to do so.

Concerningly, three-quarters (75 per cent) of Americans and 65 per cent of Brits say they either “completely” or “mostly” trust the websites they use to protect their personal or credit card information.

Passwords themselves are inherently insecure, but using the same one across multiple sites means that if any one password is breached – either as a result of phishing or a hack – then criminals can easily gain access to accounts on those other sites too.

Almost half (46 per cent) of Americans admit they use the same password for multiple sites, and 31 per cent of Brits do the same. Password managers can generate and store random passwords which will be complex, unique and harder for any hacker to guess, and can also identify any duplicate passwords across sites.

Switching on multi-factor authentication (MFA) – a secondary layer of verification to check that it is you rather than a criminal who is accessing an account – adds an additional level of security. Many traditional MFA methods, such as receiving a code by text message to be entered into a retailer’s site, are still vulnerable to sophisticated phishing attacks. However, any MFA is better than just using a username and password.

Currently just over half (54 per cent) of Brits use multi-factor authentication on their online accounts, compared with 39 per cent of Americans, suggesting there is significant room for improvement here.

For those seeking a more secure method of MFA to protect their online purchases, security keys, such as YubiKeys, provide the answer. “Yubikeys offer the highest level of protection against phishing attacks,” says Ben Eichorst, Director of Infrastructure Security at Yubico. “An individual touches the YubiKey to verify their physical presence.”

“They eliminate the need to reach for your phone to open an app or memorise and type in a code,” adds Eichorst. “The technology in the YubiKey stops many common phishing attacks while also simplifying the login process.”

YubiKeys also store the most cutting-edge method of authentication: passkeys, which replace passwords entirely. Stored on smartphones, laptops or security keys, passkeys use complex cryptography to verify your identity only on trusted websites, thwarting phishing attacks and malicious websites, no matter how realistic they may seem.

Taking the threat of cyber-attacks, including phishing, more seriously and implementing measures to prevent them can help ensure that accounts are not compromised, passwords or other credentials are not leaked and customers can shop with confidence. Such reassurance is priceless.

To find out more about Yubico and how the YubiKey can protect your online accounts, please visit yubico.com.