SOURCE: Kaspersky Lab

Kaspersky Lab

November 24, 2009 09:00 ET

MEDIA ALERT: Say Bah Humbug to Malware; Stay Safe Before, During and After Online Holiday Shopping With Tips From Kaspersky Lab

WOBURN, MA--(Marketwire - November 24, 2009) -


It's the most wonderful time of the year. It's also a great time for cybercriminals to take full advantage of online shoppers with new and improved ways to steal your confidential information. While it's convenient to shop online, you can easily fall victim to an attack -- even by visiting a completely legitimate website. There are ways however to keep personal information safe. Here are a few quick tips for safe online shopping from Kaspersky Lab, America's fasting growing Internet Security software.


1. Know what you're buying and who you're buying it from.

Fraudsters can set up e-commerce stores under any name to phish for your credit card information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. If you're shopping online and receive a pop-up chat box asking for your credit card details, ignore it and close out the Web site. Legitimate online sellers never ask for information via chat boxes or e-mails. Even at legitimate e-tailers, pay careful attention to the descriptions on items for sale. The word "refurbished" is usually a clue that you're purchasing a used item that, chances are, is not in very good condition. If a price appears too good to be true, it probably is.

2. Make sure your transaction is encrypted and your privacy is protected.

Many sites use SSL (Secure Sockets Layer) to encrypt information. Check your browser URL to make sure it begins with "https://" and has a closed padlock icon on the right of the address bar or at the bottom of the browser window. Before entering personal or financial information into an e-commerce site, it's worth taking a moment to check the site's privacy policy and understand exactly how your information will be stored and used.

3. Keep your computer up-to-date and secure!

Be sure to install and keep anti-malware software updated with the latest signatures on your computer. This will help protect you from viruses and data theft Trojans that steal sensitive financial information. Apply all operating system patches in a timely manner and install updates for all browsers and commonly exploited third-party applications. These include everything from Adobe's Flash Player and PDF Reader to Java and iTunes. If you don't know what programs are vulnerable try running a free vulnerability scan from Secunia, available at Additionally, many operating systems and software programs offer automatic updates. If this option is available, you should enable it.

4. Use a dedicated credit card specifically for online shopping.

It makes sense to shop online with a single dedicated credit card with a low credit line. This limits your exposure to fraud and allows you to protect transactions under the Fair Credit Billing Act. This law lets you dispute charges under certain circumstances and temporarily withhold payments during an investigation. Avoid using debit cards that draw money directly from your bank account.

5. Use strong passwords and security features.

It's a piece of cake for malicious hackers to crack weak passwords and hijack your accounts at e-commerce sites. Get into the habit of using a different password for every online store and, if necessary, write down those passwords and put them in a safe place. When choosing a password, here are some tips to consider:

-- Don't use passwords that are based on birthdays or pets' names that can be easily accessed or guessed.

-- Don't use words that can be found in any dictionary of any language. These can be cracked with software tools.

-- Develop a mnemonic for remembering complex passwords. Alternately, write them down and store them in your wallet.

-- Use both lowercase and capital letters.

-- Use a combination of letters, numbers, and special characters.

-- Use passphrases when you can. A passphrase is a sequence of words used in place of a password. It is usually longer, 20 to 30 characters. They can be remembered easier than passwords without being written down, reducing that risk as well. For example: The quick brown fox jumps over the lazy dog becomes tqbfjotld.

6. Check bank statements and look for discrepancies.

Keep a record of your purchases and copies of order confirmation pages, and compare them to your bank statements. If there is a discrepancy, investigate it thoroughly and report it to your financial institution immediately.

Additional Holiday Shopping Resources:

Before you shop:

-- Application vulnerability from Threatpost page

-- Kaspersky Internet Security Free 30-day Trial - Download Kaspersky's free 30-day trial to scan your computer before you shop.

While you shop:


-- CyberMonday Online Deals

-- Dealio

-- Deal Taker

-- Cyber Monday

After you shop:

-- Non-profit consumer advocacy groups for resolving fraudulent charges

-- Links to Free Credit Monitoring -- 877-322-8228. You can also fill out the Annual Credit Report Request Form and mail it to:

Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281.

The Fair and Accurate Credit Transactions Act, or FACTA, provides for one free consumer report from each of three agencies annually (TransUnion, Experian, and Equifax). Tip: Ordering one report per quarter from one of the three agencies will give you a good idea of your credit information at any given time throughout the year.


Kaspersky Lab security evangelists Ryan Naraine and Dennis Fisher are available to discuss these tips and provide additional insight into how people can stay safe while shopping online.

About Kaspersky Lab

Kaspersky Lab is the world's largest privately-held Internet Security company, providing comprehensive protection against all forms of IT threats such as viruses, spyware, hackers and spam. The company's products provide in-depth defense at work, at home and on the road for home and mobile users, small and medium sized businesses and large enterprises, protecting more than 250 million systems around the globe. Kaspersky technology is also incorporated inside the products and services of approximately 100 of the industry's leading IT, networking, communications and applications solution vendors. For further information about the company, please visit For the latest in-depth information on security threat issues and trends, please visit For the most up-to-date world security news, visit

Contact Information