How ad blockers can improve your online safety and sanity

You boot up your computer, ready to start another day. You have fifteen minutes to catch up on the news and drink your coffee before your daily commute. Too bad you accidentally click on some blinking ad that directs you to a sketchy site that’s taking forever to load…

Well, there goes your morning. Maybe, you think, you should finally get an ad blocker like your co-worker keeps telling you too. But you’re not so sure. How effective are these ad blockers, anyway? Is it really worth your time to block something as benign as a slow-loading banners and the occasional rollover ad?

Are ads such a big deal anyway?

So you know what they look like because you’ve seen tens of thousands of them. They’re those pesky videos or banners that get in the way of the content you actually want to access.

But how do they work?

Ads are typically embedded on websites, coming from centralized servers of ad networks. That means your browser not only connects to the website you entered, but also to a number of additional servers that deliver all those distracting videos and flashing images. Since many large websites work with the same ad networks, they can easily track you across the web.

Ads are often embedded from all across the web.

Getting to know all about you

These ad networks record when you check the online circular at your local grocery store, look at some job ads, and even when you indulge in a few funny cat videos. Little do you know, the web surfing you’re soon to forget is collected through a combination of cookies and pixel tags and is used to create a very specific user profile about your interests, fears, age demographic, gender, etc.

That profile is then used to display ads that are specifically targeted to you. For example, if you’re searching for information on a specific disease, you will be followed by an endless number of ads that try to sell you treatments and medication, even if you just conducted a paranoid search based off of a benign rash.

This is called online behavioral advertising, or behavioral targeting, and it’s a pervasive practice that is largely unregulated in most countries.

Advantages of using an ad blocker

For those who don’t know, ad blocker is a software or browser extension that filters all HTML elements that are expected to contain ads. Since most ads come from known third party servers and have standard image sizes, it’s relatively easy to detect and remove them. Almost 200 million people worldwide use some form of ad blocker, according to a survey done by PageFair and Adobe, and it’s easy to see why—ads are the annoying eye sores of the internet. But there are other, more significant reasons to use an ad blocker.

1. Increased speed of web browsing

Ads often take the biggest chunk of the total data to transfer, and video ads and animated ads tend to take a lot of CPU resources for rendering. The worst ads even start grating audio in the background which really puts a strain on bandwidth. Ad blockers not only hide these elements, but effectively avoid transferring them from the servers. An ad blocker can save you hundreds of megabytes of traffic a month, not to mention significantly increase loading speeds of your favorite websites. A good site to see how much data is transferred from different servers while opening a website, including the delay in loading is Webpagetest.

If you are using Chrome, you can view details about loading and scripting in the developper tools (F12). The example shows a typical ad-heavy page being loaded with and without an adblocker present.

2.Safety and malware concerns

Did you know you can actually get malware from ads? Ad networks have been hacked or infiltrated to serve manipulated ads in a practice known as malvertising. These manipulated ads contained hidden exploit code that targets unpatched leaks in browsers or in browser plugins, like Flash or Java Runtime. Since the ads were served through so many websites, attackers could spread their malware to hundreds of thousands of victim PCs within minutes.

But that’s not the only way to get malware from an ad, since they are frequently designed in ways to mislead users. For example, they imitate error messages or software buttons to get a click. On download portals these ads often imitate download buttons to confuse users and misdirect them. Misled users then often find themselves on shady websites that try to make them download PUP bundles that showcase even more ads, feeding a vicious cycle.

If you remove all the ads (see pink areas on the right screenshot), the page gets a lot shorter and looks less crowded (as shown on the left).

3. Privacy concerns

Privacy is one of people’s number one concerns when it comes to ads, and it’s often why they choose ad blockers in the first place. For example, let’s go back to the rash incident mentioned above. Imagine you spent an insignificant thirty minutes researching a toe rash that ended up just being nothing more than some itchy bug bites. This is where your privacy problem begins: if that data is combined with personal information, such as your full name and address, your profile can be sold and distributed in ways that can affect your daily life.

While it’s largely unknown how these behavioral targeting practices currently affect people outside of the online space, there are few regulations concerning who can purchase or obtain this sensitive information. (There are some self-regulatory principles put forth by the Federal Trade Commission, and a ban on targeting children.)

For example, it’s possible that an insurance company may deny your application if they suspect that you have a pre-existing condition, or a company that you applied to work for may reject your application because they fear hiring someone with too many health issues. There is no guarantee that your private browsing information can’t fall into the wrong hands.

Disadvantages of ad blockers

There may not seem to be many disadvantages to using an ad blocker, especially given all of the compelling advantages, but there are a few key problems with them and how they currently exist.

1. Starving your favorite content creators

Using ad blockers greatly affects revenue streams of online content creators, and can put your favorite blogger or youtube star out of business.

This can be a major concern for you if you do like to follow popular tech and gaming sites, which are notoriously run on ad revenue. There are two things you can do to rectify this situation: be willing to pay for quality content, or selectively disable your ad blocker for sites you want to fiscally support.

2. Even ad blockers have to make money

Most ad blocking extensions and software are free, which may initially seem like a great thing. Unfortunately, the demand for free software, similar to the demand for free content, creates a conundrum for developers who still need to earn a living somehow.

After all, creating a good ad blocker requires resources. So these developers may have to take questionable methods to create revenue, which in turn can compromise your ability to effectively block ads.

For example, Adblock Plus, an ad blocker that dominates the market, automatically white lists certain ad networks that pay them a hefty sum. You can choose to block these ad networks manually, but you can’t deny that there’s a conflict of interest when ad networks are footing the bill on your ad blocker. It sounds eerily like these companies are paying ransom on their advertisements, which is something we’re all too familiar with in the anti-malware industry.

Ad blockers we recommend

There are a lot of ad blockers out there on the market, many of which are free. Here’s a rundown of some of the most popular and well-trusted ones on the market:

Adblock Plus

Adblock Plus is an open-source browser extension that is available for Firefox, Chrome, Internet Explorer, Safari, Opera, and Yandex. It has healthy ratings and reputation for most browsers, but as mentioned above, it whitelists “acceptable” ads.

Ublock Origin

Ublock Origin is an open-source extension available for Chrome, Safari, and Firefox. It is well-known for it’s light resource use as compared to its competitors.

So remember, next time an obnoxious ad wastes your time or your bandwidth, you do have options. They may not be completely free of complications, but ad blockers can really make a difference when it comes to your security (and sanity) online.

Have a great, ad-free day!

Related Posts:

• Which browser offers the best malware protection?


• Dangers to your bank account – how to perform…


• Prevent malware from entering your PC with Emsisoft Surf…


• Antivirus software: Protecting your files, at the price of…


• How to stay safe on Facebook and avoid the top 5 scams

How ad blockers can improve your online safety and sanity

Cleaning vs. Protection – Why you shouldn’t rely on malware cleaning

Another strange pop-up or unexpected crash, and it’s time to take your computer back to the shop, right?       

But what if you could avoid losing precious data and time spent with your computer? What if this whole cleaning step could be eliminated entirely?

This is why protection is a pivotal topic in the antivirus industry. Cleaning and protecting seem like two methods that aim for the same goal: a computer that is free of any online threats. While a few people still believe that they have nothing important to lose on their devices, we’d like to analyze two significantly different approaches for security conscious people: cleaning an infected PC versus keeping a PC clean.

The end result or effect may look the same at first glance, but once you learn a few technical details and understand how things truly work, you’ll be surprised how different both approaches actually are.

No need to wear a seat belt, the doctors will fix me!

Not practicing protection because you’ll clean your computer later is like choosing to ride in a car without your seatbelt because the doctors will patch you up in the event of an accident.

If you can imagine how ridiculous that is, then you can understand how important protection is for your PC. You’re basically acknowledging that your computer could be permanently damaged, very expensive to fix, or at the point of no return!

Prevention is more than just the preferred method or smartest choice. Below we’ve included some scenarios to illustrate what’s possible if you rely exclusively on cleaning instead of protection.

Infection case #1: Home user with PUPs that continue to collect data after removal

You’re at your PC hoping to do some online banking, but your screen is obscured by nasty, adult pop-ups and you have no clue how they got there or how to get rid of them. Your next thought is to download one of the many cleaning tools out on the internet to get rid of them. After all, that worked for you before.

The infection you had was a PUP (Potentially Unwanted Program). It doesn’t put much effort in hiding itself, so luckily for you, it can be removed relatively easy.

The price you have to pay for that experience: maybe a few hours of research, downloading tools, and conducting the scans and clean runs. The hidden price: that software collected personal information about you and your computer usage habits. You may still encounter weird occurrences in the future while surfing the web, and you may be recognized by various websites and their ad network partners.

Infection case #2: Business PCs manipulations that can hardly be reverted

Some computer guy told you to make sure automatic Windows updates are enabled on all the office computers. You check the update settings and realize that the service is completely disabled and won’t allow you to turn it on. Something is obviously wrong with your computer. Just recently you wondered why all Google ads look a bit different, larger, and more prevalent. You pick a malware scanner and run a thorough scan.

Whoa! 104 infections found! Most of them are harmless PUPs, but there are also a couple dozen active “Agent” trojan findings. They are remote controlled by a server and form huge botnets with hundreds of thousands of other victim computers. It’s the ideal tool to send billions of spam emails, or even run coordinated DoS attacks on big online services (unless, of course, they’re willing to pay a huge ransom).

Another listed infection on your scanner is labeled “Rootkit,” which is actually a well-hidden piece of malware that could easily go unnoticed, but watches your online banking activities and redirects some money to an anonymous account in a foreign country.

Your malware scanner does a great job in cleaning all those infections, so you have nothing to worry about, right?

Well it appears that even though all of the malware was properly removed, your Windows updates are still not working and some operating system components used to enable them don’t even exist anymore. This is because it’s just not the scope of your malware scanner to re-download missing files from Microsoft onto your system. Additionally, your malware scanner can’t know which of your system settings are intentional and which ones are malware-manipulated. As a result, there may be one or more open gates inviting new attackers to take over your computer again.

Just imagine a newly created user account with full administrative rights, or new network shares that make all of your data accessible to the public.

Bottom line: you need to be a real expert with years of malware analysis experience to be able to reconstruct everything the malware changed, down to the smallest level. It would take days to do that properly, and to make sure there is absolutely no hidden setting left that could compromise your entire security framework again.

Infection case #3: Local hospital irreversibly loses patient data

It’s Tuesday morning and you have the early shift, and the first patients of the day are waiting for their examination. But something is wrong with the IT. Very, very wrong! Instead of pulling up the patients’ details, all your computer shows is an FBI-branded screen that tells you to send $1,000 USD via an anonymous online payment system! You have 48 hours to do this, or else your entire patient database will be lost forever.

FBI Warning screen

You understandably panic and call the most expensive IT company for advice. All they can tell you is that your files have been encrypted with a secret key that can’t be cracked in less than 2 million years. After some further investigation they give you more bad news: Your automatic backup system failed a couple of weeks ago because nobody noticed the alerts that the software gave on the server. Bummer! All you can do is reinstate an outdated backup and try to reconstruct all data that has been added since then, or pay that hefty ransom.

This is the situation when malware cleaning has reached its limits. You may be able to remove the crypter if it’s still present, but you have most likely no way to decrypt all your files. It’s a nightmare scenario, and yet it happens to thousands of home users, businesses and institutions around the world every day.

Cleaning is like patching up holes only larger than 2″ on a leaky boat

It will probably give you enough time to rescue your most valuable goods, but sooner or later your boat will sink. It’s the exact same thing with your computer. In the best situation you will earn a cleaned PC that allows you to make a backup of all your documents, pictures and other data, but it is nearly impossible to get a truly clean system back ever again.

The more effective solution: clean, backup and then “nuke and pave”

To make this very clear, as there are still loads of misconceptions about it all over the internet:

A once-infected computer can’t be trusted anymore.

Afer cleaning and making backups of your data, you always have to wipe and reload your entire operating system from scratch. We fully understand that many IT people will moan about that idea and argue, “but it takes sooo long to do that, and who’s going to pay for it?” or maybe, “there is necessary old software on that PC that can’t be found/installed anymore”. But honestly, if you really want to clean a system well, it always takes a long time. Furthermore, if the software is truly so old that you can’t find it anymore, isn’t it probably time to replace it with something more modern anyway?

How to avoid all the hassle: protect your PC!

Protection is ideally established in multiple layers that complement each other:

1. Make sure all software is up-to-date.
   
   Windows updates should never be avoided for any reason. Never postpone them, for your own sake. On almost every patch-day (that’s when Microsoft releases a new set of updates for Windows) multiple critical security leaks are being fixed. Many of the patches close critical security leaks that potentially allow attackers to take over your PC remotely. Don’t forget, internet browsers and their plugins like Flash and Java need to be updated as well! Often you don’t even need to download and run a malware file manually to become a victim. Most infections occur via drive-by attacks while you’re surfing the web, or through fully automated bots searching for new victims around the world all day long.

2. Use the best malware protection money can buy
   
   Needless to say that you can’t go wrong with Emsisoft Anti-Malware or Emsisoft Internet Security. Emsisoft’s protection software had the smallest number of compromised systems across all 6363 real-world test cases performed by AV-Comparatives in 2014. If you’re using a pre-installed antivirus program that came with your computer when you bought it, make sure the license has not expired. They typically only last for 6 months and stop protecting after that period. Free software is typically limited in functionality or shows average protection capabilities. Compare test results from well known testing agencies like AV-Comparatives or VirusBulletin (VB100).

3. Make regular backups of all your data.
   
   How much would it costs to recreate all your files from zero, and could you afford losing all data? Choose your backup intervals based on that question. If you create relatively few files throughout the week and could recreate them easily in the event of an infection, conduct weekly backups. If you create new data every day that can’t be re-done at all (such as pictures, videos, patient data, etc.), do daily, or even intra-daily differential backups.

As the saying goes, an ounce of prevention is better than a pound of cure.

Have a great, malware-free day!

 

Related Posts:

• How to find and clean malware infections with Emsisoft…


• Emsisoft’s dual-engine scanner Behind the scenes


• Emsisoft Emergency Kit 4.0 released!


• Linux Rescue CD: a help or a hinderance?


• Special: backup software for free with your order at…

Cleaning vs. Protection – Why you shouldn’t rely on malware cleaning

Mobile Office Development & Mobile Device Management - Columbus Ohio

Businesses are increasingly relying more and more on mobile technology. That dependency means that more and more businesses across Columbus, OH are in need of mobile office and device management from those that specialize in mobile office solutions.

Discuss helpdesk services

AhelioTech is an expert in mobile business setup, infrastructure, and management. We have the tools and expertise necessary to perform all sorts of mobile business solutions, including:

• Installation and Setup of Mobile Office Applications


• Support and Maintenance for Mobile Devices


• Mobile Data Security and Monitoring

Whether you have a Bring Your Own Device (BYOD) policy or you’re supplying the mobile devices, mobile device management becomes a crucial component of an effective business, and at AhelioTech, we provide all of these services for costs that won’t hurt your ROI.

We work with all smartphone platforms, including:

• Android


• Apple


• Microsoft


• Blackberry

We also work with Tablet PCs, and we’ll continue to stay updated with the future of mobile device technology. We make it easy to collaborate with other professionals securely, as well as share files, work through cloud media and cloud storage, and so much more.

Our Columbus Mobile App Development Services

We are also one of the few providers of custom mobile app development, so if you are in need of a special app to help you with your mobile computing needs, we’ll be able to complete it for you. There is nothing that we cannot offer you at AhelioTech, with a variety of solutions that are certain to help you with your business’s mobile needs.

If you’re interested in learning more about how we use these solutions for your mobile business needs, contact us today at (614) 305-7363. Let AhelioTech show you why we are the number one IT outsourcing company in Ohio, and how we’ve helped so many Columbus businesses thrive.

Mobile Office Development & Mobile Device Management - Columbus Ohio

Beware! That Windows 10 update message could be ransomware in disguise

A new virus is on the loose and it’s targeting users waiting for their Windows 10 update. A variant of CTB (Curve-Tor-Bitcoin) Locker is currently being downloaded on to Windows 7 and 8 users at alarming rates. If you are waiting for your Windows 10 upgrade, please read the details below and proceed with caution when downloading anything from an email attachment.

It starts with an email

This new threat actor has a clever way of making its way onto your system. Since many people are eagerly awaiting their Windows 10 update, scammers developed a convincing email campaign to lure people into downloading their ransomware.

A screen shot of the offending email. Source: Cisco Blogs

As you can see, the email has the appropriate color scheme as well as a believable email address: update@microsoft.com. The scammers have even gone so far as to include a little note at the end that may give the recipient a false sense of security:

Don’t be fooled! This email is NOT safe. Source: Cisco Blogs

And then they demand you pay up

Once an unsuspecting victim downloads the false update to their computer and runs it, they’ll see this message:

The CTB-Locker message. Source: Emsisoft

The victim will find that their files have been encrypted and will not open properly, and like most ransomware variants, the decryption key will not reside on the infected system. The user allegedly has 96 hours before the decryption code is destroyed and the only way to get a hold of it before then is to pay an outrageous $200 USD.

Early detection is key

As eager as you may be for the latest Windows 10 update, please be aware that so many cyber criminals are waiting to take advantage of you! Be wary of emails with typos, strange characters, and in the case of the phishing email above, an IP address from an unexpected part of the world (in this case, Thailand).

If you are suspicious of any communications you have had with a so-called Microsoft representative, contact customer support before moving the interaction forward.

An Emsisoft Anti-Malware scan reveals the nasty virus. Source: Emsisoft

If you haven’t already, equip yourself with the best anti-malware available. If you fear that you have downloaded the ransomware but haven’t run it, deploy Emsisoft Anti-Malware immediately and remove the nasty virus from your system!

Otherwise, stay vigilant online and make sure your back-up system of choice is up-to-date.

Have a great, ransomware-free day!

Related Posts:

• Updated ‘Cryptowall 2.0′ Targets Windows Using…


• Ransomware Cryptowall makes a comeback via malicious help…


• Copycat Ransomware “Locker” Emerges


• Update now! Get the latest Windows Security patch


• Spam email Emotet steals bank account credentials from…

Beware! That Windows 10 update message could be ransomware in disguise

Safe online shopping? How to recognize a trustworthy vendor

You’ve finally found it — the one gizmo or gadget that will complete you. And lucky you, you’ve found the best possible price online! But are you really sure you want to hit “confirm” on that order page?

Online shopping has become as natural as breathing for some people, and it’s easy to see why. The convenience of staying at home while you shop, and having the ability to instantly cross-reference price points can’t be overstated.

But an increase in popularity doesn’t erase the large number of risks that exist out on the Internet. The reality is that even shopping in brick and mortar stores carries a risk: huge retailers like Target and Home Depot have had notorious data breaches in recent years that have affected thousands of shoppers. The difference is, you have the option to pay cash when you leave your home to go shopping — the age-old form of payment that can keep our spending habits anonymous. But you usually don’t have that option when shopping online, so everything you do leaves a trace.

But how did this happen to me?

Identity theft is a huge problem on the internet. You may have already experienced having to get a new credit or debit card. It’s a major headache to find out that someone has been running up your limit in a city 300 miles away. But did you ever stop to think how internet thieves got a hold of your information to begin with?

Stolen credit cards are sold on the black market — don’t let this be yours!

As you can see here, people are selling credit cards on the black market. While we won’t sink so low as to buy the card to confirm if it’s legitimate or not, you can see that there is a market for your stolen credit card information. This may have been how your credit card information was compromised!

All it takes is an insecure payment page or a data breach of a vendor that is holding onto your payment information. There’s no room to be even the slightest bit careless in this crazy world.

Online vendors don’t always have your best interest in mind

Over 900 million people in China currently use online banking, and some estimates report that by 2020 there will be about 450 billion transactions on the internet daily.

Whether through ignorance or negligence, some online vendors don’t have the right practices in place to protect your financial and personal information. They know that people will spend money on their products anyway, so why bother? Our CEO, Christian Mairoll, told us a horror story about vendors asking for credit card information through unencrypted emails!

There are a number of other things that novice vendors might do that compromise your payment information. But more often than not, it’s what they don’t do that can really put you in a bind. Study the information below and you’ll have a much better sense of what standards you should have for any vendor you do business with, as well as what payment options are optimal for privacy.

How secure is your online payment method?

Different payment options are more or less popular in different parts of the world, 
and often times what our friends, co-workers, and families are using influences our own decisions. Not only that, but limits on what forms of payment vendors will accept also sets the boundaries for these choices. The following payment options are popularly used around the world for online shopping:

Paypal

PayPal is an international online payment service provided by a U.S.-based company. It’s one of the most popular payment options made available by online vendors after credit and debit cards.

Pros – Paypal isn’t new to the online shopping scene, and as a result it’s a trusted option for many consumers. They are one of the first to use the tokenization technology to help you keep your financial information private, even from vendors. Tokenization is the process of substituting sensitive data with a non-sensitive replacement, or a “token.”  PayPal allows easy chargebacks in case of fraud. There is a relatively simple process of disputes compared to other methods, which is why you should prefer PayPal over credit card if a vendor offers both options.

Cons – Many vendors are unhappy with the fees that PayPal charges them. But never fear, the customer is not charged extra for using their services. PayPal may also be eclipsed by other forms of payment in the future, like Google Wallet, Apple Pay, and Skrill, which all use tokenization technology.

Credit Card

Credit cards have been around for decades and are very strong forms of payment depending on what part of the world you live in. They are almost universally accepted with online merchants. If you have a credit card with a major company, you’re card is likely to have fraud protection which makes it a lot easier to deal with in the case of identity theft.

Pros – Credit cards are accepted by the vast majority of vendors online. If you already own a credit card, then you don’t have to worry about creating a new account with a web-based form of payment (like PayPal). Additionally, if your information is stolen, you can work with your credit company to cancel and replace your card. Credit cards can also provide certain reward benefits that can cut your shopping costs (if you don’t accumulate debt, of course).

Cons – There is no tokenization process when you use a credit card directly to purchase something online. Therefore, you are putting very sensitive information out there and therefore it’s good to limit this payment method to companies you really trust are secure.

Debit Card

Debit cards look and act like credit cards, but are generally attached to a bank account and are not based on credit. They are simply a plastic substitute for cash, which is useful for the pragmatic and spending conscious shopper.

Pros – The process of tracking your payments and finances is much easier with a debit card. Additionally if you use a prepaid debit card, the amount of damage that can be done is limited (since prepaid cards are not tied to a bank account, but rather a fixed amount of cash like a gift card).

Cons – If your debit card is stolen, it’s much harder to get your money back if the thief goes on a reckless spending spree. While this is being remedied by some institutions, using a form of payment that is directly tied to your bank account is unwise unless you are using a very reputable merchant.

What a legitimate (and safe) vendor looks like

Don’t be fooled by a pretty website

Just because a vendor has a nice website, that doesn’t mean the vendor is keeping your financial information safe from digital thieves. In fact, they might even be fraudulent themselves!

It’s incredibly easy to set up a good website nowadays. Sites like Strinkingly, Foursquare, and even WordPress make it so that you can set up an attractive website in under an hour with no coding knowledge whatsoever. Additionally, the increase of freelancing sites means that anyone can easily hire a worker to create them an attractive looking page, even if it doesn’t actually have any of the proper safety features to support shopping online.

Phishing sites are also a big issue. These are created when a crook steals the source code of a website and uses it to create another identical website. So double check the URL before sharing your information – to make sure you’re dealing with a legitimate vendor and not a copycat.

Clicking “view page source” is all a scam artist needs to do to create a phishing site.

The truth: Online vendors want to get your money, and many of them don’t care to do it the right way because they want easy money fast.

The 6 signs of a secure vendor

A safe vendor will communicate to its customers on its website or through customer support how they keep personal information safe from harm’s way. Although there is no way to keep private information perfectly safe online, there are a few standards that a good vendor will adhere to.

1. Has a secure website

Unfortunately there are a lot of fake vendors out there just waiting for you to visit their website so that they can infect your computer with malware or steal your personal information. Don’t use an etailer just because they have the lowest price! Find a good phishing filter for your browser of choice, and avoid shopping at any sites that trigger a warning. Then immediately run your Emsisoft scanner to detect any malware that could have made its way onto your system!

2. Utilizes Secure Sockets Layer technology (SSL)

Look for the lock symbol.

SSL is another baseline requirement for secure online shopping. This technology establishes an encrypted connection between a website and your browser. This secure connection helps keep personal information safe, and any vendor that is collecting your credit card information should have an SSL certificate. This is very standard for online vendors, and it is usually represented with a little lock icon situated before the site URL.

SSL alone will not protect you from all threats, and you should learn about infamous vulnerabilities on our blog.

3. Never asks for more information than necessary

It’s true that vendors have to ask for very personal information in order to process and ship your order, but there is a limit to what they should require you to disclose. Never trust a merchant that asks for an employee ID number, social security number, bank account number (this may be safe with Amazon or PayPal, but you should hesitate to give this number directly to a vendor), salary or tax information, or anything that may identify your family or friends.

4. Subscribes to safety certifications

If you want to be extra secure when it comes to shopping online, it may be worth it to invest a little time and research into the standards your merchant has in place to handle your private information. You may find that many vendors outsource this part of their business to safety experts.

For example, here at Emsisoft we don’t process our own customers’ payment information. Instead this is handled by Cleverbridge. Cleverbridge is certified with Safe Harbor, a commerce framework that was developed by the U.S. Department of Commerce.

Additionally, most secure vendors comply to payment card industry data security standard (or PCI DSS). PCI DSS is a standard put forth by the Payment Card Industry Security Standards Council, which was formed in 2006 by American Express, MasterCard, Discover Financial Services, JCB and Visa International.

The PCI DSS has 12 requirements for compliance, which includes regular testing of security systems, encrypting transmission of cardholder data, and maintaining a firewall configuration among other things. If you are unsure of how a vendor stores data and keeps customer information safe, it’s best to send an email and check to see if they are PCI DSS compliant or certified.

While a certification does not mean that the vendor is completely safe with your information, it does mean that there are some standards and protocols in place to prevent a data breach, as well as to minimize damage in the event of one. Consider reading the privacy policy of your merchant of choice to get a sense of the type of systems they have in place.

5. Has trusted site seals

There are a number of trust seals that can give a good indication on a vendor’s trustworthiness. Which one to look for depends on your location.

For example, in Europe the Trusted Shops awards certified shops with a European trustmark to allow customers to shop online with confidence. Every shop that gets this trustmark has been screened thoroughly on a number of criteria, including buyer protection.

The TRUSTe seal is another commonly used seal for online stores that focuses on privacy protection. TRUSTe assesses, monitors, and certifies websites, mobile apps, cloud, and advertising channels to allow companies “to safely collect and use customer data to power their business”. Additional site seals are the Better Business Bureau (US) and the “Norton Secured” badge.

6. Has happy customers

Certifications are not the only way to know whether a vendor is trustworthy or not. Checking a merchant’s reputation is very easy online, and it can make a huge difference in maintaining your privacy.

Go to your search engine of choice and type in <vendor> review, or <vendor> experience. Make sure to read reviews from about a dozen different sites if possible, because review sites can be fraudulent as well! Sometimes fake reviews and sites are created to support scam vendors, so be wary if all reviews are unrealistically perfect. 

Online shopping safety checklist

Knowing that vendors are responsible for your privacy may have you feeling powerless and overwhelmed. But if you follow the list of safety guidelines below, you’ll greatly reduce your chances of financial fraud:

• Keep your social media profiles private if possible, or limit personal information if you choose to keep them public. Credit card thieves will use the information on these sites to fill in the blanks and run up your limits!


• Install appropriate phishing filters and trustworthy anti-malware software.


• According to the Wall Street Journal, small vendors are more likely to experience a data breach. Sometimes big retailers may not have the product you need, so it’s important to be extra vigilant with your research of smaller etailers.


• Spend some time researching before you make a purchase with a new vendor. What are their reputations on review sites? What certifications do they have? What forms of payments do they take?


• Also check a new vendor’s contact details. Make sure that they are consistent with the address the company is registered with.


• Never trust a vendor that asks you for your payment information via email. This is not a secure method, even if the vendor has the best of intentions. Additionally, don’t send money upfront if there is any doubt that the vendor may not deliver.


• Use a cancellation-enabled payment method like PayPal or credit cards. NEVER send cash or check (or wire money upfront)!


• Read the vendor’s return, shipping, and privacy policy. Be aware of how they store data, and what guarantees they make about their products as well as your information.


• Similarly, avoid using the phone to process your payments if you can. Your information can be stolen this way, and some vendors don’t realize that they need to secure these lines just as rigorously as their online payment forms.


• If you haven’t already, learn what your credit card provider’s policy is on unauthorized charges. The card you use for online shopping should have limited to no liability if your information is stolen.


• Record all the details of your transaction with screencaps, receipt or order confirmation number, and the date. Awareness of your online purchases is critical to recognizing theft when it happens.


• Check credit card accounts online regularly for unauthorized charges however small—you generally have 30 days to report suspicious activity, but this can vary per credit card provider.

You can never completely protect your information online unless you avoid the web entirely! This is obviously an extreme measure and we don’t recommend it. Instead, we recommend making informed choices about what payment options you use online, what information you choose to share, and which merchants you do business with.

The online shopping landscape will continue to change, and the specific requirements and standards for a safe vendor will as well. But something that won’t change is that there will always be someone trying to get a hold of your money. So be vigilant and stay educated, and you’ll remain ahead of the curve.

Have a great, theft-free day!

Related Posts:

• How to avoid losing your hard earned money to online…


• How to avoid losing your hard earned money to online…


• Point of Sale Alert: Staples Investigating Potential Data…


• Michaels Arts & Crafts Confirms Data Breach


• Home Depot – 56 million Cards, Largest Retail Breach…

Safe online shopping? How to recognize a trustworthy vendor