Don’t gift wrap your personal and financial data for others this holiday season. Instead, use these tips from Information Technology Services to shop safely online.
• Stick to secure, reputable sites. Online ads and tempting deals can be traps. Stick to well-known brands with verifiable contact information, a published returns policy and customer reviews. Check unfamiliar sellers out at www.bbb.org/scamtracker. And look for the lock symbol and https:// in the web address before entering your credit card information. The "s" means the site is secure.
• Use a dedicated credit card or payment processor. Avoid using debit cards, which have less protection, and consider using a service like PayPal, Google Pay or Apple Pay. Monitor bank statements and credit card transactions. Be cautious when vendors insist on payment through gift cards. Scammers often prefer this method because it's difficult to trace.
• Don’t overshare information. Be wary of any retailer requesting more information than you feel comfortable sharing, like a Social Security number. Note whether form fields are required or voluntary. If an online store requires something you don’t think they need, find another retailer.
• Use only secure Wi-Fi. Logging into banking accounts or placing orders via public Wi-Fi puts your information at risk. If you must buy a few gifts online while away from your home network, use a virtual private network, VPN, or mobile hotspot.
• If it sounds too good to be true, it probably is. Have a general sense of how much the items you want to buy should cost. That helps you recognize prices that are too good to be true. You might pay less, but you also might get an item that doesn’t match the description or is counterfeit. You might not get it at all.
• Be wary of fake payment confirmations and shipping notifications. Be skeptical of emails, text messages or phone calls, even those claiming to come from your bank or a well-known company. To validate shipping and delivery information, go back to the trusted site to review. Don’t respond or click on attachments or links without verifying the legitimacy of the message.
Although the WVU Acceptable Use of Data and Technology Resources policy does allow incidental personal use of University-owned computers, if it doesn’t interfere with work, faculty and staff should not expect privacy or confidentiality. And remember, never use your WVU Login credentials for personal accounts.
Learn more at DefendYourData.wvu.edu and forward suspicious-looking email as an attachment to DefendYourData@mail.wvu.edu. Employees can also use the Report Message button in Outlook.