Attention, Smartphone-Using Shoppers: Scams Are Hard To Spot

Lots of people have smartphones, and lots of those people will be using them to do their holiday shopping. But according to a top security company, smartphone shopping could lead to lots of security problems.

The security company BitDefender recently issued its list of best practices for holiday shopping, and topping the list is this: "Be wary of the small screens on mobile devices."

BitDefender explained that most mobile devices that can access the Internet and be used to make online purchases – smartphones, iPods – have small screens that often prevent the web browser from displaying a site’s full URL. This small scale problem poses a huge security risk.

"A link may begin with a legitimate store name but actually redirects you to a malicious site," BitDefender said.

It is common practice to send shortened URLs on social media sites such as Facebook and Twitter. Because corrupted files can be hidden in legitimate-looking URLS, these social networking giants are prime targets for scammers looking to get their malicious messages out quickly, and get them to spread.

Also high on BitDefender’s list of safe online shopping tips is: "Avoid purchases while surfing on public Wi-Fi."

As demonstrated several times in the past few months -- most notably in the case of the Firesheep hacking tool – public Wi-Fi networks are hacker hotspots. The recent "ethical hacking" study by the British insurance company CPP demonstrated how insecure these public networks are: Sitting in coffee shops and restaurants, the hacker gained access to more than 350 usernames and passwords in one hour.

"It’s fine to search for gifts while sipping a peppermint latte at the coffee shop, but don’t enter personal information while you’re out and about – open networks mean a hacker could easily steal information like usernames, passwords and credit card numbers," said BitDefender.

If shoppers have to purchase an item while on a public Wi-Fi network, security experts urge them to make sure "https" appears in the URL (the site's address) before entering payment information. This prefix indicates that the site is using secure sockets layer (SSL) encryption.

And as is often the case regarding holiday shopping, BitDefender says if an item looks too good to be true, it probably is.

"Found a price or product from an unknown site that's too good to be true and you’re not sure if the site is legit? Check it out on respected review sites as well as with the Better Business Bureau," said BitDefender.