We all know the drill in the countdown to Christmas.
Michael Bublé, cheese and crackers and a mad rush to get our festive gifts bought and wrapped for the big day. But instead of traipsing up and down the high street in search of bargains, more and more UK consumers are opting to do their seasonal shopping online.
Although browsing the web offers discounts, fast shipping and convenience, online shopping is not without risk. Christmas may be the most wonderful time of the year — but it is also the most rewarding for hackers attracted to the explosion of digital transactions made during the holiday period.
Cyber criminals are on the hunt to exploit consumers through social engineering scams such as ransomware and phishing attacks and get their hands on your personal information — like bank details and address — which they can save for their fraudulent activities.
Want to keep your Christmas scam-free? Take a look at our top tips for shopping safely online…
Do your research
Before following a link to any promotion or offer sent to you via text or email, take a look at the source and website addresses. Many fake web pages and malicious links have subtle typos that catch people out, so make sure you check these carefully.
It is also wise to research the business you are buying from to see whether any other customers have left feedback about potential scams. If you are unsure whether a link is trustworthy, try to access the company’s website by typing it into a search engine instead.
Put it on the plastic
If you have a credit card, now is an excellent time to put it to use. Most leading credit card providers are obliged to refund you in the event of a cyber attack or fraud, providing an extra layer of protection as you shop online. Alternatively, scammers get a direct line to your funds if your debit card is compromised.
Make sure you also regularly check your bank statements for unwanted transactions. If you do come across one you do not recognise, call your bank provider to start an investigation.
Keep personal info under wraps
When making a purchase, only fill in the mandatory details marked with an asterisk (*) — this will typically include your delivery address and payment details.
If the website asks for security details (like your mother’s maiden name or the name of your first pet, for instance), walk away. It is likely hackers are looking for clues to infiltrate your personal accounts.
Unless you are a regular customer, avoid creating an account with an e-tailer to protect your data when you place an order. Where possible, carry out payments via online platforms such as Apple Pay or PayPal to ensure the company never accesses your payment details during a transaction.
Lock down your accounts
Did you know that more than 80% of confirmed breaches are related to stolen, weak or reused passwords?
To avoid a similar fate, set up multi-factor authentication (MFA) across your online shopping, banking and email profiles and choose secure passwords consisting of three random words. Measures like these can prevent hackers from getting into your accounts and stop a cyber attack from spreading in the event of a breach.
Check your connection
Most reputable organisations will have a closed padlock icon next to their web address, which should start with ‘HTTPS’ rather than ‘HTTP’ to indicate the site has secure sockets layer (SSL) protection. Although this does not guarantee the retailer is reliable, it does ensure the connection is encrypted. If the symbol is not there, or your browser says the page is not secure, you should avoid entering any financial information.
Making online purchases on the move? You must ensure you are doing so on a private or secure network — and that no one is looking over your shoulder when you submit your details. Never connect to a public hotspot you are unfamiliar with — even if it is free — and consider using a virtual private network (VPN) to be extra safe.
Trust your gut
You probably already get many messages from online stores as a result of ‘opting in’ to receive communications from them. But lurking amongst these real emails and texts may be a phishing attack attempt or two that are hard to spot…
Got a funny feeling about an email? Forward it to report@phishing.gov.uk. Received a suspicious text? Send it to 7726. Visited a dodgy website? Report it to the NCSC. Keeping an eye out for potential cyber criminals could not only save you, but also other shoppers.
If you are worried that you may have fallen foul of a phishing attack or believe you have received a scam communication, report it to the authorities and to the provider of any account that may have been affected.
Remember, if it seems too good to be true, it probably is!
Our team of information security consultants is on hand to answer your cyber security questions and help you develop an IT strategy that will keep your systems secure and your business productive. Contact us today at 01252 84 or email info@burningtree.co.uk to discover how our consulting services could benefit you.