With the holiday season quickly approaching and the Pandemic tier level restrictions being unclear, many of us are turning to online shopping to purchase gifts this year. In fact, a recent Springboard survey of 1,000 shoppers reported that 61.2% plan to spend more online with only 20.4% spending at bricks and mortar stores this season.
Many of us are trying to reduce the risk of spreading the virus by not visiting physical shops. While this helps protects us from the COVID-19 virus it does not shield us from the risks of online shopping. We must now, more than ever, be vigilant with our online security behaviours.
In this post, we’ll look at current tactics that online scammers are using to target consumers and offer five tips on how to stay secure when shopping online. We’ll begin with Phishing scams that are one of the most common attacks conducted through text messages and emails.
1. Watch out for suspicious messages, Phishing and Vishing scams
Have you ever received an enticing instant message through a text or Facebook Messenger with a huge discount that was just too good to be true? Well, it probably.
During the holiday season, you may be overwhelmed with tons of these messages from online retail stores. Cyber criminals see this as an ideal time to take advantage of the victim being easily distracted and more likely not to spot fake messages. These scam messages will include links to a fake website that looks similar to the designs and URL address of a genuine online retailer. Or the message may contain a link to prompt your mobile or computer to download a file containing malware (malicious software). The hacker then uses this software to gain access to your sensitive data.
So how do you spot the fake messages? First, be aware of links or URLs that seem suspicious. These could be identified by being strangely worded or misspelled. Within email messages, you can check the return address and if it doesn’t match the address it was sent from – then it’s most likely not legitimate. You can take an extra step and place the retailer’s name in an internet search and if the URL does not match the one provided in the message then do not click on it.
If you receive a Vishing call, you can conduct a reverse number lookup through a site such as Who Called Me that will identify any known and reported scam phone numbers.
If you’ve already clicked on the link, check to see if the website is secure. If the URL is secure it will begin with ‘https:’ and have the padlock icon proceeding the website address like the below image. If the padlock icon is not present on the site, then do not use it.
Even though the padlock does not guarantee that the retailer is legitimate or reputable, it does ensure the connection is encrypted.
2. Avoid purchasing over Wi-Fi connections
It’s never a good idea to use public Wi-Fi to purchase anything online because the connection is not secure. You could run the risk of a cyber attacker monitoring your activity and tracking your payment card details.
Cyber criminals exploit flaws in the network to capture traffic going to and from Wi-Fi users’ devices. This common attack is known as the man-in-the-middle.
To ensure you don’t fall victim to this attack, always connect to the internet using your mobile data when you’re not at home on a private network. Additionally, you can use a VPN connection as it adds another cryptographic layer, although not perfect, it’s better than using an insecure or public network.
3. Provide limited details to complete your purchase
Even the most secure website will never be 100% attack free. The best rule of thumb is always to limit the amount of personal information you provide on any website and avoid creating an account if possible.
When purchasing online, stop for a moment, and question if the information that is being asked for is too much. Only fill in the required fields that are marked with an asterisk (*). These will typically ask for your name, address, email and payment information. Avoid including any extra fields such as your phone number.
If you can avoid creating an account, then please do as this will stop your data from being stored. Some sites may allow you to use an online payment option such as PayPal instead of creating an account and entering your credit card details.
4. Consider using credit cards and payment platforms
If you do run across a fake website and make a purchase, there are options to help protect yourself. Many major credit card providers will protect online purchases and refund you or stop payment when a fraud incident occurs. By using a credit card rather than a debit card you can ensure that if payment details are stolen that your bank account will not be touched.
Also, online payment platforms such as PayPal are a good option as they will hide your payment details from the retailer. Some platforms may also provide a dispute resolution service in case anything does go wrong with the retailer.
5. Lastly, don’t panic!
If you responded to a suspicious email or text message or visited a scam website, don’t panic. You may be able to get your money back if you’ve followed the tips to use a credit card or payment platform.
In the case that your money was lost from a scam, contact your bank immediately or payment platform such as the PayPal Resolution Centre. You can report it as a crime to Action Fraud to help prevent others from becoming targets of the same cyber crime.
You can also report suspect emails to the UK Government’s Suspicious Email Reporting Service (SERS). They will investigate the message or website and if found fraudulent the address it came from will be blocked. Plus, any malicious website it links to will be removed.
We hope this post was useful and helps you to stay safe online during the 2020 holiday.
Want more consumer online safety tips to stay secure this Christmas? Visit the Stay Safe Online Organisation’s website, which Risk Crew proudly supports.