Ahead of the day for online shopping bargains, Black Friday, the UK official National Cyber Security Centre (NCSC) has re-issued advice on how to avoid scam websites and purchase items securely:
Choose carefully where you shop;
Use a credit card for online payments;
Only provide enough details to complete checkout;
Keep your accounts secure;
Watch out for suspicious emails, calls and text messages;
And the NCSC offers advice on what if things go wrong, starting with; let your bank know straight away.
While the NCSC points out that the advice is only a refresh, it’s updated particularly in terms of using online payment platforms and how you can report dubious-looking adverts to the Advertising Standards Authority (ASA).
Among the advice; that padlock icon besides the website address in your browser doesn’t guarantee that the retailer itself is legitimate/reputable (and that their website is secure). It means that the connection is secure.
If possible, don’t create an account for the online store when making your payment. You can usually complete your purchase without having to create an account, or by using an online payment platform (such as PayPal). If you think you’ll become a regular customer with the store, then you may want to create an account.
As for passwords, if you’re using the same one for your online accounts (or using passwords that could be easily guessed), then you’re at risk.
More at the NCSC website.
Comments
Shoppers have little option but to rely heavily on e-commerce this holiday season, said security intelligence software firm RiskIQ CEO Lou Manousos. “This year’s bad holiday actors will capitalise on COVID-19 and the increase in online shopping by using the brand names of leading e-tailers, as well as exploiting the poor security habits of consumers.”
David Emm, Principal Security Researcher at cyber firm Kaspersky said: “Online shopping is a tempting and easy way to part with our hard-earned cash. Emails with bargains and offers land in our inbox and with just a few clicks the goods can be winging their way to our homes without us having to ever leave the sofa. But this can be a risky business at the best of times.
“As brands launch seasonal sales over the next few weeks ahead of what is predicted to be one of the busiest Black Friday and sale shopping periods ever for online retailers, scammers are more primed than usual to take advantage of unwitting consumers. Given the year we have had, any bargains or major discounts will be very tempting as many people try to make the most of the festive period. However, we encourage shoppers to be mindful and think about the data they are handing over in a bid for a bargain. Think about whether it’s absolutely necessary to share your personal information for each purchase and if it’s not, is it just a trick to lure you into disclosing your data. By ensuring deals are genuine before making any purchases, consumers can reduce the risk of potential pitfalls and enjoy their Christmas.”
Matt Cooke, Cybersecurity Strategist for EMEA at the cyber firm Proofpoint said: “Our research has shown that UK retailers may be exposing themselves and their customers to cybercriminals on the hunt for personal and financial data, by not implementing simple, yet effective email authentication best practices. Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target.
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation and retailers are no exception to this. Ahead of Black Friday, consumers must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal bargains.”
