Cath Goulding
CISO
It’s hard to believe that we are fast approaching Christmas; time seems to have been suspended since mid-March. But festivities will soon be upon us and, with many areas of the UK still in lockdown, shopping for the season for many of us this year will likely be online.
For those of us fortunate enough to have reliable connectivity, our lives have become more ensconced online this year. A recent YouGov poll found that 22% of us are spending over eight hours online each day, with 18% of people spoken to admitting they were now shopping online for the first time.
Many businesses also made the move online in a bid to keep afloat in challenging times. We’ve seen the evidence at Nominet in our registry data, with April registrations being 12% higher than March and daily registrations of domains that highlight they are “online”, “virtual” or “live” more than doubling in this period.
As one who specialises in cyber security, my concern is for all the ‘new faces’ now spending money or selling goods and services online. Have these SMEs taken every precaution to keep their systems and processes, their staff and consumers – and all the associated data – secure in this digital environment? (Check out this great advice for SMEs from the NCSC if you aren’t sure.) And are new shoppers aware of the simple but crucial steps to take to protect themselves online?
There is another group to fear for too: the over-familiar. Action Fraud data showed that almost a quarter of the people who fell victim to online shopping scams in the Spring lockdown were aged between 18 and 26. As a generation that is largely familiar with and confident using digital tools and the internet, are they becoming desensitised to the risks?
As we nudge into the busiest time of year for shopping – and online scams – it feels like a good opportunity for us all to refresh our cyber security behaviours. During the Christmas shopping period last year – according to figures released by Action Fraud recently – criminals conned 17,405 shoppers out of almost £13.5 million, a rise of over 20% compared to same period last year. Most alarmingly, over £3 million lost over the Black Friday-Cyber Monday weekend alone. Don’t let that be you for 2020. Read on for my top tips for staying cyber secure when online shopping for Black Friday and beyond:
Don’t believe the hype
Adverts you see on social media or emails and texts that promise amazing deals can often be scams. Don’t click on a link you have been sent, and research everything thoroughly before you decide to buy when you see a ‘great deal’. If it sounds too good to be true, it probably is.
Check the website address
Manually type in the website you want to visit rather than clicking on links sent via email – criminals pepper our inboxes with links to authentic-looking websites which they have under their control. If you’re considering purchasing off a website you haven’t heard of, research them carefully, looking for reviews and checking on the website www.virustotal.com, where you can see if the url is suspicious.
Only use secure payment pages
Before entering your card details, make sure the payment page starts with https (the ‘s’ stands for secure) and that there is a closed padlock symbol next to the website address in your browser. This means the website is secure – but it doesn’t mean it’s not fraudulent, so complete all your other checks too.
A credit card can help protect you
Pay by credit card whenever possible. Direct payments are harder to recover if the transaction proves to be fraudulent and paying with a credit card allows you to review the payment again before you settle your bill.
Log out completely to protect your details
If you have logged in to a website or an app to make a purchase, make sure you are logged out before you move on, rather than simply closing the page to keep your details secure.
Secure your accounts
Make sure your accounts are as secure as possible before you start shopping. This involves regularly changing your passwords – never duplicating them across accounts – and implementing two-factor authentication (2FA) where available. Use a password manager to help you create and keep track of passwords (the NCSC has some great advice). Alternatively, develop your own strong passwords: make them a minimum of 14 characters, which makes it harder for criminals to crack them. You can use words or phrases in your long password to make it more memorable for you.
Keep an eye Action Fraud
Action Fraud, the UK’s reporting agency for fraud and cyber crime, is where you should go if you are the victim of online fraud. By informing them of your experience, you may save others from a similar fate. Keep an eye on the Action Fraud twitter feed for updates about the latest scams to watch out for and remain alert.
~
I find that a healthy level of suspicion is your best friend when shopping online if you want to stay secure. Be aware that this time of year is peak scam season, so you can’t be too cautious. Reach out to your loved ones and colleagues to share this advice, especially if you know they may be new to online shopping in 2020. If we work together and support each other – as this year has proven that we are fantastic at doing – we can make sure it’s a cyber secure ending to 2020.
Some of these tips are from Get Safe Online, a great resource for free online security advice. Any incidents of fraud should be reported to Action Fraud – you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.
