Cath Goulding
CISO
What were once shopping events owned by the US, Black Friday and its seasonal shopping counterpart Cyber Monday – which take place on the Friday and following Monday after the Thanksgiving holiday – have now firmly made their way across the pond and into our calendars. Last year, we spent £2bn in store and online in 24 hours and £3.3bn over the entire four-day weekend. What was once focused predominantly on the sale of electrical goods, has now developed into a key sales date for all types of retailers looking to boost sales ahead of Christmas.
The potential online goldmine has unfortunately not gone unnoticed by online scammers and cybercrooks, who look to take advantage of innocent shoppers searching for the best deals. To avoid falling foul to their tricks, here are my top tips for staying safe online during the seasonal shopping surge and beyond:
- Passwords: Sounds obvious, but having a robust password is your first and best defence against hacking. Think of a ‘passphrase’ rather than password too. Make sure they are long or complex – or both. Try to use 14 characters; avoid the most common passwords such as ‘password’; don’t use a number sequence (1234, 1111); always use uppercase letters, symbols, numbers and spaces – for example ‘I love green apples’ becomes ‘l10v3_gr33n @pp13s’; don’t use family names or personal information like birthdays; and don’t use the same password across different accounts.
- Password management: If your passwords are strong you won’t need to change them very often. If you must write them down, do make sure they are kept securely somewhere and away from prying eyes… Of course, remembering passwords for the many accounts we all have these days can be tricky so you may want to use a password management tool such as LastPass and 1Password. They are often free to download, offer encryption and can generate random secure passwords for you. Which one you choose is up to you.
- Keep anti-virus software up to date: Before you start shopping, make sure all software on your computer is up-to-date, including your browser, the security updates recommended by your operating system and other apps you may use, to stand in good stead for the approaching holiday shopping season. You can also run updates on your firewall and anti-virus software to make sure you have the most recent security updates. Don’t just update your laptop either. Make sure your tablets, phones and any other devices you use have appropriate security software and latest operating system updates on them too.
- Beware of WhatsApp, text and email scams offering irresistible deals: Recently WhatsApp users were warned of a new scam, which appears to come from a stored contact, offering a free £100 voucher to use at Sainsbury’s or Topshop. The scam cleverly tricks the user to click on a link which appears to lead to the retailer’s website, only to direct users to a scam webpage that will install cookies on the victim’s phone and serve them adverts when they surf the web, ultimately serving as a revenue for the cybercriminal. It can also be used as a phishing attack, tricking users into giving away passwords through a seemingly legitimate webpage and therefore putting their money at risk. As scammers become more advanced in the way they target consumers and using our most popular forms of communication to target us, we need to increase our awareness of the tactics and remain cautious. The very nature of Black Friday and Cyber Monday, where deals often offer huge discounts for a very limited time, means consumers will become a target for scams like this. The general rule of thumb to follow is that if a deal sounds too good to be true, it usually is.
- Avoid public WiFi: If you’re shopping via your mobile whilst on the go, avoid using public Wi-Fi. According to Norton, 57% of people believe their information is safe when using public Wi-Fi and only 35% can tell the difference between secure and unsecure Wi-Fi networks. As public Wi-Fi requires no authentication to establish a network connection, hackers can steal the information you are accessing – for example bank details, private emails and security credentials – by positioning themselves between you and the connection. This is called a ‘man-in-the-middle’ attack.
- Use secure websites: Make sure that the web address of the page starts https:// and shows the padlock symbol before you enter any personal information or payment details. A good tip worth knowing is that the “s” in https stands for secure so if a site you visit for shopping doesn’t have this then it’s best to avoid it altogether.
- Research the retailer before buying from them: If you stumble upon an upcoming online retailer that is less known than the established players, make sure you spend a little time on Google, for example, to find out the experiences of other buyers. If the site sells fake goods or fails to deliver paid for items, you will usually be able to find this out online. Also, look for online reviews and sites that are part of an independent approval scheme, such as Which?, Trust Pilot or Consumer Affairs as this will help you to quickly see whether a site is genuine. Remember, a firm may have a great-looking website, but that doesn’t make it honest.
- Check your bank statements and be careful when using debit cards: Be extra diligent when checking your bank and credit card statements and report any unfamiliar transactions immediately. If you want to employ good practice for online transactions, use credit cards or a PayPal account that’s linked to a credit card. Banks have several safeguards to prevent fraudulent withdrawals, but if you card is cloned you’ll often have a delay before your money is returned whilst an investigation takes place.