And, with Black Friday/Cyber Monday on the horizon, it’s likely that we’re all going increase our online spending again. Research suggests that the ordinary shopper will spend an average of £275 this year (finder.com).
As more of us rush online for the annual sales, unfortunately cyber-criminals are ready and waiting to cash in. With online attacks becoming increasingly sophisticated and your inbox brimming with promotional emails, it can be hard to tell the difference between a real bargain and a scam.
So, to make sure you don’t give cyber-criminals an early Christmas present, follow our tips on how to stay safe when shopping online.
As we get closer to Black Friday/Cyber Monday, your inbox will probably be filling up with offers from online retailers. While a good deal of these may be genuine, there’s a good chance that some of them are actually phishing attempts, where cyber-criminals try to lure you to fake websites with offers of last-minute deals, or convince you to part with your personal information.
Previous scams have included fake prize-winning emails, Royal Mail correspondence about attempted parcel deliveries, and unbelievable retail offers.
If you receive an email or text about an amazing offer that sounds too good to be true, pause before you click on the link – it most likely is. To attempt to lure you in, cyber-criminals create dummy ‘lookalike’ websites that imitate those of familiar, official brands. Clicking on one of these links could send you to a fraudulent website that can either mirror your screen to see what personal details you input on security forms or require you fill in your bank details. This allows them to steal your money or infect your tech with malware.
Key features of these types of sites? Spelling or grammatical errors you wouldn’t expect from an official retailer, overly informal correspondence, and blurred or incorrect logos .
If you’re unsure about the link but you really want to see if this is a genuine offer, go directly to the source of the advertised deal by typing the known website address directly into your browser, or search for it and follow the search results. Alternatively, hover over the sender’s email address or any links within the email for a few moments – it should allow you to see the web address it links to. If the email doesn’t come from ‘@retailername’, or hovering over the links show that they redirect to an unknown sender, it’s highly likely the email is a scam.
Fake websites, adverts, and apps can be difficult to spot. Before visiting a new website or downloading a new app, it is a good idea to do some research and check consumer websites for reviews or any complaints.
We know how tempting it is to grab a great deal immediately, but make sure you’re using a secure Wi-Fi network before you make your purchase. As useful as it is when you’re out and about, free, public Wi-Fi is unprotected – meaning cyber-criminals could have direct access to any data transferred from a device using the network and could potentially steal credit card numbers, passwords, and other sensitive account information.
When making online purchases, it’s best to use a credit card, as the majority of providers protect online purchases and are required to refund under section 75 of the Consumer Credit Act when certain circumstances apply – such as if the retailer has failed to supply good purchased or the goods that have been supplied are not up to standard. Debit card payments, on the other hand, are not covered by this Act.
Using a credit card also has the benefit that if your payment details are stolen, your main bank account won’t be directly affected.
Using an online payment platform such as PayPal or Apple Pay can also offer added protection, as these platforms are intermediaries that process and authorise your payments, meaning the retailer doesn’t actually see your payment details.
Regardless of how you pay, when you’re ready to make a purchase, make sure there’s a closed padlock icon in the address bar of the browser. This means that the connection to the website is secure (although the retailer itself is not guaranteed to be legitimate). If there is no padlock icon or the browser says not secure, don’t use the website.
Be careful about what details you give away when making an online purchase. Only fill in the required details that are marked with an asterisk (*) such as your payment details and delivery address. If the website asks for security details such as the name of your first pet or your mother’s maiden name, don’t provide these as you shouldn’t be asked for them when making a purchase.
Try to avoid creating an account when bagging your bargain, particularly if it’s a new website you haven’t used before. You can often use guest checkout, or use an online payment platform such as PayPal, to avoid having to create an account. This way, all of your details aren’t on a file ready for unseemly characters to steal.
Similarly, you may get asked whether you want to save your payment details to make the process quicker next time you checkout – don’t save your payment details unless it is a website you plan on using regularly.
Most of us have lots of different online accounts but, if you’re using the same password for each account or ones that are easily guessable, you’re putting yourself at risk. Cyber-criminals could steal the password from one account and then use it to access your others. You should, at the very least, make sure that vital accounts – such as email, payment accounts, banking accounts etc – have strong passwords that you don’t use anywhere else.
Creating strong, memorable passwords for all your accounts can be tricky; password manager apps, however, can circumnavigate this by creating and storing your passwords safely.
Using multi-factor authentication (also known as ‘2FA’) adds an extra layer of security. After inputting your password, you’re then asked to confirm your identity via a second device by entering a one-time code sent to your phone. This makes it much tricker for hackers to access your account, even if they know your password.
At this time of year, our email inboxes are constantly pinging with offers and marketing communications. Meanwhile, online attacks are becoming increasingly difficult to spot, as hackers become more adept at finding ways to steal your information. That’s why it’s usually best to follow your gut instinct – if it’s telling you that something is wrong, that’s often because it is.
The most important thing to remember is, if something looks suspicious, stay away and don’t take the risk!