Christmas Shopping  - Black Friday & Cyber Monday

Christmas is around the corner and we all know that means black Friday sales and Cyber Monday sales are an absolute time to catch a bargain! We love Christmas and who doesn’t? However, new research from the Bank of England not only suggests that we are spending more and more on season festivities and a considerable portion of this is happening online rather than in person or on the high street.  

Top tips on how to stay safe when shopping online: 

Stay up to date: Install the latest software and app updates. Information can be found on how to install updates from Apple, Microsoft and Google. Always use a verified trusted source for software updates and turn on automatic updates. 

Secure online accounts with a good password: If you are creating an account to purchase your Christmas goodies, make sure that cybercriminals are not going to be able to hack it. This means setting up a lengthy password, such as three random words, with the odd symbol or digit put in place for good measure. This makes the password extremely difficult to crack. It also acts as a 'pass phrase', which is easier to remember. Consider downloading a reputable password manager which will generate complex passwords and will auto-complete forms, make sure that the master password is complex. 

Turn on two factor authentication (2FA): Where possible turn on two-factor authentication (2FA). This is a way to double check the identity of a person when logging in e.g. by sending a security code to a mobile phone. Cyber criminals in possession of a password can’t access the account unless they have this "second factor". Your email represents the keys to the kingdom for any hacker. Not only does it serve as your username for multiple accounts, but it also allows you to correspond with online retailers and reset account passwords. Always use a unique password for your email and set up Two Factor Authentication so that a text is sent to your phone in order to log in. See here for more details. 

Links in emails and texts: Emails or texts offering amazing deals may contain links to fake websites, designed to steal money and personal details. Not all links are bad, but it's good practice to check by typing the sellers’ website address into the address bar of your browser or find the website through a search engine and only shop on sites that you trust.  

 

Check for ‘Spoofing’ in the URL: Some websites are bogus, but look entirely convincing.  You can often tell the difference between the real site and a fake one by carefully checking the web address. Cybercriminals will make minor alterations to this, to fool the innocent surfer. 

For example: 

marksandspencer.com might become marks&spencer.com 

amazon.co.uk might become amaz0n.co.uk (number zero substituted for the letter o) 

Look for HTTPS in the URL: ​When you shop online, you want to make sure that when you log in to your account; browse or pay for goods or services, that your connection is secure.  HTTPS gives you that security by encrypting your internet traffic. Never shop without it! 

The padlock sign means that the connection is encrypted, so personal information will reach the site without anyone else being able to read it, but it doesn't tell you who is at the other end of the connection. Use a credit card, as you get extra protection when things go wrong. 

Form filling: There are details that an online store will need, such as address and bank details, be cautious if they ask for details not required for purchases. Only fill in the mandatory details on forms (usually marked with an asterisk*). 

Be wary of ‘Malvertising’:

Be careful about pop-up adverts, which redirect you to other sites. Some of these websites are actually malicious. They will scan your computer looking for vulnerabilities and will download malware such as a virus or Trojan if this is the case.  

You can protect yourself by: 

  • Updating your device. This will fix the vulnerabilities that cybercriminals try to exploit. 

  • Updating your browser to the latest version - see here to check. 

  • Changing your browser settings to block pop-ups and ads. 

  • If you wish to close an ad, always click the ‘X’ in the top right-hand corner and not the ‘Close’ button which can actually be a malicious link. 

  • Always use up-to-date antivirus software. 

I Think My Account Has Been Hacked, what do I do? 

Contact your bank: They will most likely cancel your cards and reissue a new one. They are also likely to monitor your account for signs of fraud. 

 

Change your password and turn on 2FA: If you can access the account, change your password and make sure that a text has to be sent to your mobile before you can log in. Unfortunately, you are going to have to do the same for any other online accounts you have that used the same password, the advice is NOT to use the same password on multiple accounts for this very reason. Generally, a cybercriminal will attempt to use any found passwords on popular sites to gain access. 

 

Check out your account settings: Some online accounts will allow you to check what devices and apps are connected (which you can disconnect if they are unfamiliar) and recent log-ins (date, time, IP address, browser and device type). 

 

Contact the merchant: Not only will they monitor the account for unexpected transactions, but they may also collect evidence which may be required if you have been a victim of fraud and are seeking compensation. 

 

 

Reporting:

Please report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online

Forward suspicious emails to report@phishing.gov.uk

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).