While most people are aware that there are dangers associated with shopping online, many are unaware of how their data is used and what the consequences could be. Cyber criminals can use your personal data to open credit card and bank accounts in your name, make purchases using your accounts (including illegal items), obtain credit cash advances and even steal your identity.
This holiday season could be a lucrative time of year for these criminals who anticipate that consumers may lower their guard slightly during the rush to bag the best deals on sought after items.
Tom Gaffney, Security Consultant from F-Secure, is issuing advice to consumers on how they can stay safe when shopping online in the run up to Christmas and beyond…
BE CAREFUL WHERE YOU SHOP
You may be desperate to get hold of that best-selling toy that’s at the top of your little one’s wish-list, or the new PS5/Xbox Series S/X for your teen, but be careful where you buy from as scams can take place on any kind of online platform, from Amazon to Facebook. It’s also not uncommon for fraudsters to set up fake ecommerce sites.
Firstly, keep in mind that if anything online seems too good to be true – it probably is. If a seller is actually selling a very high-demand item, expect the price to be high.
If you’re wary of a site, do your research – Google is full of retailer reviews. Saying that, online reviews can be faked so if you see nothing but positive feedback and can’t tell if the writers are legit, follow your instincts. Also, check the website for a physical location and customer service information and see if their social media channels are active. Another key feature to look for is the little lock symbol that appears in the corner of the URL field. This indicates that the website you’re on is safe. Also make sure that the website you’re on is “https” not “http” as the ‘s’ stands for secure.
Once you’ve checked that it’s a legitimate site, use a credit card where possible for added safety as most offer consumer protection against fraudulent sites.
If you’re buying directly from someone i.e. via Facebook marketplace make sure you talk to the seller and ask for more information if necessary, for example the pictures of the product itself with a handwritten note to prove legitimacy. Never give out your details directly to the seller over email or messaging apps, but use the marketplace’s functionalities or services such as PayPal to do the transactions. Never use PayPal Friends and Family transactions when buying things online as PayPal does not reimburse payments sent using this functionality, or transfer money directly into their bank account.
CREATE STRONG UNIQUE PASSWORDS TO PROTECT YOUR ACCOUNTS
Most ecommerce sites will require you to set up an account to make a purchase. The average person has 18 password protected accounts and worryingly, recent F-Secure research found that 41% of people use the same password on multiple accounts and 56% use the same password with only slight variations. This means that if your login information gets stolen on one website, it’s likely that your other accounts will also be compromised.
It’s vital to have strong, unique passwords for accounts to be protected and that you regularly change these. A password manager such as F-Secure ID PROTECTION can help you remember all your login details so you don’t need to worry about losing or forgetting them.
To give your online account additional protection, where possible you should also turn on two-factor authentication (2FA). This is a way for the service you’re using to check you really are the person you claim to be when logging in.
REGULARLY DELETE COOKIES FROM YOUR BROWSER
Cookie banners pop-up every time we visit a website and most of us will click ‘accept’ without thinking. Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you i.e. what’s in your shopping cart, or your login information. Basically, cookies track you as you browse.
It’s important to delete cookies because:
They pose a security threat whereby hackers can potentially gain access to your browser sessions and steal your personal data
Over time you could accumulate a lot of cookies which will slow your browser down
Cookies store your personal information and enable websites to track and follow you round the web, developing a profile of your online habits and targeting you with ads
AVOID SHOPPING IN PUBLIC – YOU CAN ENJOY A HOT DRINK BUT NOT THE PUBLIC WIFI
Using public Wi-Fi to shop online while at your favourite coffee shop may be convenient but it’s not cyber safe. Avoid making purchases via public Wi-Fi as you could end up compromising your data and financial information. Cyber criminals often target these hot spots to steal confidential information from unsuspecting users, such as passwords or credit card details, leaving them susceptible to identity theft and fraud.
If you must use public Wi-Fi then make sure you have a VPN installed such as F-Secure FREEDOME. VPNs offer you complete privacy for your activities online, no one will be able to track you or see what you are doing, not even your Internet Service Provider. A VPN will block harmful websites and hacking attempts, encrypt data to protect your real IP address and online traffic and protect you when you’re using public Wi-Fi.
BE CAREFUL WHAT YOU CLICK ON AND STAY ALERT TO PHISHING SCAMS
Between April 2020 and March 2021, online shopping scams were up 65% on the previous year, with a whopping £69.9m lost to fraudsters. Beware of adverts which encourage you to click on links. If you receive an enticing offer, rather than click on the link, go directly to the website to verify that the offer is legitimate.
Phishing scams, where online criminals trick you into handing over personal details which are then used for account takeover or identity theft, are especially common during Christmas and Black Friday seasons. Consumer group Which? recently reported that three in five of us have had fake delivery company texts over the past year. The message often contains a link that takes you to a scam website and may warn of a failed parcel delivery and ask for payment. They are often sent using a fake appearance of huge brands that you trust and expect communication from like DPD, Royal Mail or FedEx.
To avoid being caught out don’t click links in SMS messages, especially if they say you have limited time to respond as this is a common tactic scammers use to pressure you. Check the URL of the link to make sure it matches the company website address. Do not call the number provided and under no circumstances hand over personal information such as your card details.
BROWSER SECURITY – DOWNLOAD F-SECURE TOTAL AND START BROWSING THE INTERNET SAFELY AND SECURELY
Many people are unaware that they should configure security settings within their browser to enable safer internet surfing. Regardless of which browser you use (Internet Explorer, Safari, Chrome or Firefox), each gives you options to disable cookies and block security risks such as malicious software (malware) that can sneak in through infected pop-ups, plug-ins and extensions, compromising your security.
Default browser settings leave your data exposed so at a minimum you should:
● Disable pop-ups and redirections as cyber criminals could use these to spread malicious software
● Don’t allow automatic downloads as these could contain malware and viruses. Ask to be prompted before downloading anything
● Turn on “Send a do not track request” to help prevent websites from tracking you
● Don’t allow browsers to save passwords as although it’s convenient it creates a security risk. Malware that captures keystrokes can steal information. Also, if a laptop falls into the wrong hands, it doesn’t take much for a hacker to find the stored password information
At the very least, make sure you update your browser on all your devices regularly as using old software can provide a way for hackers to break into networks. Updates will address security issues and also help your browser run better. F-Secure TOTAL will give you all the protection you need to secure your online activities, your devices and yourself.
KEEP AN EYE ON YOUR CREDIT CARD AND BANKING TRANSACTIONS
If your credit card information gets compromised, there can be charges without you knowing. Review your monthly statements to find any suspicious activity. Contact your bank immediately in case of anything unknown.
A good way to protect your money online is to restrict which countries your credit card will work in. Just remember to change the settings back when you need your card abroad.