On Black Friday, we enter a boom period for online shopping – many online stores are advertising juicy discounts and other promotions. But sellers aren’t the only ones on the hunt for buyers. Lurking in the shadows, cybercriminals are getting ready to steal the personal data and payment details of online shoppers.
The methods used by cybercriminals are growing and changing by the day so, now more than ever, it is crucial that consumers are aware of the threats and remain vigilant. Some of the most common methods of defrauding shoppers currently include: fake websites, either with no ‘S’ in HTTPS, fake ‘https’ (a padlock image but not in address bar) or a URL that looks like a legitimate one (e.g. ‘amazon.com’); phishing emails with malicious links, particularly with offers that sound too good to be true at this time of year; pop up adverts purporting to be genuine ads; fake items for sale on genuine sites and ‘sniffing’ for passwords and payment details over unsecured Wi-Fi.
During normal periods, banks rely on algorithms to alert them to unusual patterns of spending on customers’ accounts. However, during periods like Black Friday, this becomes much more difficult to monitor. Banks do not want to limit spending at this key time, but the reality is that people are spending way outside their usual habits, and above their usual thresholds. All this creates the perfect environment for cybercriminals to execute their malicious activities and cash in, before customers or banks realise and act.
Kaspersky advises shoppers to follow these 12 tips this Black Friday period:
- Secure all your devices using trusted security software.
- Make sure you apply security updates to your operating system and applications as soon as they are available.
- Only use secure sites. Look for a URL beginning with ‘HTTPS://’ – that’s ‘S’ for SECURE. Look also for a closed padlock on the web browser’s address bar – by clicking or double-clicking on it you will be able to see details of the site’s security.
- Use a unique password for every online site – use a mixture of letters, numbers and special characters and make sure they’re at least 15 characters long.
- Don’t click on random links in e-mails – it’s better to type in a URL yourself, to avoid the risk of ending up on a phishing site. If a deal seems too good to resist, go directly to the website to find it, rather than click on the link, to be sure.
- Try to stick to familiar sites that you know or have heard of. But even then, you need to take care – criminals often deliberately misspell the name of their fake websites to make it look like a familiar site.
- If you do buy from a new vendor, research it carefully. A good test is to see if they can be contacted if the order goes wrong – look for an e-mail, a phone number, an address and a returns policy. A vendor’s feedback history is another good sign of their honesty and reliability.
- Use extra caution when using your mobile device for online purchases. Shortened URLs, often used because they are phone-friendly, can hide the fact that they lead to a risky site. If you have to make a transaction then and there, switch Wi-Fi off and use mobile data. Otherwise wait until you are back on a secured connection.
- Avoid using untrusted public Wi-Fi hotspots for confidential transactions like online shopping – public Wi-Fi networks are common places for hackers to sneakily intercept your information.
- Ensure that your children do not have access to your online accounts, and make sure they can’t access your credit card and bank information.
- Backup your data regularly to avoid your personal files being lost if you are the target of a cyberattack.
- Keep checking your accounts regularly to make sure you notice any unusual/fraudulent activity straight away.