For many Black Friday heralds the official start of Christmas shopping season. And if past years are anything to go by there will likely be some impressive bargains to be had. For shoppers opting to use online websites rather than bricks and mortar stores, the phrase Caveat Emptor – or Buyer Beware should be front-of-mind.
With online scams becoming ever more prevalent, there are some simple steps we can all take to avoid falling foul of the cyber criminals this Black Friday. Whilst we have to accept that we will never be 100% safe whilst online, here are some actions we can take to decrease our vulnerability.
Use companies you know
Before you buy from within an online merchant like Amazon or Ebay, check their rating and number of sales. Make sure they have good return policies and clearly posted contact information.
Watch out for fake websites
This is the most common and simple method used by scammers. They make a look-alike (copycat) website. Check the site URL, does it look fake e.g. amazan.com or amazone.com
Always go for a website which has HTTPS (htttps://amazon.com) before entering your password or credit card. As HTTPS sends your data in encrypted form, hence making it hard for scammers to steal your data.
Phishing scams
Keep an eye on emails claiming to be coming from legitimate sources, which will ask you to visit a website which is actually hosted by scammers in order to steal your personal information?
If possible type the website name into a search engine (like google or yahoo) and then visit the particular website from those search results, instead visiting it directly from link provided in message or email.
During Black Friday and Cyber Monday the scammers know we are all looking for a super deal, and create ‘click-bait’ ads or post links to ‘the best deal ever’, which will lead you to a scam. If it looks too good to be true, it usually always is!
Can the SPAM!
With the ever increasing concerns we all face from potential phishing and fraudulent emails. Wouldn’t it be easier if we could reduce the amount of unwanted SPAM from arriving in our ‘In Box’ in the first place?
When registering for websites, you are often prompted to enter an email address so that the site can send you a confirmation message.
These messages are not for ensuring that only legitimate accounts get created, but rather they are for ensuring that you are actually a human and not an automated ‘bot’ that is creating the account to scour their site for useful data.
One solution to consider is using ‘throw away’ email addresses for those services that are used very infrequently. For example a Wi-Fi service, a news site or a forum.
Don’t use your primary email address unless necessary. Remember many companies will sell your email address as part of bulk email lists to advertisers.
Try using a temporary email addresses when signing up for news sites, forums or sites you visit infrequently e.g.
- 10minutemail.com
- dispostable.com
Staying Safe
Remember, cyber threats don’t stop at Black Friday. There is Cyber Monday and the busy Christmas shopping period as a whole, which all provide the perfect platform for hackers. Overall, the best way to prevent being targeted online this Christmas is to take the ‘detect, deter, defend’ approach. Detect the potential threats by being aware of where they come from; use this awareness to deter from being in a vulnerable position; and defend your digital footprint.
[su_box title=”Richard Beck, Head of Cyber Security at QA” style=”noise” box_color=”#336588″]
Richard Beck is Head of Cyber Security at QA, responsible for the entire Cyber Security portfolio. He works with customers to build effective and successful security training solutions tailored for business needs. Richard has over 10 years’ experience in senior Information Security roles. Prior to QA, Richard was Head of Information Security for four years at Arqiva, who underpin 20% of the UK’s Critical National Infrastructure. Richard also held Security and Technical Management posts at CPP, GEC, Pearson and the Royal Air Force. Richard sits on the IBM European Board of Security Advisors and previously chaired the Communication Industry Personnel Security Information Exchange (CPNI).[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.