Christmas time brings about a surge in shopping. To be honest, online shopping started last month with Black Friday but, as the January sales soon follow the December madness, caution should be taken.
With that, security company ESET Ireland has revealed its 12 safety tips for Christmas shoppers. Sure, most of the advice may appear basic, but that’s because ESET knows the pitfalls that are around and, better still, the pitfalls we tend to gravitate to.
1. Research, research, research
At Christmas, you should research what you’re buying, not only to get the best price, but also to ensure that you get the right product, that it will get delivered on time and that it is as it was advertised.
By doing this, you also reduce the chance of fraudsters taking your money and running with their fly-by-night websites, and of criminals trying to steal your banking details via phishing emails and fake websites.
2. Ask yourself, do you trust the buyer?
You need to be sure you know who you are dealing with online. Do you know the e-commerce site, the retail store or sales provider? If not, this unreliable ‘vendor’ may otherwise be trying to steal your money and bank details through duplicitous scams, preying on your good intentions and eagerness to secure a nice but affordable gift at Christmas.
If you’re in any doubt, click away from the site and search through a respected search engine. You can use certificates or another authenticity checker to establish whether the seller is who they say they are.
If you’re buying from sellers on Amazon and eBay, check their rating and see what users say about them.
3. Be careful with social media ‘deals’
You must always be wary of deals that look too good to be true, especially if promoted on unknown websites, via email or on social media. Be vigilant and look for indicators of authority.
For example, on Twitter, verified accounts come with a blue badge that has a white tick. This is a pretty reliable indicator that a brand or individual is as they say they are.
Cybercriminals often use social media to lure victims into making snap decisions, using attractive offers, through a shortened URL – which can then redirect the visitor to a malware-infested site, or a spoofed page designed to steal their details – that are hard to resist (again, more so during the festive season).
4. Secure your payments
We simply cannot say this enough, but every time you visit an online retailer, you should look for the padlock symbol and the ‘s’ at the end of http in the URL address bar. These are strong indicators of it being a secure web page from a reliable brand.
What does this mean? In short, the page is end-to-end encrypted, so the web session can’t be intercepted in a man-in-the-middle attack (easily achievable if you’ve left your Wi-Fi wide open). Your information will only go to the provider.
5. Check payment storage details
Some websites ask if you want to store your payments details, while others will require you to actively opt out of doing this. This is convenient, but dangerous if that site becomes compromised.
Think carefully about whether or not you want to save these details. Assess the way you shop online. Ask whether you prefer to make purchases at home or if you are happy to pick up a few things at work? Your nationality, interestingly, might be an influential factor here.
6. Monitor your bank transactions
Be sure to keep an eye on your bank statements. Be on the lookout for small, “under the radar” payments or possible overpayments that could indicate that your credit card has been compromised.
Stop credit card payments immediately if you see something suspicious – it could be a cyber-criminal … or an over-spending family member!
7. Don’t offer cybercriminals a ‘Wi-Fi Christmas’
Secure Wi-Fi is absolutely vital for your privacy, especially when shopping online. It’s potentially one of the biggest security flaws going, as a lot of people are unaware of how our desire for convenience can leave us vulnerable to cybercrime.
If possible, avoid using free, open and unsecured Wi-Fi hotspots when it comes to shopping online.
Instead, consider your home the ideal destination for web retail, as some nearby coffee shop might provide you with welcome relief after your shopping marathon, but does little to protect you from fraud.
8. Approach ‘season’s greetings’ spam emails with caution
As of late, there’s been a trend for sending Christmas e-cards – electronic cards with some text, video and effects – as opposed to real ones. This is no surprise as we spend so much time on our mobile devices, that traditional cards, while nice, can seem like a relic from the past. But, the only downside is that these can be hijacked by cyber-criminals.
Attackers will often send out ‘season’s greetings’ spam emails, with the attached file or link usually malicious. If you are at all uncertain, either delete the email or contact the sender using a connection (like their phone number) you can trust.
9. Check your holiday details
Christmas is a great time to get away, be that to a sunny resort or skiing vacation. However, it is worth checking you’re getting a good deal as these breaks can be sold by fraudulent outfits. Not only is there a huge financial cost – UK holidaymakers were conned out of £2.2m in 2014 alone – but an emotional one, too.
As such, whether you’re planning to get away at Christmas or in the new year, make sure the holiday or flight is genuine by spending a lot of time researching (see point one). Also, check online travel agents for an ABTA/ATOL number.
10. Be wary of suspicious web links
Another popular scam at this time of year falls under what is known as Black Hat Search Engine Optimisation (BHSEO), which, simply put, redirects searches on shopping-related keywords to malicious websites that try to infect users with rogue anti-virus and other malware.
As ESET’s senior research fellow David Harley once remarked: “Scams related to Christmas shopping are becoming more sophisticated every year. Once any of this data fall into the hands of cyber-criminals, they can be used to purchase real or bogus items, and generate a nice little profit.”
11. Delete ‘invoice’ spam
Another rather simple, yet powerful attack from cyber-criminals sees them send out emails with the headline “shipping information” or “sales invoices”, usually in the hope that an exhausted Christmas shopper will think they’ve simply overlooked a payment.
However, these emails can contain an infected file or link so the usual rules apply: be cautious, patient and make enquiries. Trust you instinct if you have any semblance of concern.
12. Install security software on new tech
This Christmas will see millions of presents given and received worldwide, and you can expect that many of these will be new technology – new iPads, iPhones and smartwatches.
But once the Christmas rush is over, make sure you install relevant security software on any new technology you or your children get before you hand over the device. This will give you plenty of control and put your mind at ease when your kids are out of sight.