It’s the most wonderful time of the year – for online retailers. For unwary consumers, not so much. As Christmas approaches, many people will try to bag a bargain on Black Friday or Cyber Monday. Unfortunately, the stampede of shoppers is also a chance for scammers to grab credit card numbers and other personal data.
Deal or no deal
Fortunately, there’s lots of guidance to help people shop securely without putting their personal information or financial details at risk. The S.O.S. (Safe Online Shopping) campaign provides wide-ranging advice for prospective buyers. Anyone buying online directly from another person should not send money upfront to the seller, the campaigners say. Instead, buyers should to reserve the right to receive the goods first. In addition, shoppers should never send their card details in an unencrypted email, because criminals could read or intercept this data.
Help Net Security published an article which highlighted scammers’ favoured tactics to tempt bargain hunters. These include emails with time-sensitive deadlines, to create a sense of urgency and compel consumers to buy without checking first. These types of spam email campaigns often slip past email filters by using techniques to shorten or redirect web addresses. Detective Superintendent Michael Gubbins of the Garda National Cyber Crime Bureau warned the public that the proceeds from online fraud go to fund organised criminal gangs.
The weakest link
Some online stores – even reputable ones – offer to store credit card details for future purchases. The S.O.S. campaign urges people to think twice before doing so, and to understand the risks this could involve. The campaign’s page provides links for more reading, including Europol for advice about types of crime and safe shopping rules, Garda.ie for crime prevention information, FraudSMART for preventing fraud and the Consumer Association of Ireland for consumer rights.
In the buildup to Black Friday, Europol published a useful infographic that covers security risks shopping in-store and online. For people buying over the internet, Europol recommends making sure their machine’s antivirus and operating system software is fully up to date before making any purchases. It also advises buying from trusted sources only.
Buying over trusted networks is another tip for shoppers. The Garda National Economic Crime Bureau recommends people should only use their own Wi-Fi networks for sending payment information, rather than when using public Wi-Fi hotpots. “You could be vulnerable to having your payment card details compromised and then sold on the dark web. Here, they can be accessed by criminals who go on to use the compromised payment card details either online, over the phone, or even through mail order transactions,” said Detective Garda Jim O’Meara.
The price is right
This month’s SANS Institute ‘Ouch!’ security awareness newsletter focuses on shopping online securely. It warns against fake sites mocked up to look like well-known brands. For example, Amazon’s usual website is https://www.amazon.co.uk, but a pretend version of the site could have an address like http://store-amazoncom.com.
Criminals tempt victims to these sites by offering prices that are cheaper than from other retailers, or sought-after products that are sold out elsewhere. Obvious red flags for fake sites include deals that are obviously too good to be true, or poor grammar and spelling. SANS advises people to buy only from websites they already know, trust, and ideally have bought from before.
The post Shop till you don’t drop: how to avoid online scams on Black Friday and Cyber Monday appeared first on BH Consulting.