The lead up to Christmas has always been an exciting time for Australian customers. However, this year more than ever, this shopping season is set to be characterised by more online sales. Kicking off with Black Friday (24 Nov), followed in quick succession by Cyber Monday (27 Nov), and of course, Boxing Day (26 Dec) - these online shopping bonanza's provide online retailers another chance to tempt consumers with more bargains or a second chance at the ones they missed out on.
While the loads of bargains and deals certainly add to the fun and excitement of the season, there is one aspect to the sales season that helps scammers more than anything else: Everyone joins the great big rush to shop online! As the saying goes, where the money is, there the hackers and fraudsters follow.
The shift to online has seen a significant increase in online risk for shoppers, so it's important customers are looking out for ways to stay safe online at a particularly risky time of year. Here are five tips to help everyone enjoy the festive shopping season without getting hacked in haste:
Think twice if you come across a deal that looks too good to be true
If an online deal or email offer with price discounts looks too good to be true, it probably is. You're best off hitting delete immediately. It is common knowledge that though there are some great deals to be had over the Christmas sales season, most products are cheaper or the same price at other times of the year, so it is unlikely that you will find the deal of a lifetime. The best way to confirm if a deal is real is to go directly to the vendor's site to check the price, and avoid clicking the link in the email which is likely to be malicious.
Pay attention to how you connect when browsing for deals on mobile
When you're out and about or scampering through a shopping mall, it is always handy to stay online so you can inform your friends about the best deals or check in with them on their shopping updates. Browsing through online deals on your phone is an effective way of doing this. However, be cautious of the wireless network you are connected to, when you are shopping online. A crook who uses the free Wi-Fi you used in a mall can potentially interfere with your traffic by inviting your phone to connect to an imposter network.
Most importantly, only ever enter your credit card information when you are on a secure network that you trust. The best way to keep your money safe is to use PayPal or your credit card, rather than using debit cards to purchase gifts online.
Be on the lookout for Typosquatting
Typosquatting occurs when a scammer registers misspelled domain names, such as “faceboook” or “goggle”, in the hope of stealing traffic from those legitimate sites for dubious purposes – to trick you into clicking and sharing personal information.
As time pressure is a sales tactic used by businesses today, and sales days are all about time limits, most shoppers are likely to make purchases quickly, in order to avoid missing out on a good deal. Always make a point of checking the spelling of the website you're shopping at, and be on the lookout for smart typosquatting like the famous Tvvitter attack. Don't get so click-happy that you wander into phishing traps by mistake by letting your guard down in a hurry to make purchases online.
Be sensible about password security and incorporate length and complexity
If you are buying more than usual over the Black Friday weekend, chances are you are likely to be creating multiple accounts on various websites in order to successfully checkout the items added in your cart.
When creating accounts online, ensure that your passwords are different and difficult to guess. Include upper and lower-case letters, numbers and symbols to make passwords harder to crack.
If you're contemplating clicking the link in an email, take a look at the URL first
Before you click the link in an email, hover on the link if you are on a computer or hold down the link on your phone to see the full URL. Once you can see it, look at the source and ask yourself if it looks legitimate. Bear in mind that just because the URL has a padlock icon next to it or starts with ‘https', it does not mean it is safe. As a rule of thumb, if you are not sure if its genuine, just delete it straight away.
If you think that you have fallen victim to a phishing attack, always change your password immediately. It is also worth contacting your bank immediately to see if there has been any fraudulent activity. Shopping online needn't be a stressful experience, but keeping an eye out for some of the risks involved can go a long way in preventing unnecessary breaches to your personal or payment information.
By Ashley Wearne, General Manager for ANZ, Sophos