Data Watch: How to Stay Secure this Festive Season

Next Article

A Spotlight On Postural Care

Article | Stuart Walsh, Chief Information Security Officer at Blue Stream Academy.

The COVID-19 pandemic has led to a significant rise in online shopping, with spending in the UK increasing by 56.2% – or £18,626 million – from 2019 to 2020 1 . In turn, this has created more opportunities for cyber-criminals.

With the festive season now here, there may be plenty of bargains to be had, it’s also a favourite time of year for fraudsters.

Here are some top tips to help you stay safe when shopping online – during the festive season and beyond.

If It Looks Too Good to Be True…

As the old saying goes, if something looks too good to be true then it probably is. Use common sense and be immediately suspicious of any deals that look ‘outstanding’.

Only Use Reputable Websites

Be cautious about buying from websites that you’re not familiar with, out the reviews (and make sure they’re genuine), ask friends for recommendations and, if it’s a wellknown high street store, make sure you’re visiting their official website.

• Use Google’s Safe Browsing Transparency Report, a service that identifies unsafe websites.

• Check the quality of the content: are there lots of grammar and spelling errors?

• Find out who owns the domain: free tools like Who.is and Whois. net provide information about who owns a site and when it was registered. Does it sound legit?

• Check their social media presence: fake websites may have Facebook, LinkedIn and Twitter icons without links to real accounts.

• Read independent reviews of user experiences, which may provide information about service and product quality and warn you about scams.

Be Wary of Fake Reviews

Ascertaining the legitimacy of a website can be laborious, and you not get a definitive answer even if you follow the advice above; you’re not 100% confident, don’t share any of your personal/financial details.

Check the Website is Secure

Reputable websites use technology called Secure Sockets Layer (SSL) to encrypt your data before transmitting it across the internet.

To see if a website uses SSL, look for the padlock icon and ‘https’ (instead of ‘http’) in the address bar.

If it doesn’t, use SSL, don’t enter a password or make transactions through the site, because criminals could intercept and use your unprotected data.

Never Use the Same Password for Multiple Accounts

Using the same password for more than one account online significantly increases your risk of being a victim of fraud. Instead, consider using a password manager to generate and safely store strong, complex passwords.

Use Two-factor Authentication or Multi-factor Authentication

Two-factor authentication (2FA) and multi-factor authentication (MFA) are extra layers of security designed to make sure that only you can access your accounts.

2FA, often referred to as two-step verification or dual-factor authentication, is a method which requires users to validate their identity by using two separate authentication processes for users to validate themselves.

MFA, which incorporates 2FA, functions in the same way, but often requires more than two separate authentication to validate themselves.

These processes are typically:

• Knowledge - Something only the user knows, such as a password or a personal identification number (PIN).

• Possession - Something only the user has, such as a phone (SMS or app) or secure token.

• Inherence - Something only the user is, which could involve thumb or palm prints or retina, voice or facial scans.

• Location - Something only available in the user’s area such as an IP address or device location.

• Behaviour - Something only the user does, such as pattern or picture unlocks.

Avoid Free Wi-Fi in Public Spaces

Never shop online using free public Wi-Fi, no matter how familiar you are with the location, because these transactions can be easily intercepted by other people using the same network.

Use a Virtual Private Network

A Virtual Private Network (VPN) encrypts everything you send online, so even if someone manages to intercept your online transactions, the data will be encrypted so they won’t be able to use it.

Update Your Browser, Operating System and Anti-virus Software

Malware and spyware can easily compromise your online interactions with retailers. The best defence is to make sure your browser, operating system and antivirus software are always up to date.

Don’t Click on Unexpected Emails, Messages or Links

If you receive an email or text that you aren’t expecting and it contains a link to an offer, the link could take you to an imitation website that’s designed to steal your personal information.

If you’re not sure that an email or text is from who it claims to be from, or you don’t recognise the sender, don’t click on the link – instead, visit the website by typing in the official address to see if the offer exists.

If you receive a suspicious email, you can report it by forwarding it to report@phishing.gov.uk. You can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.

Use a Credit Card

A credit card typically offers better consumer protection: if you do lose money through fraud after making a credit-card payment, it’s usually easier to recover the money than it would be if you’d paid by debit card or bank transfer. Use just one credit card for all your online purchases, and consider using a pre-paid credit card to limit your risk even more.

Don’t Save Your Card Information on Your Accounts

It can be convenient to store your credit or debit card information on websites you buy from regularly, but it only takes someone getting hold of your log-in details for them to make fraudulent purchases from your account. The website could also suffer a data breach, exposing some or all of the personal data stored on the site. If you have added your payment details to use when you visit the website again, a data breach could reveal your details to criminals.

Monitor Your Bank Account

Regularly monitoring your bank account will help you spot any fraudulent activity quickly, will give you more chance of getting your money back, and might even help to capture the offender.

When criminals steal your payment information, they sometimes charge a small amount (which you’re less likely to notice) to test whether the payment will be processed before they take a larger sum. Vigilance over your bank accounts can help to prevent this. If you see any transactions that you don’t recognise, contact your bank immediately.

Deliver Items to a Secure Location

The rise in home deliveries has led to the emergence of ‘porch pirates’ who steal packages from outside people’s homes or businesses when no one is around to accept the delivery. Amazon, FedEx and UPS all have lockers available for secure deliveries – consider using these services if you or someone you trust won’t be available to receive the delivery at work or at home.

Report Fraud

Anyone can fall victim to fraud, and the methods used today can be extremely convincing. If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at www.actionfraud.police.uk or by calling 0300 123 2040

As the Chief Information Security Officer (CISO) for Blue Stream Academy, Stuart provides an article for each issue of BSA Today to highlight how we strongly believe that promoting better information security practices improves the threat landscape for all organisations that work alongside us.