- Employee awareness
- 8 min read
Christmas 2022. It might just be the first ‘normal’ Christmas we’ve had in a fair few years - if you can call it normal, considering all the world has been through in the last two years. There are no longer pandemic-driven restrictions, and it’s business as usual for the vast majority of us as we merrily fill our shopping baskets online with bargains. But with this comes a warning; Action Fraud reported that victims of online shopping scams lost an average of £1000 per person during the festive season last year. Pretty sobering, right?
Christmas is an expensive time of year for many of us, so shopping around online for the best deals is common, but that does mean an increased risk of falling victim to cybercrime. And with the cost of living crisis pushed to the front of our consciousness every day, there’s never been a more critical time to be saving money, driving more of us online in search of the best money-saving bargains.
Now, with the increased risk of cybercrime in mind, here’s our guide to staying safe while shopping for the best deals and avoiding the most common scams.
Social doesn’t mean safety. Social media scams continue to grow in prominence, and with more than 2.9 billion people on Facebook alone, cybercriminals have an enormous audience to target. Phishing emails often direct people to a completely legitimate looking Facebook page to get a coupon or discount, but the site is spoofed where you might be asked to validate your login details, giving up personal information in the process.
Another common scam involves criminals swiping pictures from genuine accounts to appear as though they are legitimately selling quality goods but then either not delivering or sending counterfeit goods. The accompanying ads are often very polished and look the part, and are often very difficult to tell apart from real ads.
Thankfully, Facebook gives users a lot of flexibility over their security settings. We recommend checking your privacy settings to ensure your account is as private as possible and enabling two-factor authentication for added security. You can also stay safe browsing social media by being mindful of what games and apps you’re using, not accepting friend requests from anyone you don’t know, and only shopping from verified brands.
Phishing attacks continue to be one of the most common cyber crimes. In November 2022, the Metropolitan Police made more than 100 arrests in what has been labelled the UK’s biggest-ever fraud operation - and the criminals were using phishing to target their victims. The operation is estimated to be responsible for losses of around £48 million, but could be even more.
Phishing isn’t just restricted to emails, with criminals becoming more and more adept at mimicking legitimate companies whether they use text messages or voice calls - the result is the same - scammers convince victims to give up information that allows access to your device, accounts, or personal information.
Some of the most sophisticated phishing scams go to great lengths to appear entirely above board; they’ll even use legitimate-looking email addresses and the same branding to trick people into thinking they’re dealing with a genuine business.
The advice for avoiding phishing scams is consistent. Never give up personal information to someone that has sought you out - even if they look and sound like the real deal. If you’ve received a phone call from someone claiming to be from PayPal or another reputable site, end the call and contact the website’s customer service directly to verify the contact. Don’t click on links in text messages or emails; even if it looks like the source is totally legitimate, always verify first.
Weak passwords leave both individuals and businesses vulnerable to cyber criminals; if you’re using the same password for multiple accounts and a criminal manages to access just one of these - they then have access to everything that shares the same password. A strong password is your first line of defence against a cybercriminal attempting to access your personal information.
Secure passwords should be longer, including a mix of upper and lowercase letters, numbers, and special characters. Don’t write them down either; use a password management tool to keep all passwords safe and secure - a lot of these tools also include password generation, so you can easily create new and secure passwords for every online account you have. And it probably goes without saying - don’t use important names or dates in your passwords such as your birth year, or your child’s name.
If you have a credit card, it’s recommended to use it over a debit card when shopping online. Most major providers will protect online purchases made with credit cards. In contrast, debit cards don’t usually have the same obligations - they’re not covered by the same section of the Consumer Credit Act. When you get to the checkout of an online purchase, always look for the close padlock icon in your browser’s address bar - if it isn’t there, exit the site immediately before handing over any payment or personal details. While it doesn’t guarantee that the retailer is legitimate, it indicates a secure connection.
Payment platforms like Apple Pay, Google Pay, and PayPal are used in retail on and offline now, each providing a layer of protection or dispute resolution if anything goes wrong. Using these services also means that retailers don’t have any visibility of your actual bank or payment details.
The festive season brings a lot of joy and celebration and with that, the tendency to let our guard down as we focus on enjoying ourselves and spending time with loved ones. That unfortunately means we may be more vulnerable to cybercrime. With increasingly sophisticated methods of targeting victims, criminals are becoming more adept than ever at duping unsuspecting online shoppers.
If you would like more information about how The Security Company can help you stay safe during the festive season and deliver phishing security awareness training for your employees or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact Jenny Mandley.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51