Guest blog - don't let the cyber grinch steal Christmas
Yes, it's that time of year again. With Christmas fast approaching, Dorset Police cyber protect officer Chris Conroy returns with some simple advice to avoid getting a stuffing this year from the online scammers.
December starts with one of the year’s biggest days for online shopping - Cyber Monday. The 2nd of December will see countless thousands of us turning to the internet to snap up a bargain, with some of the world’s biggest retailers slashing prices on homewares, toys, technology and everything in between.
Whilst this might seem like the perfect opportunity to get ahead with the Christmas shopping, there are a few things we have to consider. It’s also the perfect opportunity for cyber criminals to make things not so merry.
So, without further ado, let’s take a look at a few things we can do to make sure our days are merry and bright this Christmas.
If a deal seems too good to be true, it probably is.
This is starting to feel like a common theme across these blogs but it is very important to remember, particularly at this time of year. In the build up to Black Friday and Cyber Monday, our inboxes are inundated with emails detailing the huge deals on offer.
Not all of those, of course, will be genuine. Be on the lookout for phishing emails, as fraudsters seek to have you part with your credentials.
- Check the sender’s email address - is anything amiss? Is it a ‘look-alike’?
- Check the greeting - is it impersonal? Most stores greet you by name. Generic greetings like ‘Dear Customer’ are often an indicator of a phishing email.
- Check the spelling and grammar - phishing emails often feature spelling mistakes, or dodgy grammar.
- Check the links - hover your mouse over any button or link in an email to see the true destination. If it’s an email from a major retailer, but the URL that pops up doesn’t look like you’d expect it to, do not click it.
It’s not just phishing emails though. When in pursuit of a particular gift, we could easily find ourselves on a fraudulent website. When it comes to online shopping, it’s important to ensure we are using legitimate, reputable stores. This goes for online marketplaces like eBay and Gumtree too. Read ratings and reviews for websites, or users, before committing.
Be sure to pay securely.
If you’re buying online, a credit card offers you protection should things go wrong. Any purchase between £100 and £30,000 is covered, and if you don’t receive your goods, or they are not as described, the credit provider is liable along with the supplier.
It’s also worth using a service like PayPal. Their Resolution Centre can help remediate should something go wrong with a transaction, returning cash to a buyer should the items be faulty or non-existent.
PayPal offers additional protection, in that you do not have to send credit card details across the internet each time you make a purchase. This can help keep you safe from things like ‘Magecart’ - a digital card skimmer responsible for high profile incidents like the attack on British Airways in 2018. As you do not have to enter your card details, using PayPal means there is nothing for the malware to intercept.
If you do use PayPal, make sure you use a strong password and two factor authentication!
Aside from big bargains, there are a couple of things to look for. Before you enter any sensitive information - passwords, credit card details etc - be sure you’ve got a secure connection. This is denoted by the little padlock in the address bar, and the letters HTTPS.
For example, our website is https://www.dorset.police.uk/cybercrime. If you click on this link, or type it in to your browser, you’ll be taken to the website, where you’ll notice the little padlock in the top left of the screen.
HTTPS stands for Hypertext Transfer Protocol Secure. You don’t need to know that, but I want you to remember the S. Secure. If the S is missing, and you’ve got an HTTP connection, the connection is insecure, meaning any information transmitted to the website can be intercepted by a cybercriminal.
Remember, if you’re about to enter a password, or payment details of any kind, look for the S, and look for the padlock.
BUT WAIT! An important caveat here is that a secure connection does not necessarily mean safety. It’s not uncommon for lookalike websites and phishing sites to offer HTTPS. You have to be absolutely certain the site you’re on is the real deal. It’s all well and good having a secure connection, but if you’re securely connected to a fraudster, you’re still in danger. Check the URL thoroughly, and make sure it looks like you would expect.
One last thing, before we wrap things up (Sorry).
Think before you post on social media this Christmas. If your accounts are open for all to see, there’s no knowing who can see that photo of the presents under your tree. And whilst checking in to the office Christmas party is a great way of letting your friends know you’re having fun, it also lets burglars know that no one is home.
We’re not saying you shouldn’t post anything, just be sure it’s only seen by the people you want to be able see it. Make sure your social media security is up to scratch by following these guides from Europol.
And there you have it. Our top tips to help keep you safe online during the festive period!
As ever, if you’d like any further information you can head to www.dorset.police.uk/cybercrime. And if you have any questions, or are part of a business or community group and are interested in organising a free, impartial cyber security presentation, drop us an email at firstname.lastname@example.org.
Thank you for taking the time to read this blog. There’s not a lot more to be said, other than to wish you all a very merry Christmas, and we hope to see you back here in 2020!
Until next year, stay safe out there.Chris