Black Friday and Cyber Monday – the two busiest online shopping days of the year – are almost upon us. While retailers will be slashing their prices online on thousands of products, letting you get a great deals on presents for the holiday season, criminals are lying in wait.
Wherever there is money, criminals are sure to follow. According to latest research from the security technology company ThreatMetrix 11.4 million fraudulent transaction attempts were made against online retailers in the lead-up to Christmas 2014. This year twice as many are expected to be made, so shoppers need to be doubly careful about their data as they shop.
So we've put together a list of top tips on how you can stay safe and still bag some great bargains this holiday season:
1. Research the website before you buy
Thanks to Facebook, you'll often see ads with cool products you might want to buy on the sidebar, but not all of these websites have a good reputation. They might be a small reseller who is offering you a discount, but you could also get scammed with inferior products that don't work properly or don't fit.
Always check that the company owning the website is reputable by googling "[Company name] reviews", or go to the Web of Trust website. To use Web of Trust, install the WoT browser plugin or paste the website's URL into the search field at the top right-hand corner of the page.
If the company isn't any good, often angry customers will post reviews that come up on Google, as well as on Web of Trust's rating system.
Finally, if you want to be really safe and are feeling paranoid, you could restrict yourself to only buying from companies that definitely have a UK-based address and phone number listed, and that have an active limited company number, but this is probably not necessary if the website is a well known retailer that ships overseas.
2. Beware phishing attempts
When you log into a website, make sure you're actually logging into the actual retailer's website. One way to trick consumers into giving out their account usernames and passwords is to send them an email pretending to be a retailer or bank, while the other way is to send you an email containing a malicious attachment that installs malware on your computer.
So if you receive an email asking you to login to a retailer or bank's website urgently because something has gone wrong, look out for the following signs the email is fake:
- Check other emails from the retailer or bank. If they don't match, it's a sure sign it's fake.
- Is your name and address correct? The cybercriminal wouldn't know your home address yet, so if it's missing – like this fake Amazon email doing the rounds – it's a scam.
- Does the email come with an attachment? Unless you buy tickets and ask to be sent a downloadable version, no retailer or bank will ever send you an email containing an attachment. Do not open it.
- As a rule, ignore all email attachments from senders you don't know.
- Is anything misspelled in the email? If your contacts have been hacked, emails from them will be very short and contain misspellings, and their email will come with an attachment they made no mention to you about in real life. Always check.
3. When you check out, is the connection secure?
When the items you want to buy are in your shopping basket and you're satisfied that you've selected the correct item and quantity (always double-check), it's then time to check out.
After you click the button to check out, always make sure that the checkout process is secured properly.
If the online retailer has proper security in place, you should see the SSL padlock icon in the right-hand corner of the address bar. This means that your communications with the website is secured from your end to their end.
Also, the website address using SSL should have changed to begin with https:// – this means that all communications between you and the retailer's website are secure.
4. Are your card details being verified properly?
Apart from SSL and a HTTPS connection, when you get to the page to enter your credit or debit card details, make sure that the retailer's website supports 3D Secure. If the website does, the page should say that it is either "Verified by Visa", "American Express SafeKey" or "MasterCard SecureCode", depending on which type of card you're using.
5. Pay on a separate credit card
This might not be an option for everyone, but one way you can limit fraud happening with online purchases is to make sure you pay for the purchases on a credit card that is separate to the one you usually use, is at least is a credit card, rather than a debit card issued from your bank.
So if you're planning on making lots of big purchases on Black Friday that amounts to between £100 and £30,000, the credit card provider is required by law to protect your purchase.
So if something goes wrong, such as a cybercriminal getting hold of your credit card details, then you can claim the money back from your credit card provider, and this also stops the cybercriminal from being able to drain your bank account.
If you don't want to go through the hassle of applying for a new credit card just for the holidays, consider getting a pre-paid credit card. These work just like a regular card, except you pre-load them with money before using them.