As it’s Black Friday weekend coming up, Action Fraud have launched their Safer online shopping campaign.
Online Shopping Fraud has surged by 30% over the pandemic period and now accounts for 20% of all reported fraud!
Last Christmas, over 17,400 people reported falling victim to online shopping fraud with losses totalling £13.5m.
As we near Black Friday and the start of the 2020 Christmas shopping season, we’re expecting to see more people buying online this year as a result of Coronavirus and national lockdowns.
1. Be selective about where you shop
You need to decide whether you trust an online store enough to purchase from them.
Seeing a padlock in the address bar is a good thing, as it means the connection and your information is secured, but it’s not a guarantee that the shop itself is legitimate.
To help you decide if you’re happy to purchase from a site, you could do some research, for example, by checking to see if others have used the site and what their experience was.
2. Only provide necessary information
The padlock sign means that your connection is encrypted, so your information will reach the site without anyone else being able to read it.
That’s important if you’re sending things like payment details or personal information, but it doesn’t tell you who is at the other end of the connection or how they look after your information.
There’s some obvious details that an online store will need, such as your delivery information and your payment details, but be cautious if they ask for details that are not required for your purchase. You shouldn’t need to give out your mother’s maiden name, or the name of your primary school, in order to buy something.
You only need to fill in the mandatory details of forms when making a purchase. These are usually marked with an asterisk*. Only create an account if necessary or to save you effort if you’re going to use that site a lot in the future. You can usually checkout as a guest, or using a third-party account (e.g. your existing Apple, Google or Microsoft account), to make your purchase.
3. Use secure protected payment
If you decide to go ahead with the purchase, ensure that the section where you enter your payment details is secure – this means that your payment details will reach the site without anyone else being able to read them.
Different browsers display sites as secure slightly differently, but addresses should start “https://” in the address bar.
Your browser may mark an address as insecure – this means the site is not encrypted, so avoid entering payment details or any personal information as anyone could access this information.
It is also a good idea to use a credit card to pay for things online if you have one. Most major credit and debit card providers insure purchases, and are obliged to refund you in certain circumstances (i.e. under Section 75 of the Consumer Credit Act 1974).
Using a credit card to pay online also means that should the worst happen and your payment details are compromised, your main bank account won’t be directly affected.
You may also wish to consider using a third-party payment medium (such as PayPal, Apple Pay or Google Pay), so that the store you purchase from doesn’t even see your payment details as these are contained within the third-party site who you authorise the payment through. These mediums also often provide their own dispute resolution should anything go wrong, however, may not be obliged to provide the same protection as a card provider; check their Terms and Conditions for exact details.
4. Keep your accounts secure
Create a strong password made up of 3 random words for each of your online accounts. Longer passwords that would be difficult for others to work out are more secure but these can be hard to think of and remember, so using three random words can help you make passwords that are both long and strong. E.g. “GrinningSkydivingOtters”. You can add numbers and symbols to make it harder for hackers to crack as well, for example “GrinningSkydivingOtters£33”.
It’s also good practice to use a separate password for each account, that way should one password be lost or stolen your other accounts won’t be affected. But, it’s especially difficult to create and remember lots of different passwords, so saving your passwords in your browser can help you create and securely save a different password for each account without having to remember them all!
Guidance on how to save passwords in your browser is available in the NCSC advice: Save your passwords in your browser
For additional security, it’s a good idea to set-up two-factor authentication (also called 2FA, two-step verification or multi-factor authentication) for important accounts (like your email, accounts with payment details, and those with personal or sensitive information) where available. Two-factor authentication (2FA) is a free service that stops hackers from getting into your accounts, even if they have your password, by asking you to confirm it’s you in a second way (like sending a one-time code to your phone).
Guidance on how to turn-on 2FA for email, social media and banking is available in the NCSC advice: Turn on two-factor authentication
For further guidance on staying secure online follow the NCSC’s Cyber Aware advice.
5. Take care with unexpected communications
You may receive communications purporting to be from an online store, or come across online adverts with enticing offers. Some of these may legitimately be from stores you have agreed to receive communications from or who would like to attract your custom, but some may be set-up by fraudsters and contain links to fake websites designed to steal your money and personal details.
If you are unsure, or if you think something is suspicious and you’ve already responded, follow the NCSC guidance on Dealing with suspicious emails, phone calls and text messages.
6. If things go wrong
Anyone can fall victim to fraud. If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040.
For more information visit;