Shop safely online with our updated security tips
The internet has made Christmas shopping much easier. No longer do you need to rush into town, fight your way through crowds and then heave the packages back home. Now that internet shopping is fast and convenient, you can simply order online in a few clicks. Originally published in our November 2011 newsletter, these tips have been polished and updated for the modern Windows user!
With the constant news reports of security threats and fraud online, you would be forgiven for thinking that it might be time to abandon internet shopping and tramp out to the high street. Of course, even on the high street you have to keep your wits about you to avoid fraud. When you do shop online, use our handy security tips here to help you stay one step ahead of the fraudsters and make sure the only bills delivered in January are the ones you were reluctantly expecting!
Tip 1 – Use https/SSL sites for submitting payment only – When using an online shopping site, make sure you look for the https in the address bar at the top. The picture below shows a https enabled site open in Internet Explorer:-

Notice how the address begins ““https” and not “http”? The ‘S’ stands for secure, and it means that the information is encrypted while in transit, allowing you to safely transmit your credit card details. Only the page where you submit your card details needs to be https, the rest of the site can run as http without any security risk. Some users will look out for the “Padlock” symbol or icon as an assurance that a site is SSL secured. The problem with this is that fraudsters and hackers know people use this method, rather than looking for the https in the website address. Any website can claim to be secure by simply putting up a picture of a padlock and boasting about security credentials, but only sites that actually use the SSL and https standards are genuinely secured.
Tip 2 – Use a password manager so that you can have different passwords for each site – Most users on the web use just a handful of passwords for all the sites they visit. After several high-profile breaches at companies like Sony and Play.com, this generally isn’t a good idea. Should a hacker gain your details from one website, he/she can then try the same details on any of the other websites you use. The best idea is to use a password manager like KeePass or Roboform. This allows you to easily use a different, hard to guess password on each site you use. For tutorials on three of the most popular password managers, visit this link.
Yes, we realise training yourself to use a tool like this is a pain, and that’s why so many people don’t bother, but sometimes you have to be proactive in the fight against fraud.
Tip 3 – Spot spoof or ‘phishing’ easily – Phishing messages are messages which purport to be from one site but actually come from another site controlled by criminals. By fooling the user into entering their credentials into the fake site, the criminals then harvest this information and use it to steal your bank card details. These messages are often sent as e-mails, but increasingly social network sites like Facebook and Twitter have seen an increase in phishing messages too. Spotting or avoiding fake messages is normally easy however, if you keep these thee pointers in mind:-
1) Most banks do not use e-mail at all:- Any e-mail from your bank should be treated as suspicious. E-mail is an inherently insecure means of communication and most banks do not use it at all. Even out of those that do, most only use it for marketing and other such purposes. Never believe an e-mail that encourages you to follow a link and log into your account.
Interestingly, we’ve learned some banks in the United States actually use e-mail for sensitive information and will claim that it is “secured at their end”. This may be true, but while an e-mail is in transit, it’s completely unencrypted! Think of e-mails like postcards in this respect, you’d never send your bank details, social security number or other such information on a postcard. If your bank, accountant or even the government asks you to do so, ask for an alternative, even if it means mailing the documents in a sealed envelope.
2) Watch out for bad grammar, spelling and other mistakes:- The vast majority of phishing e-mails have terrible grammar and spelling, consider this classic example here:-

3) Even if you are convinced a message is legitimate, visit the site manually:– Rather than following a link in an e-mail that could be a scam, why not simply fire up your browser and manually type the address instead, or use a browser bookmark or favourite that you saved yourself. If the offer/message is legitimate, you’ll still be able to complete the task, if not, then you’ve safely discovered that the e-mail was a fake.
Tip 4 – Consider two-factor authentication – Rather than just ask you for a password, many sites are now implementing a two-factor authentication method. One of the most common methods of doing this is a clever device that generates a one-time pass key. With this device, you go to your secure site as normal, enter your regular username and password then press a button on the device. A unique key is then generated, which is valid only for this logon attempt and then useless in the future.
While using this system for all your sites may quickly become tedious (imagine a collection of 20 different one-time pass key generators!), it is a good way to protect your most important sites such as online banking. If your bank has not sent you a device like this already, it may be worth contacting them and asking if such a thing is available and if not, remind them that it’s getting easier to switch bank accounts all the time.
Tip 5 – Using Google Image search – When setting up a fraudulent website, criminals need to get up and running as quickly as possible, as they know that they will be shut down swiftly once discovered. Because of this, they typically take images of products from other sites and pass them off as their own. Check out the Tip of the Month in last months newsletter where we showed you how you can use Google search to look for the same or similar images. Particularly where sites are selling collectable or unique items, finding the same thing for sale with the same image on two or more sites is a sure fire indication of fraud.
Tip 6 – Finally…make sure you leave enough time for your product to ship. If you’re ordering from our site then remember that our DVD’s ship from America (even though our site is in the UK). Allow plenty of time for delivery to avoid disappointment! Of course, you can buy all our guides as a digital download too. Since our guides are DRM free, you can copy them to physical media and gift them to a friend or family member.
|