It's Christmas!
Managing Online Risk on Black Friday et ultra
Black Friday is often likened to a contact sport, characterised by chaotic scenes, exuberant crowds, potential for stampedes, and the thrill of securing a coveted bargain. This day traditionally marks the onset of the festive season.
However, those of us who opt to shop from the comfort of our sofas face a different threat, the increased risk of fraud. Christmas wish lists, especially those made by teenagers, often include links from social media platforms like TikTok or Instagram, which are breeding grounds for counterfeit sites offering implausibly attractive deals. These fraudulent websites can be difficult to spot, as they frequently boast sophisticated designs and mimic legitimate retailers.
For instance, the cybersecurity company Kaspersky reported that “In the first ten months of 2023, Kaspersky products detected 30,803,840 attempts to follow phishing links that targeted users of online shopping platforms, payment systems, and banks. E-commerce [online shopping] phishing accounted for 43.47% of these attacks, with a hefty share of 13,390,142 detections.”1
Against this backdrop, this article offers 5 practical tips to help you ensure your online Christmas shopping remains secure.
Verify the URL
Homograph Attacks: Also known as script spoofing, this involves scammers exploiting similarities between characters. For instance, assess these domain names for PayPal.
Observe how easily the letter lowercase 'l' , capital I and the number '1' can be confused depending on the font used. The legitimate domain is the last option in all three instances above.
Subdomains: Websites have a primary domain, like 'substack.com'. Subdomains are extensions of the primary domain. Consider which of these is my web page: joydafinone.substack.com or substack.joydafinone.com? The primary domain (substack.com) should always be at the end, making the first option the valid domain.
HTTP vs HTTPS: Hypertext Transfer Protocol (HTTP) governs how data is transmitted over the internet. The 'S' in HTTPS stands for 'secure', denoting the use of SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt sensitive information such as payment details.
A closed padlock icon in the web browser indicates the presence of an SSL or TLS certificate, which helps authenticate the site’s identity. Beware SSL encryption is also used by cybercriminals, so this does not automatically guarantee a safe online shopping experience. A golden rule is to never enter financial information on a site without a padlock but do not blindly trust even sites with the padlock symbol.
Website Checkers
If uncertainty persists regarding a website's authenticity, consider using one of the tools below that can verify a site's safety before you visit.
Domain Age
Even after checking the URL and using domain checkers, if doubts remain, consider the website's age. Scam sites typically have a short lifespan. Tools to check domain age include:
URLVoid is my preferred site as it checks the website domain name and provides information on the domain age.
Payment Methods
Opt for websites offering a variety of payment options, such as credit cards or services like PayPal that provide buyer protection. Direct bank transfers or unsecured payment methods carry higher risks.
Site Reviews
Prior to making a purchase, research the website for customer reviews. A dearth of reviews or predominantly negative feedback should raise concerns. Use independent platforms like Trustpilot or Google Reviews to assess other customers' experiences.
Final Thoughts
Black Friday offers the excitement of securing great deals, but it also presents substantial risks. The strategies outlined above are designed to safeguard your online shopping experience. However, if a website still doesn't feel quite right after taking all these precautions, trust your instincts. When in doubt, it's prudent to err on the side of caution: if something feels off, it's likely best to avoid the risk. Remember, no bargain is worth compromising your personal and financial security.