As an increasing amount of economic and social activity takes place online, so it should come as no surprise that cybercrime is on the rise. There is an on-going technical arms race between I.T. and service suppliers and criminal groups sometimes working on a global scale. For the individual consumer, awareness of what you can do to protect yourself, should allow you to transact online with confidence.
Passwords are used by online systems to identify the individual, so these should only be shared with a supplier using an encrypted link (indicated by use of https and/or a padlock symbol before the website address).
Passwords can be compromised by data theft from suppliers, though it is the hashed version of a password that is stolen, which is not easy for the criminal to use unless the password is weak or can be guessed using some publicly available personal data. Hence the need to be careful publishing personal information, and to use the privacy options on any social media you use.
To check if your password has been compromised in this way do a check at https://haveibeenpwned.com/ which publishes lists of accounts offered on the dark web.
Your response to any such breach or inadvertent sharing of a password should be to change it for the accounts affected. While you may have many accounts, a criminal would only be interested in ones where they can order goods using your finances or access funds, so these should be the priority.
Another key sector are your email providers (and other tech companies) that you use for authentication processes, such as resetting passwords. These should also be included in your top tier of password control.
For such key accounts, strong unique passwords should be the rule. A common tip for creating a strong passwords is to use three random words – and to make them unique, add something specific to the provider.
Additional protection can be had using two-factor authentication (2FA). Refer to www.turnon2fa.com for more detail. The idea is that making a significant change such as resetting a password, requires, not just the existing password, but a confirmation via response to a message to your phone or email.
Please refer to Pa$$W0rD protection | Neighbourhood Watch Network (ourwatch.org.uk) for more guidance plus links for specific suppliers.
Criminal hackers are constantly trying to exploit vulnerabilities in the software and networks used by your online transactions. The software companies are always working to close these down and they do this by releasing software updates, sometimes referred to as security patches. Keeping software up to date and applying patches quickly is important, so enable auto update options on your software where it is available.
Anti-virus software should be enabled as this will scan any downloads for known viruses – avoid downloading (which includes clicking on attachments to emails) except from trusted sources.
Firewalls should be enabled as this allows you to control the connections made to your device or network. Some public wi-fi networks are not encrypted so avoid using these for transactions that require passwords or account details.
Planning regular backups of your data is important in case of accidental or other disaster.
For further information visit CyberAware.gov.uk for more guidance plus specific links for common software.
A less technical risk with online shopping is that a seller or the goods they offer are not what they appear to be. For large purchases especially extra care should be taken.
A trusted platform, such as e-Bay, could be used by fake sellers. Stay on the website – follow their procedure / terms and conditions. Never use direct bank transfers. Be wary of any last-minute changes to delivery address or payment method. Use recorded delivery when selling items. Check out the seller/buyer review history. Use credit cards and/or paypal to give extra protection.
Remember that emails are not a secure communication, so do not take at face value emailed notifications that funds have been transferred and avoid using links provided in emails – use the official website directly.
A common scam is when the fraudster ‘overpays’ you and then requests money back. Be wary of anything unusual when shopping online. Check your bank statements carefully and report anything suspicious to your bank. And remember if something appears too good to be true then it probably is.
This animation reinforces the police guidance around online shopping https://www.youtube.com/watch?v=Y-_wPFXK2m4.
If all of the above guidance is followed, then the risks of transacting online are very low. Criminals are increasingly targeting the individual rather than the technology using scams. They may do this by impersonating a trusted organisation such as your bank, the police, HMRC or the NHS. Or they may impersonate widely used companies, such as BT, Sky and Microsoft.
Be wary of unsolicited contacts via any channel – phone, email, text, social media, or in person.
No legitimate organisation will ask you to attend your bank, withdraw, transfer or pay money over the phone or send couriers to collect your card or cash. Nor would they ask you to buy goods or vouchers. They will also never ask you to reveal your full banking password or PIN. Any such request will tell you that this is a scam.
Do not give out personal information to an unverified contact. Use established contact methods (e.g. the phone number on the company’s website) to check. Criminals can change their phone number to be anything they like, such as the number on the back of your bank card, so do not take Caller ID as proof of identity.
Beware of anyone claiming to be from a company but not using the company domain in their email address. Check online any new company names and telephone numbers you have been given, if not from a trusted source.
A common tactic is to try to panic you with false deadlines or imminent danger – do not allow yourself to be rushed into an action. Be extra cautious if you are asked to pay up front fees or if you are asked to pay using e-money or money transfer bureaus.