NCSC asks buyers to be wary of phishers & scammers on Black Friday
23 November 2018
The National Cyber Security Centre has offered a number of helpful tips to British consumers on how to spot phishing tactics and fraudulent campaigns by cyber criminals when hunting for the best Black Friday bargains and once-in-a-year deals on the Web.
The UK’s cyber security watchdog said that while millions of people in the UK have been waiting for this day to arrive so that they can fulfil their Christmas desires for the best price, cyber criminals can’t wait either and want to take full advantage of the fact that buyers’ guard will be down today and many may be fooled by online scams masquerading as genuine Black Friday deals.
Good cyber hygiene the best antidote for Black Friday scammers
However, the NCSC said that even though identifying an online scam amidst hundreds of promotional emails is a difficult talk, one does not need a degree in computer science to spot scams and phishing tactics and following good cyber hygiene alone can go a long way in ensuring the protection of a buyer’s personal and financial data from fraudsters.
“Staying safe online doesn’t require deep technical knowledge, and we want the whole country to know that the NCSC speaks the same language as them. With so many of the UK shopping online, we want to see these tips shared from classrooms and scout groups to family dinner tables and old people’s homes,” said Ian Levy, technical director at the NCSC to BBC.
According to the NCSC, a few simple yet necessary actions such as regularly updating all devices with the latest security patches rolled out by software vendors, using strong and unguessable passwords in all devices, not basing passwords on nicknames, date of birth or familiar events, not using the same password for more than one account or more than one device, using two-factor authentication, and using a password manager can help users prevent identity theft and injection of malware or ransomware into their devices.
It is quite possible that scammers may lure online buyers into clicking on phishing links or domain-spoofing links to either obtain their personal and financial data or to inject malware into victims’ devices. To prevent this from occurring, NCSC is advising buyers to carefully analyse web links before clicking on them, type a shop’s website address manually into the address bar to shop safely, and only shop on e-commerce websites that they know and trust.
Buyers have also been advised not to give out too much personal information through online forms on shopping websites and only fill the mandatory details on forms. For example, if a shopping website is asking a buyer to fill out his mother’s maiden name or the name of his primary school, the buyer should strictly avoid giving out such details.
To be extra careful, buyers should altogether avoid creating fresh accounts and filling in personal information on new e-commerce websites and should purchase products from websites that they’ve either used before or trust completely.
Helpful tips from cyber security experts
“Expect a lot of phishing emails claiming to be from retailers, banks, and payment processors. They will try to get you to click on links that lead to forgeries of legitimate websites where you enter your password or credit card information. Don’t click on links in unsolicited emails and always check for valid HTTPS before entering any information into a website,” says Paul Bischoff, privacy at Comparitech.com.
“You buy something and it never shows up. This often occurs when a scammy merchant claims there is some problem with Amazon or Ebay’s payment system. They’ll try to contact you and extract payment through some other means. Don’t interact with merchants outside of the marketplace’s official channels,” he adds.
Lamar Bailey, director of security research and development at Tripwire, says: “Your inbox with start getting flooded with Black Friday deals soon if it has not already started. Not all of the emails will be legit, as attackers will take valid emails and change the links to point you to malicious sites that may look like the real things. Always check the sender address to make sure it looks normal and instead of clicking on links go to the company website and the deals will generally be on the front page.
“Never use your ATM/Debit card for any transactions. If your number is stolen it can take days for the bank to refund the money to your account and even longer to get a replacement card. If you use a credit card and your number is stolen the credit card company will quickly adjust your account and overnight a new card. The best option is to use virtual credit card account numbers from your credit card company. With these you can set a limit and timeline so there is less opportunity for theft.”