News
Cyber security matters - #10 Seasonal shopping security
Posted on behalf of: The Better Sussex Team
Last updated: Friday, 15 November 2024
What are the most common holiday scams?
-
Holiday sales – a lot of companies use holiday emails to promote sales during this period. Black Friday sales are one good example. Cybercriminals take advantage of our thirst for a bargain by using phishing emails which, once clicked, may lead to a malware download on your device or a fake website asking for your personal and banking details.
-
Parties and events- be cautious of event listings or tickets advertising popular holiday events, again cybercriminals can exploit you by creating fake listings to gain personal details.
-
Shipping delivery notification emails – as festivities near, consumers will be eager to make sure presents arrive on time. Cybercriminals can use fake text or email notifications about shipping to draw consumers to a fake website.
-
Gift cards - Cybercriminals can trick shoppers into purchasing gift cards and providing codes or pins, giving them access to the funds loaded onto the cards by impersonating reputable companies.
Case study- Black Friday online scams
In November 2023, the National Cyber Security centre (NCSC) launched a cyber awareness campaign to help shoppers stay safe online in the run up to the holiday season. This was particularly necessary due to the rise in cybercriminals using AI generated content to produce more convincing scam emails, fake adverts and websites.
The warning comes as new data published by the National Fraud Intelligence Bureau (NFIB), which is run by the City of London Police, revealed that British people lost £10.6 million to online scammers between November 2022 and January 2023 – with each victim losing £639 on average.
Speaking about the campaign, Felicity Oswald, NCSC Chief Operating Officer, said
“As we enter the Black Friday and festive shopping period, online shoppers will naturally be on the lookout for bargain buys.
“Regrettably, cyber criminals view this time of year as an opportunity to scam people out of their hard-earned cash, and the increased availability and capability of technology like large language models is making scams more convincing.
“I would urge shoppers to follow the steps in our online shopping guidance, which includes setting up two-step verification and using passwords with three random words, so they’re easier to remember and harder to hack.”
Pauline Smith, Head of Action Fraud, said:
“Make sure you know where and who you are buying from. While our figures show that people aged 25-34 years old are most likely to fall victim to an online shopping scam, fraud can affect anyone of any age. Be alert when using social media to purchase items as more than half of people who reported online shopping fraud to Action Fraud encountered a problem on these sites.
“Where possible, use a credit card when shopping online as this will offer you more protection if anything goes wrong, and follow our practical advice to help you shop online safely.”
So how can I stay safe?
Here are some quick tips to help you stay safe in the lead up to the festive period:Look out for suspicious attachments and links, opening an attachment or clicking on a link may lead to a lookalike login page. As this could be used to steal your credentialsLook out for suspicious attachments and links, opening an attachment or clicking on a link may lead to a lookalike login page. As this could be used to steal your credentialsLook out for suspicious attachments and links, opening an attachment or clicking on a link may lead to a lookalike login page. As this could be used to steal your credentialsLook out for suspicious attachments and links, opening an attachment or clicking on a link may lead to a lookalike login page. As this could be used to steal your credentials
-
Look out for suspicious attachments and links, opening an attachment or clicking on a link may lead to a lookalike login page. As this could be used to steal your credential
-
Before you interact with any unexpected email check that it’s legitimate, especially if it directs you to a login page where it asks you to enter your user credentials
-
It can be tempting to click on a ‘call-to-action', but if you notice a subtle change or inconsistency within a message, don’t click on it, don’t ignore it and do report it.
Important! Always report any phishing emails or if you have accidently clicked on a suspicious link contact our IT Service desk ITS service desk.
How to learn more
Each month, we’re releasing a matching bitesize training via Proofpoint, our online learning platform, which is emailed to you. This month’s training will arrive in your inbox on Tuesday 19 November.