The threat of fraud and cyber scams is a 365-days-a-year problem when it comes to online shopping.
But just as the rate at which retailers hit you with promo emails scales up at this time of year, so too does the risk of falling foul of criminals trying to access your bank account.
According to the National Cyber Security Centre (NCSC), shoppers lost more than £10m to cyber criminals over last year’s festive shopping period.
With Black Friday sales under way and Christmas on the horizon, Sky News enlisted some cybersecurity experts to offer advice on how best to stay safe and avoid scams this year.
Spotting a dodgy email
A favourite tactic of fraudsters is to draw you in with an email that looks remarkably legitimate, seemingly offering an exclusive deal at one of your favoured retailers.
It is, as Mike McLellan of Secureworks puts it, a “classic scenario we’d expect to see around Black Friday”.
An important thing to look out for is the domain name of the sender’s email address – is it a close match, but with something slightly off? Think @amaz0n.co.uk, for example.
“On smartphones, that kind of detail is usually hidden,” advises Mr McLellan. “So tap on it and check where the email has come from.”
You should also keep an eye out for misspellings and odd formatting.
However, the NCSC has warned that criminals are likely to use increasingly accessible AI tools to produce even more convincing scam emails, websites, and adverts than usual.
If you’re at all unsure, it’s good practice to go to the website directly, rather than click on any links in the email.
Fake websites
Some scams may direct you to a retailer’s login page to enter your account information.
It could look perfectly normal, and you go ahead and pop in your username and password, while in the background, criminals capture that information and use it themselves.
Chris Bluvshtein, of VPNOverview, says: “Every website should have a valid security certificate, and you can tell by the little padlock icon next to the URL.
“If a website doesn’t have one of these, then don’t give your bank details or valuable information.”
These can be some of the hardest scams to notice yourself, but banks have become very good at alerting you to “unusual logins” and flagging any subsequent dodgy transactions.
“If you suspect something bad has happened, consider changing your password,” Mr McLellan says. “And checking your bank activity.”
Text message scams
Another classic of the Black Friday scam genre is a text message suggesting you have a parcel waiting with DHL, Royal Mail, or some other delivery provider.
“Quite often you will be expecting something when you get these texts – but again keep an eye out for anything that doesn’t look normal,” says Mr McLellan.
A good indicator that something is amiss is if the text asks you for payment and includes a bit.ly link.
You should not click on these.
The rise of ‘Qishing’
An emerging threat over the past year is an extension of phishing using QR codes.
Secureworks has dubbed it “Qishing”, when criminals use them to direct unsuspecting consumers to fraudulent websites that could steal their personal information.
Director of threat intelligence, Rafe Pilling, says: “We’re so used to seeing ‘scan this code’ to register, view a menu, order drinks or food to a table, or even enter competitions via the big screen at events stadiums, that consumers are thinking less about what they’re actually scanning.
“As the hype around holidays like Black Friday drives more urgency in consumer actions, we can expect to see more cyber criminals taking advantage with Qishing.”
Password managers and mobile payments
Modern smartphones and web browsers offer some useful baked-in features to help you stay safe.
Both have password managers and generators, which will come up with randomised options for you to lock your accounts and then store those behind a master password – or even biometrics like facial or fingerprint recognition.
Consider multifactor authentication as well, says Mr McLellan, for an extra layer of security.
Apple and Google Pay are good payment options if the retailer accepts them, as they protect your bank details.
“It’s best to use them instead of your debit card,” says Mr Bluvshtein.
Avoid shopping on public networks
Black Friday promotions will often try to entice you with limited time deals, alerting you to them via an app notification, text message or email.
If one arrives while you’re out and about, it could be tempting to jump straight to it.
But shopping on public wi-fi networks, like those you might find at railway stations and on trains, is a bad idea, according to Mr Bluvshtein.
“Public wi-fi rarely has safety protocols such as passwords in place, and hackers can piggyback and steal unsecured banking details and sensitive information without you knowing,” he says.
What to do if you suspect you’ve been scammed
Even with the best will in the world, there may come a moment where you suspect the worst.
But try not to fret – there are steps you can take to limit the damage, or prevent any from occurring at all.
“Keep an eye on bank accounts and if you see anything unusual, get in touch with them,” says Mr McLellan.
“Banks have got very robust fraud controls these days – and that’s why it’s best to use credit cards if possible.
“If you think any of your online accounts have been compromised, change the password, and try not to reuse them across different retailers.
“We do recognise that some of these have a technical bar to them, but if nothing else, at least keep an eye on what’s happening and be vigilant about your online activity.”
