Consumeradvice

Cyber Security – Protecting Your Information When Shopping Online

Cyber scams can come in various forms and impact consumers in different ways. With a variety of methods employed by scammers to gather consumer information, being aware can ensure that we are not caught out. This is particularly relevant when shopping online, with scammers utilising social media platforms and cloned websites to gather personal information.

Online shopping is a convenient and speedy way of purchasing the items that we need and want. With the amount of information that we provide when shopping online, including account details, credit and debit card information and our addresses, remaining vigilant and knowing what to watch out for are important.

There are various types of cyber scams, and differing methods that scammers use to carry out their illegal activities.

Phishing (and Vishing and Smishing) & ‘Social Engineering’

Most cyber scammers gather information via social media and email. A ‘mixed-media’ approach enables scammers to gather data through several channels which the individual then utilises. This serves to create a more comprehensive picture of the consumers’ private details and fills gaps which other methods may have overlooked or missed.

Phishing remains the most commonly known of these 3 types of scam and typically involves the scammer gathering personal information (such as banking details) by masquerading as a legitimate source. This can take the form of an email from an organisation such as the HMRC, a streaming service provider or delivery companies the consumer may have used before.

These emails often advise of a failed payment or request the resetting of a password. Attempts to comply with the email’s request usually redirect the user to a fake website which appears like the real deal. When the requested information is submitted, it can give the scammer full access to the consumer’s account.

These scams can appear even more legitimate if the consumer is contacted directly by telephone or SMS (also referred to as ‘Vishing’ or ‘Smishing’). These social engineering techniques take the form of unsolicited contact. However, more complex efforts can appear to be from familiar sources such as a friend or family member requesting money. This method is referred to as ‘blagging’ and often appears to come from people close to the target, making them seem like genuine requests.

Scammers can utilise details from fraudulently obtained details provided by consumers when online shopping in ‘phishing’ scams. When shopping online consumers are urged to ensure that the sites that they are visiting are legitimate, and when purchasing items through social media, that they check the credentials of the seller.

Malware

The term ‘malware’ is an amalgamation of ‘malicious’ and ‘software’. This is a particularly vicious type of cyber-attack that can take various forms. The ultimate motive of the scammer is to obtain control of the target device.

In 2012, the House of Commons Science and Technology Committee published ‘Malware and Cybercrime’, which outlined how a target may never know that they have been the subject of one of these attacks as the only noticeable consequence being a loss in performance of the device(s).

There are also situations in which the cyber-scammer can use malware to infect a device and then use this to lock the person out of their emails and personal documents, demanding payment to be made in order to remove the virus. Threats can extend to the information which the hacker has obtained from the victim’s device(s), threatening that the individual’s web history will be made public (often mentioning the use of adult sites). Even more disturbingly, scammers have threatened to release webcam footage of the victim which they have obtained from the device(s) without the individual’s knowledge.

The most important thing to note when threatened with cyber blackmail is to ensure that no payment is made and immediately inform the relevant authorities. These acts are criminal and need to be reported as such.

Paying scammer the sums requested rarely solves the problem, and may lead to further instances of extortion; either using the same information to request even more money be paid, or the sale of this information on to other scammers who can make similar attempts. 

When shopping online, consumers should be careful of entering information into websites, as these can be used later to reach out to consumers to initiate malware scams.

Internet Service Provider (ISP) interaction

Interaction between the Internet Service Provider and consumer in the UK is limited when compared with other countries who more openly and proactively contact their customers to advise when a breach of security happens or when a device becomes compromised by ‘botware’ or malware.

The number of infected machines has seen a dramatic decrease over time, with ISP’s becoming more vigilant in their attempts to protect consumers. The sharpest decrease demonstrates a reduction from 5.5 million occurrences of infection in September 2010 to 3.5 million in 2012.

The evolving nature of these attacks and the increasing complexity and intensity of cyber scammers means that vigilance is key both on the behalf of the ISPs that consumers are paying to supply a service and the general public at large.

 

At consumeradvice.scot, we believe that cyber security is of the utmost importance in protecting your personal information, particularly when shopping online. We have put together some of the top tips for ensuring you remain cyber-secure, not only for National Consumer Week, but for every day –  

Passphrase protection – Ensure that your passwords are not easily guessed by upgrading them to ‘passphrases’. Use three random words that are memorable to you – But not connected and easy for potential scammers to guess. Try to use different passwords on non-essential sites (such as forums) than you do for regularly accessed sites and apps (banking, emails etc).

Update regularly – Ensure software and app updates are up to date – many updates contain vital security updates that help to protect devices from scammers installing malware. This should include Anti-Virus software.

Avoid and report suspicious activity – If you get an email requesting a change of password and a link is provided, avoid clicking this as you may be redirected to a cloned site that looks legitimate but IS NOT. Report any suspicious activity to the official website in question or through scamwatch.scot.

Be aware of scam trade tricks – Remember that scammers can use multiple sources to gather information and target you, including social media. Be wary of the information that you share online that others can see and do not get caught out. Keep up to date with the current tricks that scammers are using.

Back up important data – Ensure that photos and important documents are backed up in case your machine is compromised. Backup can be made to a hard drive which is external to the device or a secure cloud-based storage system.

In instances where a breach of security has occurred, consumers should contact the police who have specialist teams who will deal with all reports confidentially and sensitively.

If you are concerned about scams or think that you have been scammed, consumeradvice.scot are able to offer free and practical advice on this, and other consumer issues.

You can contact consumeradvice.scot on 0808 164 6000. We are open 9am-5pm, Monday-Friday.

You can report suspected scams and suspicious activity by visiting www.scamwatch.scot.  

You can follow us on social media – Twitter: @advicedotscot and Facebook at www.facebook.com/advice.scot, Instagram: @advice.scot, or get ahead by visiting our knowledge centre at www.consumeradvice.scot.