Amid the excitement for Black Friday, and with shoppers expected to spend almost £9.2bn this weekend, 15% more than in 2020 when much of the UK’s high street was in lockdown, the National Cyber Security Centre (NCSC) have warned consumers to be vigilant when shopping online over the coming days and weeks. The warning specifically calls out a worrying growth in the number of successful “web skimming” scams, many affecting small and medium businesses, with the NCSC reporting 4,151 cases since April 2020 when the pandemic hit and forced even more shoppers online. These scams infiltrate business websites, trying to go unnoticed as they stealthily go about skimming – or stealing – information from shoppers.
“The impact of such scams to shoppers who get caught up in them is costly. The goal of the attackers is to steal shoppers’ cash and payment details, including credit card numbers, expiration dates and card verification codes, everything an attacker needs to do some Black Friday shopping themselves. And of course, shoppers who do get caught out while shopping on what they believe to be a secure website are highly unlikely to do so again, damaging the reputation of the business running that website.
“So how can shoppers protect themselves this shopping season? In an ideal world they wouldn’t have to because every website they visit would be secure and every transaction would be a trusted one exchanging money for goods or services. However, it’s not an ideal world and many small and medium businesses struggle to build or maintain secure websites due to resource constraints with knowledge, people, and time, not to mention the rush to remain relevant and visible in an increasingly packed and competitive marketplace.
“So, unfortunately shopper vigilance is important and should be driven by an understanding of the following:
· Be careful where you shop online. This doesn’t mean only sticking to the online retail giants – supporting local and smaller business is vital – but it does mean:
– Read consumer reviews to gauge trustworthiness and previous shoppers’ experiences, both good and bad. https://www.trustpilot.com/ is typically a good source of same.
– Watch for typos in the website URL. shoptilyoudrop.com is not the same as shoptilyoudroq.com.
– Ensure there’s a padlock symbol up in the top left of your browser window beside the website URL. If it’s there you still need to keep your guard up when transacting; if it’s not, then it’s time to look elsewhere.
– Watch out for website redirects, i.e., being moved from page to page to page as you enter your payment and other details. Things to think about here are where you are being redirected to and whether the destination is secure (e.g., is the padlock symbol there?)
– Don’t provide any more information than is strictly necessary to complete your transaction.
· Use a trusted 3rd party payment provider such as PayPal, Apple Pay or Google Pay. Such providers don’t share your actual payment details but rather a one-time generated series of numbers for each transaction, meaning that if attackers do manage to skim those numbers, they won’t be able to use them for any further transactions or sell them on the dark web.
· Always keep a close eye on your bank account, watching for unexpected debits and even small amounts that attackers may be making to test if your card is still active.
“Lastly, a little common sense combined with a healthy dose of alertness can help ensure a happy shopping season for all!”