Black Friday: Cybersecurity expert’s top tips for safely shopping online

The busiest time of year for shopping is fast approaching and there are many deals to be had. However, it’s important to keep ourselves safe from hackers and scammers that target online shoppers. 

Online safety expert Chris Bluvshtein at VPNOverview.com gives his top ten tips for keeping yourself safe while shopping online during the holidays. 

Stick to websites you know 

You might be tempted by a Google link promising an amazing deal but before you click, look at the name. If it’s not something you recognise, don’t go there. Hackers can use similar names to high-street brands to trick you into giving up your data so double check the site is the one you know. Google also tells you if you’ve visited the site before so it’s worth taking your time and checking for those details. 

Check the URL bar 

Every website should have a valid security certificate and you can tell by the little padlock icon next to the URL. If a website doesn’t have one of these then don’t give your bank details or valuable information. 

Check your bank statements 

You might not even be aware of your details being stolen until it’s too late, but by making it a habit to check your account and statements you’ll be able to catch any suspicious activity early on. Your bank will have information on any time limits they have for fraudulent purchases, so be sure to keep an eye on your statements. 

Use a password manager 

The safest thing you can do is use a unique, randomised password for all your accounts. But instead of writing those down on post-it notes or in notebooks, use a password manager to keep them all in one place. Password managers lock your information behind a master password and many of them autofill the website logins for you, keeping you safe from keylogger attacks. 

Don’t shop on public Wi-Fi 

You might be tempted to hop onto your favourite shopping site while having a coffee at your local cafe, but that public wi-fi connection is extremely dangerous to use. Public Wi-Fi rarely has safety protocols such as passwords in place and hackers can piggyback and steal unsecured banking details and sensitive information without you knowing.  

Use mobile payments 

Apps like Apple Pay and Google Pay can protect your banking details so if a website accepts them, it’s best to use them instead of your debit card. 

Use a credit card 

If something is high value, don’t use your debit card to pay for it. Consumer law in the UK means that you could get refunds or claim your money back if your card is stolen. Credit cards also have more protections than debit cards. 

Set up a temporary bank account 

By opening an online only bank account such as Revolut or Monzo, you can control the amount of money you have access to with transfers from your usual account. This way, even if your details are compromised, the hacker can’t do anything to your real bank account. 

Use a VPN 

A VPN protects your data from prying eyes. Everything you send is encrypted so even if a hacker can see you on a network, they won’t be able to access your sensitive information. VPNs connect you to a remote server and hide your IP, using one along with any of our other tips can make your online shopping super secure. 

If it seems too good to be true, it probably is! 

Be careful with any adverts for amazing deals. You might never get the item or there could be hidden dangers. This old saying still rings true with online shopping. 

Safe Surfing: free cyber safety factsheets available

Scots are to be armed with a new tool to equip them with the digital know-how and best practice on how to tackle cyber crime. To coincide with Safer Internet Day 2018, the Scottish Business Resilience Centre (SBRC) has revised its hugely successful cyber safety factsheets which aim to provide individuals and businesses with enhanced guidance to thwart e-crime. Continue reading Safe Surfing: free cyber safety factsheets available

Hacked off!

Hackers target City Council

Internet

The city of Edinburgh Council’s website has been hacked. Cyber-criminals have stolen over 13,000 email addresses after penetrating the city council’s security firewall.

Individuals who have had their details stolen were contacted by the city’s Director of Corporate Governance, Alastair Maclean, this morning, asking them to change any passwords used to access the council’s website.

In an email to clients who have registered with the council, entitled ‘The City of Edinburgh Council – Important information about your email address’, Mr Maclean said:

Dear Website User

We are emailing to let you know that the Council’s website was subject to a cyber attack which got through our website service provider’s security. The attacker copied some email addresses, including yours, but we would like to reassure you that no other personal data was taken.

If you had a password for the website, as a precaution, we have reset your account and you will have to change your password the next time you log in. This change does not apply to your “MyGovScot” account.

It is possible that your email address might experience an increase in spam or phishing emails. Information and guidance on spam and phishing is available from Citizens Advice

https://www.citizensadvice.org.uk/consumer/protection-for-the-consumer/scams/common-scams/computer-and-online-scams/phishing-spam-emails-and-fake-websites/

We are taking this incident very seriously. We have made sure that our service providers have reinforced the security of our website and we will continue to monitor security regularly.

If you do have any concerns, please contact the Council on 0131 200 2000

 

A council spokesman added: “This was a malicious cyber attack on the Council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any Council services affected.

“We are contacting everyone who has been affected to inform them of the incident and offer them advice and support. We have reassured individuals that the only details that have been accessed are their e-mail addresses.

“The Information Commissioner’s Office has been informed and preventative measures have been taken by the web service providers.

“We want to reassure the public the ongoing security of our website is critically important, and we continue to work with our service providers to ensure that the risks associated with attacks are dealt with.”