Beware this phishing scam at Christmas
If you're shopping online this Christmas, watch out for this costly phishing scam...
Millions of shoppers will be gearing up for the annual Christmas blow-out - and this year, like last year, the majority of our spending is likely to be done online.
Consumer watchdogs have warned consumers to be on their guard, with bogus websites that look like legitimate versions of those of our high street giants continue to pop up. Shoppers have also been warned about the number of websites selling counterfeit goods or items that fail to arrive, which typically target users via email.
This type of scam is becoming increasingly sophisticated - but fortunately there are a few tell-tale signs to help you spot them and keep your money safe.
Beware email offers
According to online payments service PayPal, the majority of UK shoppers still don't cover the basics of shopping securely online and could leave themselves open to so-called 'phishing' attacks during the festive period. 'Phishing' is a crime that sees criminals send out emails designed to capture information - most typically credit card numbers and personal data - that can be used to commit fraud.
Users receive emails purportedly from major retailers, offering exclusive offers or asking users to check on the status of a purchase. Typically, these are bogus and the information you submit is used to defraud you.
Your first step should be to check the spelling of the web address or URL - many of these sites have misspelt or subtly changed names. For example, the official Abercrombie & Fitch store can be found at www.abercrombie.com - but a Times investigation found three unofficial websites in existence to lure unwary shoppers.
To further protect yourself, be wary of all unsolicited emails, even if they appear to come from a trusted source. Set your email junk filter to 'high' to ensure any bogus emails don't make it to your inbox. Never click on a link that has been emailed to you - type the address into your browser yourself. Ensure all your internet security software is up to date and upgrade your web browser as well: the latest versions of Internet Explorer and Firefox contain built-in anti-phishing protection.
If you do fall victim, contact your bank immediately to limit any fraudulent use of your account. In most cases, your bank will refund money you lose in a phishing attack.
Look for the padlock
Of course, offers sent by email aren't the only way fraudsters try to lure unwary shoppers - and many of us could alight on a bogus website simply by miss-typing the web address into our internet browsers. Fortunately, there are other ways to ensure you stay safe.
Before entering sensitive information such as your credit card details into any website, it pays to check that the data will be properly protected. Whenever you make any online purchase, make sure that the web address starts with 'https://' as opposed to the usual 'http://' - the 's' in this instance stands for secure. All reputable retailers will provide a secure web address for purchases.
You should also look for a small padlock either next to the web address or in the bottom right hand corner of your browser (or top right for Apple Safari users) - this shows that the security of the website is verified by a third-party security agency, typically VeriSign. The padlock ensures that your information will be encrypted to ensure hackers or other web users can't access your details.
One final thing - don't be fooled by a padlock that appears on the web page itself. It is possible for a fraudster to copy the image of a padlock. You need to check that it is in the window frame of the browser itself.
More ways to stay safe
You will receive a degree of automatic protection by keeping your internet software up to date. On more recent versions of internet browsers the address bar will also turn green - this confirms that the website is safe. It's also worth ensuring any internet security software or firewalls you may have are also updated regularly.
In addition, banks are doing their bit to help consumers by allowing customers to sign up for added security. You can register your credit cards (depending on your card provider) with either MasterCard SecureCode or Verified by Visa. Both these systems work in the same way - by using personal passwords to an extra layer of protection when you buy online. Find out more at consumer website Becardsmart.org.
Finally, always rely on your common sense when you're shopping online. Make sure you always shop with names you trust and if you're unsure, look for some contact details in the real world. Does the firm have a registered address or consumer helpline? If not, steer well clear. And - as with all scams - bear in mind that if an offer seems too good to be true, it probably is.
How to spot a bogus site
If you're ever in the situation where you're concerned a retail site or, indeed, any other type of website may be bogus, an easy way to protect yourself is to consult other lovemoney.com readers using our Q&A tool. Simply post the details of the site into the question and ask other lovemoney.com members for their opinion about whether it's a genuine site. You'll soon discover whether or not you're alone in your suspicions!
This is a lovemoney.com classic article, originally published in November 2010 and updated.
More: Get a 0% credit card | Government failing to protect us from scams | The dangers of using Paypal
Comments
-
"miss-typing" sounds like what we used to call a secretary.
REPORT This comment has been reported. -
Flop, if ever you hit a LoveMoney link that takes you to a web site that asks personal information, it's time to reconsider what you're actually looking at. Point 2 : False URLs can be almost impossible to spot. If you have the correct URL to hand, you can play spot-the-difference, so you would see the difference between Trustedbank.com and Trusted-bank.com, but without that comparison, you would be unlikely to spot the error. Lower-cased RN can look an awful lot like an 'm' in certain fonts. In the font of these rnessages, it is fairly clear - but did you spot it? RNESSAGES? Look again.
REPORT This comment has been reported. -
I thought I was pretty Internet-savvy until I came across this little test from Verisign (an online security company). Try it: https://www.phish-no-phish.com/default.aspx Carping aside, there is a serious side to security. Internet security is a lot like personal security - it requires a lot of "common sense" (trouble is, it's not common...) Many people will proudly boast, "I've never been burgled". It may simply be that they have nothing worth stealing! A burglar has [B}never[/B] walked past their home and thought, "I'm in there tonight"? A better boast might be, "Someone tried to burgle me last week. The police arrived and caught the burglar with crowbar at the front door..." - security measures tested recently and not found wanting! There are a couple of problems with security: 1) People only want it once they've been attacked 2) Security companies rub their hands together when they see (vulnerable) people coming through the door - just visit an Internet security website and see (but hide your credit card beforehand!). You might think you only want an anti-virus solution, but have you tried: firewall, disk tune up, backup, business protection, special promotion... before you know where you are, you've got a shopping cart filled with stuff you never knew existed before and a bill larger than the national debt of a small country! You won't be visiting there again in a hurry... Having been, "around the block" long enough to wear a furrow in the pavement, I strongly believe one needs a sense of perspective. Here it is: [B]Don't[/B] type [B]any[/B] URL into the address field of a web browser - you may make the kind of typo that cyber criminals are longing for - instead, type the URL into a search engine and see whether it's recognised - and if you trust the results as being from a genuine company. Look for the green box (Extended Validation) whilst undertaking an online purchase Know your rights as an Internet consumer. Either search for an authoritative site of your choice, or try: http://www.moneysavingexpert.com/shopping/consumer-rights-refunds-exchange To borrow from a George Lucas film, "Trust your feelings, Luke". If it feels dodgy, don't give them your money - you're also buying [I]trust[/I] from the purchaser. Finally, these measures will only limit your exposure. Know that there is no such thing as absolute protection - life's a gamble. As with all gambles, don't bet more than you can afford to lose!
REPORT This comment has been reported.
Do you want to comment on this article? You need to be signed in for this feature
30 November 2011