We've all been using the internet a lot this year, whether its video meetings for work or ordering groceries to be delivered to our door.
As Christmas approaches and many of us are either in lockdown or simply prefer to avoid the High Street, we're turning to online shopping - and hunting down those Black Friday bargains - to sort the presents early.
Research earlier this year by McAfee found there were 375 new threats per minute and this rose in Q3 to 419. The security firm discovered that although 42% of consumers are aware of cyber risks, they have no plans to change their online buying habits.
The study also found nearly three-quarters of millennials don't check whether Black Friday or Cyber Monday deals received via email or text are authentic and trusted before clicking on links in them.
The sad truth is that, unless you have your wits about you - and some decent security software to help out - there's a good chance you'll end up getting scammed. Indeed, NortonLifeLock says 16.5 million of us did in the UK last year.
Whether that's inadvertently typing login details to fake website or actually handing over payment details and potentially losing money, the cybercriminals are out there, desperate for your hard-earned cash.
By following these tips and tricks and watching out for the latest scams, you should be able to stay safe throughout the festive season.
Black Friday scams to avoid
- Fake refund emails: be careful of emails even if they look legitimate
- Fake websites offering too-good-to-be true deals
- Text messages warning you of suspicious activity and to click a link to a fake bank site
- Messages asking for personal information to click & collect goods
Pete Turner, a consumer security Expert at Avast, has these tips for staying safe:
- Don't save your payment information on websites, or web browsers. Why take the risk?
- Use a credit card with a credit limit. This protects you if your payment details are compromised
- Better still, use a different card that's for online shopping only
- Use different passwords for every website. A password manager saves you having to remember them all.
1. Use your common sense
- If a price is too low, it's probably a scam
- Check if the price really is the lowest around and be wary of 'fake' discounts
- Navigate directly to the retailer's site, and avoid clicking links in emails and text messages unless you trust the sender
We all love to save money, but criminals know this all too well and use this to part you from your cash. No doubt your inbox is overflowing with emails from companies offering deals and discounts for a variety of products.
Many of these will be genuine, like the newsletters you've subscribed to from brands you know, but the general rule of thumb online - as in life - is that if something seems too good to be true, the chances are that it probably is.
Black Friday deals can offer huge discounts which are real. But there are loads of Black Friday scams as well.
Despite what social media companies say about their vetting process, it's still worth checking that the ads you see on these sites are genuine. Facebook and Twitter will not be held responsible if you get caught out after clicking on one of these links. It's also worth checking the reputation score of those retailers via sites like Trustpilot.
Recently we saw ads for electric bikes at unbelievable prices under £100. Sure enough, on the website the bikes had no descriptions or specifications and we couldn't find a company address on the 'About us' page. These are all red flags which should alert you to a scam.
If the email is from a reputable website or retailer, simply navigate to the site yourself in a web browser and the deal should be available. Either that, or click on the links in our articles where we've arranged special deals you can't get by going direct.
Beware, criminals often set up sites that look exactly the same as the one you’re expecting (at least for a page or two anyway) and it can be an easy mistake to log in, then get a nasty surprise when you don't receive the goods or your bank account is emptied.
Of course, you should be in no doubt that the pop-ups offering a free iPhone, PS5 or something else are among the most blatant scams out there, and should be avoided at all costs.
If you're shopping for technology and gadgets, be sure to browse our hand-picked best tech deals.
2. Use well-known websites & security software
- Stick to the retailers you know and trust
- Use good antivirus software
For the reasons above, it's a good idea to stick to using websites for companies you know. The likes of Amazon, John Lewis, Currys PC World and Argos are ones we'd regularly recommend for buying tech in the UK, even if you might have to pay a few pounds extra.
In any case, it's worth installing antivirus software with a built-in website checker, which will give you the green light is a site is secure and safe. McAfee's WebAdvisor is a great free option, and quite a few other antivirus companies offer similar free browser add-ons which will warn you of potentially dangerous sites in search results as well as if you click on a link in an email and are about to visit one of these sites.
On the subject of antivirus, you can see our round up of the best security software the best antivirus deals. Often, antivirus software is available on Android, macOS and other devices, which is particularly useful if you regularly shop on mobile devices and not just your laptop or PC.
You can also follow the advice of Nominet's Head of Information Security Cath Golding when buying from smaller online retailers: “…rather than shopping via a link to a website through emails you receive, open a new window and visit the retailer through a reputable search engine instead. This could help you avoid falling victim to any emails scams by clicking on unscrupulous links to copycat pages.”
While it might seem unfair to up-and-coming retailers, your safest bet is to go for a site you know is reputable.
3. Check before you checkout
- Check for the padlock icon when at the checkout
- Make sure the website isn't a copy of a legitimate one
Jon Callas, CTO of security solutions firm Entrust, warns users not to let their guard down when they hit the online checkout. According to Callas, you need to look out for several things before entering your credit or debit card details into a website.
"If the site has an EV (extended validation) certificate the address bar will be green and the business name will be readily visible," he said. This means that the site has met a specific set of security guidelines which are independently verified, and that the site can be trusted.
Secure Sockets Layers (SSL) are used to ensure data is encrypted before being transmitted across the web and also indicate an organisation has been verified. Callas says potential purchasers should keep an eye out for https in the address bar rather than http, as this highlights a site uses SSL. Virtually all websites have moved to https now, so those that don't and sell products shouldn't be touched with a barge pole.
You should also look out for the padlock icon somewhere in or near the address bar, which is one of the main security features of basic SSL.
"Depending on what browser you use, it might be on the address bar or somewhere else like the title bar. But if you click on it, you will see security information about the site you're on," he said.
Furthermore, respectable organisations will display the site seal of their SSL certificate provider either on their home page or during the checkout process. He also recommends clicking on the site seal to ensure it's legitimate. You should also verify that the date and name of the organisation are consistent with the site you're visiting.
Those using public Wi-Fi, especially if it's unsecured, need to be extra careful as "you never know who could be listening", according to Callas. In fact, using a VPN is the most effective way to stay safe on public Wi-Fi.
"Double-check that there's SSL, and that the certification is good. Be extra, extra careful on a public computer; don't do anything financial or involving a password unless you must, as these are easily riddled with malware."
4. Check delivery times
- If buying a gift, be sure to check it will arrive in time
- Check the seller is in the UK, not abroad
One of the advantages of going to the high street is that you return with your presents under your arms. Online shopping saves the trip, but means you have to wait for delivery.
Of course, sites such as Amazon offer next day-delivery at a price (or as part of the Amazon Prime service) but you still have to be in to receive them, and delays can happen at Post Offices with the huge amount of mail that goes through the sorting offices, especially at Christmas time.
Always thoroughly check the availability of items before you click Buy, and remember that Amazon also lists products from other companies that might not be based in the UK, so make sure you check that you're buying from Amazon rather than a 'marketplace seller'. Or, make sure that the seller lists a suitable delivery time.
It's similar with eBay. Don't assume the company you're buying from is in the UK, even if their contact page says they are. Many China-based companies put 'UK' or 'London' as their location in order not to put off buyers, but check the delivery estimate and also the seller's recent feedback to see if they can be trusted to deliver your stuff quickly. You should also be suspicious if eBay seller
5. Check what's in the box
- The latest scam is to swap out valuable products for worthless ones
Just recently, some PS5 buyers have found themselves opening boxes which don't contain their eagerly-awaited console. This is despite a security PIN system which should ensure the courier only delivers the box to the correct recipient.
So my #PlayStation5 that should have been delivered at lunchtime turned up tonight, handed over my security code to the courier, took in the box, opened it...only to find some cheap Airfyrer inside! Unbelievable! My PS5 has been nicked! @AmazonHelp pic.twitter.com/Ps3Yrd0V8V— Steve May (@SteveMay_UK) November 19, 2020
So, ask the courier to wait for a few seconds while you check that the contents of any brown cardboard box contain what you were expecting and refuse to accept the delivery if they don't.
6. Click & Collect
- Watch out for fake messages which request sensitive information
An alternative to home delivery is click & collect. Many big-name sites offer this. For example, you can collect many eBay products from your local Argos store.
Amazon has lockers in quite a few places now (check by your postcode here) so you can collect your items at a suitable time to you, and you can specify where they're delivered to.
Most supermarkets also let you order online and collect in store, but do watch out for any charges as it isn't always a free service.
7. Regularly check bank and credit statements
- Use a credit card or payment method which offers protection
- Check your accounts regularly for fraudulent activity
If you usually shop online, or have been doing so this holiday season, it's also a good idea to check in on your bank or credit card statement online.
Criminals who've stolen your card number can charge you a small unnoticeable amount at first to test whether the payment goes through and then charge a larger sum later.
8. Check returns policies
- Buy from retailers that have extended returns periods
Sometimes you'll need to return an item that doesn’t fit, or find that there's a problem with a present purchased for someone else. So before you buy, check the return period if you are buying a gift.
Many retailers extend this beyond the usual 30 days over Christmas, but don't assume they all do. Ideally, open the packaging and test out what you buy as soon as possible, rather than wait for Christmas day and find out it doesn't work.
You'll find more information in our guide to the Consumer Rights Act 2015.