Black Friday security tips: Beware of websites that want too much info

Cyber criminals will be targeting online shopping as people take to the internet to bag Black Friday and Cyber Monday bargains as Christmas shopping begins – and the UK’s National Cyber Security Centre (NCSC) has urged shoppers to be vigilant and report suspected cyberattacks and scams.

The run up to Christmas is a lucrative period for retailers as people look to stock up on gifts – and many outlets will run promotional offers to coincide with Black Friday and Cyber Monday to encourage spending.

Retailers send emails offering promotions and discounts – and that’s something cyber criminals can exploit by sending messages of their own; phishing emails tempting people with an offer of bargains in order to steal money, usernames and passwords, personal information and more.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

The NCSC is warning shoppers to be cautious when shopping by being selective about where they make purchases from.

For example, people should be mindful if they’ve not heard of a particular retailer before, or if they receive an email claiming to offer direct links to bargain items. It’s best to take the precaution of visiting the retailer’s web address rather than clicking on a direct link.

And users should be wary of websites that ask for an unnecessary amount of personal information when taking payments – if they’re asking for additional security details, like a codeword or an answer to a secret question used to retrieve your password, it’s highly likely to be a scam.

“You shouldn’t have to provide security details (such as your mother’s maiden name, or the name of your first pet) to complete your purchase,” NCSC notes.

It also suggests: “The store may also ask you if they can save your payment details for a quicker check-out next time you shop with them. Unless you’re going to use the site regularly, don’t allow this.”

If people see suspicious emails or websites that seem to ask for too much information or seem to be too good to be true, the NCSC suggests the potential phishing emails or scam sites should be reported to its Suspicious Email Reporting Service (SERS).

Since being launched earlier this year, SERS had resulted in over two million reports of suspicious emails and websites, and has led to thousands of malicious sites being taken down.

“At this time of year our inboxes are filling up with promotional emails promising incredible deals, making it hard to tell real bargains from scams,” said Sarah Lyons, NCSC deputy director for economy and society.

“If you spot a suspicious email, report it to us or, if you think you’ve fallen victim to a scam, report the details to Action Fraud and contact your bank as soon as you can,” she added.

SEE: Ransomware victims aren’t reporting attacks to police. That’s causing a big problem

Other tips the NCSC recommends for staying safe online while making Christmas purchases include keeping accounts secure with two-factor authentication as well as looking for the closed padlock in the browser’s address bar of the payment page on a retailer’s website. The padlock icon doesn’t guarantee that the retailer itself is legitimate, but it at least means your connection to it is secured. 

Retailers are also being urged to play their part in helping consumers stay safe online in the run up to Christmas.