Cyber security comment: protecting shoppers from online scams over the festive period
December 2023 by Rob Pocock, Technical Director at Red Helix
Rob Pocock, Technology Director at Red Helix, comments:
“The festive season tends to lead to increased online shopping activities and with many feeling the pressure to have a ‘perfect Christmas’, online sales events may prove to be yet another opportunity for scammers to exploit people’s eagerness to grab a bargain and save some money. The combination of bright colours, countdowns, and offers everywhere can make it difficult to detect online attacks, such as brand spoofing and social engineering. Worryingly, Action Fraud reported in 2022 that victims of online shopping scams lost on average £1,000 per person.
“With the growing popularity of online shopping, consumers need to be on high alert for any indications that they may be handing over sensitive details to an unreliable source. Things like a suspicious looking web address, unusual payment methods, and poor grammar are just some of the tell tail signs to look out for.
This needs to be supported by retailers who are showing their commitment to protecting their customers by deploying security tools and implementing steps and measures to protect their customer’s online safety. It’s also important that companies take extra measures and steps to ensure their websites are protected, otherwise a cyber attack can cause significant financial loss and reputational damage to brands. There are, however, simple steps retailers can follow to prevent the peak season from becoming the most dangerous time of the year online. For example, Brand Indicators for Message Identification (BIMI) help display the brand logo alongside emails to customers, providing them with a sense of security and recognition of the email sender. Retailers also need to secure their domain; otherwise, unprotected domains can increase the opportunity for fraudulent lookalike domains to be created. By deploying Domain-based Message Authentication, Reporting & Conformance (DMARC), it allows retailers to protect their domain from unauthorised use, ultimately preventing the risk of domain spoofing. Combining this with updated security certificates, and a secure and protected supply chain, it diminishes the risk of social engineering and supply chain compromises.”