Think securely and enjoy online shopping this Christmas

Perhaps one may have read Dr Seuss’ book ‘How the Grinch Stole Christmas’, published in 1957 or viewed the related American Christmas comedy film released in 2000. It is about a misanthropic creature who despises Christmas and wreaks havoc upon a village during that time of year. The story plot has a happy ending, with the creature reconciling with the villagers and returning their gifts.

More and more people are increasingly heading towards online shopping to purchase gifts for Christmas. Increasingly too, there are lots of Grinches who wish to wreak havoc even during the Christmas period upon online users. And unfortunately, there are no happy endings in sight for such situations.

There are a number of tips however that would be beneficial if one were to keep in mind during online shopping.

Securing devices before getting started

Firstly, it needs to be ensured that the devices have anti-virus software that is kept updated and that is running in the background. Software that includes anti-phishing and firewall protection should minimize the risk of cyber criminals stealing sensitive data. Secondly, device operating systems and software applications need to be updated with security patches and other updates as necessary. Security patches issued by operating system and application vendors intend to fix security vulnerabilities that cyber criminals may already know about or are likely to find out about soon. Hence it is important that any security patches are not postponed and are carried out on devices at the earliest and often, following related alerts by the vendors themselves.

A security conscious frame of mind

Developing and applying good password habits, when required to do so, is always a good practice. Hence it would be best that unique passwords that are hard to guess, potentially being long and complex as possible but easy to remember, are used. Of utmost importance is that the same password is applied to various Websites. If hackers get to one password, they are likely to try it on all the other accounts. A password manager that will come up with a unique password for each Website automatically may help.

One best way to gain the attention of potential online shoppers is with an attractive, stunning price or perhaps a free offer. However, as the Maltese saying goes ‘Xejn m’hu b’xejn’ – ‘Nothing is for free’ unless there is some catch somewhere! Care should be exercised with offers that are too good to be true as they may serve as baits by cyber criminals to lure innocent shoppers into some form of scam.

Additionally, one must be wary of clicking on suspicious Website links or of login links on emails. An email urging a user to click on a link, to login to an account, to change password or something similar, may potentially be a ploy by hackers to lure the email recipient onto a fake Website that will look exactly like the real one, except that it will serve as a means to gain access to sensitive information. Such emails are not to be relied upon. Any checks required for online shopping transactions are best to be carried out by the shopper, by opening the browser and browsing at the Website accordingly.

One recommendation is to shop only on secure Websites. A key question is whether the Website address makes sense. However most importantly one must look for the padlock in the address bar and look for https: rather than http: at the front of the URL.  A URL that starts with https: means the Website uses an encrypted or secure connection. Most major Websites nowadays use https: Caution should therefore be exercised if a Website is asking for personal information but it does not have the padlock. It needs to be borne in mind that personal information such as a personal contacts list, location, games liked, has value. Thus, divulging personal details to every Website visited is to be avoided. Thought must also be given about who gets the information and how it is collected through the software applications used on devices.

Ultimately, it would still be highly risky using a secure Website but making purchases over a public or open Wi-fi. One might be tempted to purchase a hard-to-get item online right away. However, browsing through open Wi-Fi hotspots, exposes one’s personal data to the risk of it being stolen by cyber criminals, given that they are unsecured and thus being prime targets for hacking. It would be better to wait until a secure internet connection is available.

Clever shopping

One of the most important things to do when shopping online is verifying that the shopping outlet has a persistent credibility. It is not excluded that although an online store may have a secure padlock on its Website, it may still take advantage of its potential clients and engage in scams. Imagine purchasing an item with a promised delivery date. However, the wrong item is received or it is never received at all! A swift online search on the prospective online shopping store may save time, money and disappointment particularly in the Christmas shopping season. It may reveal reviews of the online store, including consumer feedback and ratings. One may think twice of shopping with outlets having scant or no information at all in this regard!

When purchasing, it is always a good idea to shop on sites having safe and secure payment systems. If it is not an option, and one would still wish to pursue the online shopping, then it may be better to use credit cards rather than debit cards, and preferably those having low limits.  Moreover, Ii is never wise to email credit card details, in case the credit card won’t go through, even if in perfectly good faith the seller asks to do so accordingly. The email could end up in the hands of cyber criminals, even if the seller handles it with care once received.

Ultimately it is always important that personal bank statements are checked regularly, especially after conducting an online purchase.

Watch out on delivery

During Christmas time, it is highly likely for one to receive purchased items online through delivery by a courier company. Cyber criminals are aware of this and may send fake emails about fictitious delivery problems with the intention to draw unsuspecting shoppers into their malicious Website links or requests for sensitive information through emails. Should one wish to check the status of a delivery, the best thing would be to personally look up the courier organisation’s contact information and contact accordingly.

Final recommendations

Rather than become a victim of a shopping online scam, one should always adopt the same practices one would normally apply to conventional purchases; such as keeping documentation of online purchases like the order confirmation until the order is received. Moreover, it is always suggested to log off from the online seller’s Website after concluding the purchase.

One final note to always keep in mind: In the world of cyber space, online ‘Grinches’ multiply as more people connect and interact on the Internet. Although there is nothing to stop this behaviour, extra measures can be taken to safeguard the personal wallet and prevent from becoming their victim. Ultimately, cybersecurity is an ongoing concern, not just in Christmas time!

“It is crucial for the public to be educated and well-informed on the possible cyber risks”

The Parliamentary Secretariat for Financial Services, Digital Economy and Innovation said that it is crucial for the public to be educated and well-informed on the possible cyber risks that exist on the net, hence more emphasis is being done on the measures that individuals could take to enhance their digital security. Cybersecurity is of national interest and it is crucial to know the knowledge that is out there amongst the public and private sector.

Malta’s technological advancements has put Malta on the map, therefore it is important to continue strengthening our already strong ICT infrastructure and to adequately adapt to protect citizens in the digital era. MITA’s intensive campaign will reach various strata in the Maltese society.

The Maltese Government’s ambitious digital vision is resulting in the need for more talent and to upskill our already strong work force. Whilst experiencing the highest economic growth, the Maltese economy is continuously evolving, hence the skills that operators look for are changing. This calls for a coherent strategy with the participation of stakeholders and businesses to understand the digital skills the industry is looking for whilst encourage future generations to pursue a career in this sector.

Written by Dr Keith Cilia Debono, MITA Consultant on Cyber Security Programme

Back to Articles List