Stay Safe
While Christmas Shopping Online

Online shoppers lost €18.20 million last Christmas, due to online shopping scams. This blog post is to help you avoid falling victim to the cyber criminals that are silently hovering around payment sites this Christmas.

Is the website genuine?:

You may feel sudden relief when you eventually come across that exact present you’ve been searching for, but is the website genuine and reputable?
  1. Have you accessed the website via an ad or a pop-up? This is a typical route hackers use to take advantage of last-minute, rushed shoppers, so take the time to search the official URL of the retailer. 

  2. Is there a small padlock symbol on the top left hand side of the site, before the URL? If not, do not purchase from this retailer. The padlock symbol means that the site is secured with a digital certificate, in other words, any information being sent between your browser and the website is secure and cannot be intercepted or read by anyone while in transit. 

  3. Does the URL read HTTPS or HTTP? If there is no ‘S’ it means it is not secure. Websites that have this ‘S’ means that it encrypts your data, hiding it from hackers.

Monitor your bank account:

  1. Check your bank account immediately after you make an online purchase to ensure that the amount you agreed to pay is what you were charged. 

  2. Check your bank account regularly to remain familiar with all transactions listed. 

  3. Monitor your account for any irregular activity during and after the shopping season. It may take time for your details to be used by an attacker so glance through your transactions and make sure that the amounts charged are correct and make sense to you. If there is a transaction listed that you cannot account for, contact your bank immediately. 

  4. If you receive an email or a text asking you to confirm a payment with a bank you are not a member of or a retail entity that you did not make a purchase with, do not engage with it. This can install malware on your device and will enable cyber criminals to steal your personal data. Using that data, they can impersonate you, log into your accounts, change your passwords and possibly transfer money. This can install malware on your device and will enable cyber criminals to steal your personal data. Using that data, they can impersonate you, log into your accounts, change your passwords and possibly transfer money.

Legitimate or Illegitimate Communication:

A dangerous situation to be in is receiving an email or a text from a bank that you are a member of, an online retailer which you recently purchased from, or a well-known retailer, asking you to confirm a payment or update your password. This is a situation where your guard may be down. You might remember making a recent purchase with the retailer, or you imagine it’s in regards to a past payment with a well-known retailer. This is when a lot of people can be caught out, simply because we trust brands that we buy from and the entities we are members of. To identify whether the communication is legitimate or not:
  1. Look out for inconsistencies, spelling and grammar mistakes in the message. This is not fool-proof however, as some cyber criminals use native speakers to write their phishing messages. 

  2. Is there a sense of urgency in the message? This is often used to encourage, and hurry the recipient into responding and following the demands in the message.

  3. If there are links embedded in the email, hover over that link and assess what website address pops up under your cursor. If the email is claiming to be from ‘The North Face’ for example, but the address that pops up is nothing related to that company, this is a red flag. Do not click on the link or open any attachments and delete the email. 

Do not shop on public WiFi:

Using public WiFi is an open invite for hackers. Public WiFi is often unsecured and unencrypted making you vulnerable to hackers waiting to pounce and steal your personal information such as your email address, mobile number and credit card details etc.

If you must use public WiFi, invest in a ‘Virtual Private Network’, a VPN. This is a tool that gives you privacy and security, keeping your data safe on public WiFi. You can get free trials of a VPN but this should be something you invest in anyway, VPNs cost anything from €4 - €10.

Happy Christmas and safe shopping from all at ICTTF.

Ella O’Neill is a Cyber Security Researcher Intern at ICTTF.