Cath Goulding
CISO
It’s that time of year once again. The evenings are drawing in, the temperature is plummeting, and Christmas looms on the other side of Black Friday, the best day for deals in the calendar; tis the season for spending (or so the retailers would have us believe!).
Despite having started in the US, the shopping phenomena of Black Friday is now firmly part of the UK mindset and increasing numbers of us are chasing these seasonal deals online. On Black Friday in 2018, online shoppers spent £1.49bn – a rise from £1.39bn in 2017 – with online spending exceeding 20% for the first time. By comparison, in-store retail spending dropped 7% year on year [Office for National Statistics].
These trends aren’t surprising, as shopping online is undoubtedly the convenient option for many of us today – indeed some of the best deals are only available on the internet. That said, we mustn’t forget that this also makes us vulnerable to the swarms of cyber criminals who see Black Friday sales as the ideal opportunity to prey on the eager, taking advantage of those who are sometimes more keen than careful.
As a cyber security expert, I would suggest we all shop with an element of suspicion this year to make sure it is not a successful season for the criminals. In my role as CISO for Nominet – the registry for the .UK domain – I have full visibility of the type of methods criminals use to manipulate consumers and ensnare those who aren’t wise to their ways. I can also reassure that my team and I work relentlessly to clamp down on the cyber criminals operating across our namespace. We do all we can to play our part in safeguarding the security of the national internet namespace so you can shop in safety.
One of our methods is Domain Watch, an anti-phishing initiative that uses a combination of automated and manual processes to catch suspicious domains at the point of registration. These are often domain names that mimic national banks or brands (e.g. lloydsonlinebanking.save.uk) or have intentional typos in familiar addresses – HMRC is a common target – which we know are used to launch phishing attacks. Since the inception of Domain Watch in July 2018, we have suspended over 3,000 domain names and are constantly refining our process to reduce false positives.
We also work collaboratively with law enforcement to remove domains that are being used for criminal activity and have recently published our annual report that demonstrates just how successful this work has been. In the past 12 months, we suspended 28,937 domains, a drop from last year when we suspended 32,813. The numbers may sound vast, but the total suspensions for this recent period represents just 0.22% of the more than 13 million .UK domains currently registered – the namespace is largely honest.
That said, internet shoppers shouldn’t take anything for granted because cyber criminals are relentless and manipulative, tapping into human psychology for means of taking advantage. Before you start spending this season, read and remember my five top tips for a better chance of emerging from the sales with an intentional gap in your bank account – and a smile on your face.
Don’t use email links – go direct to websites
Criminals will be peppering our inboxes with fraudulent deals and links to a site under their control. If you want to shop, type the website into internet explorer manually and check the domain name (website address) you access to ensure you are visiting the authentic retailer.
If it sounds too good to be true, it probably is
Never was this old cliché more apt then when it comes to cyber criminals and spending. We all love a deal, as criminals well know, so they will use this season to tempt us with incredible prices. Question bargains closely and be suspicious of anything that sounds too good to be true.
Use complex, unique and different passwords for all your accounts
This is good advice for digital life in general, but healthy password habits are especially pertinent during shopping time, especially as recent Nominet research found that only 61% of people changed their passwords after a company they had an account with was breached. Use passphrases to create long passwords which are easier to remember, such as iloveyogasessions – you can add in symbols and numbers to make it more complex. If you struggle to remember all your passwords, use a password app like LastPass rather than writing them down.
Shop over secure Wi-Fi
While it’s great that public Wi-Fi is available so widely, it isn’t advisable to spend money over a public network as they could be infiltrated by criminals. Even if you access an authentic website and pay securely, criminals could intercept the Wi-Fi signal and potentially make off with your money. Stick to spending on secure, known Wi-Fi networks, such as the ones we have at home or in most workplaces (if you’re not certain, ask your IT department).
Use your credit card when shopping online
Credit cards are a more secure means of spending as you can verify all your transactions for a second time before you settle the bill. This gives you an opportunity to identify fraudulent transactions before you part with your own money.
There is no reason not to enjoy the sale season and pick up some bargains when you shop online. I will be doing so…but I will also be taking care, following my own top tips and shopping with a healthy level of suspicion to avoid becoming one of the thousands who fall foul of the criminals each season. Will you join me?
