Beware this phishing scam at Christmas

Rights, Scams and Politics

01 December 2011 | 21 Comments

If you're shopping online this Christmas, watch out for this costly phishing scam...

Millions of shoppers will be gearing up for the annual Christmas blow-out - and this year, like last year, the majority of our spending is likely to be done online. 

Consumer watchdogs have warned consumers to be on their guard, with bogus websites that look like legitimate versions of those of our high street giants continue to pop up. Shoppers have also been warned about the number of websites selling counterfeit goods or items that fail to arrive, which typically target users via email.

This type of scam is becoming increasingly sophisticated - but fortunately there are a few tell-tale signs to help you spot them and keep your money safe.

Beware email offers

According to online payments service PayPal, the majority of UK shoppers still don't cover the basics of shopping securely online and could leave themselves open to so-called 'phishing' attacks during the festive period. 'Phishing' is a crime that sees criminals send out emails designed to capture information - most typically credit card numbers and personal data - that can be used to commit fraud.

Users receive emails purportedly from major retailers, offering exclusive offers or asking users to check on the status of a purchase. Typically, these are bogus and the information you submit is used to defraud you.

Your first step should be to check the spelling of the web address or URL - many of these sites have misspelt or subtly changed names. For example, the official Abercrombie & Fitch store can be found at www.abercrombie.com - but a Times investigation found three unofficial websites in existence to lure unwary shoppers.

To further protect yourself, be wary of all unsolicited emails, even if they appear to come from a trusted source. Set your email junk filter to 'high' to ensure any bogus emails don't make it to your inbox. Never click on a link that has been emailed to you - type the address into your browser yourself. Ensure all your internet security software is up to date and upgrade your web browser as well: the latest versions of Internet Explorer and Firefox contain built-in anti-phishing protection.

If you do fall victim, contact your bank immediately to limit any fraudulent use of your account. In most cases, your bank will refund money you lose in a phishing attack.

Look for the padlock  

Of course, offers sent by email aren't the only way fraudsters try to lure unwary shoppers - and many of us could alight on a bogus website simply by miss-typing the web address into our internet browsers. Fortunately, there are other ways to ensure you stay safe.

Before entering sensitive information such as your credit card details into any website, it pays to check that the data will be properly protected. Whenever you make any online purchase, make sure that the web address starts with 'https://' as opposed to the usual 'http://' - the 's' in this instance stands for secure. All reputable retailers will provide a secure web address for purchases.

You should also look for a small padlock either next to the web address or in the bottom right hand corner of your browser (or top right for Apple Safari users) - this shows that the security of the website is verified by a third-party security agency, typically VeriSign. The padlock ensures that your information will be encrypted to ensure hackers or other web users can't access your details.

One final thing - don't be fooled by a padlock that appears on the web page itself. It is possible for a fraudster to copy the image of a padlock. You need to check that it is in the window frame of the browser itself.

More ways to stay safe

You will receive a degree of automatic protection by keeping your internet software up to date. On more recent versions of internet browsers the address bar will also turn green - this confirms that the website is safe. It's also worth ensuring any internet security software or firewalls you may have are also updated regularly.

In addition, banks are doing their bit to help consumers by allowing customers to sign up for added security. You can register your credit cards (depending on your card provider) with either MasterCard SecureCode or Verified by Visa. Both these systems work in the same way - by using personal passwords to an extra layer of protection when you buy online. Find out more at consumer website Becardsmart.org.   

Finally, always rely on your common sense when you're shopping online. Make sure you always shop with names you trust and if you're unsure, look for some contact details in the real world. Does the firm have a registered address or consumer helpline? If not, steer well clear. And - as with all scams - bear in mind that if an offer seems too good to be true, it probably is.

How to spot a bogus site

If you're ever in the situation where you're concerned a retail site or, indeed, any other type of website may be bogus, an easy way to protect yourself is to consult other lovemoney.com readers using our Q&A tool. Simply post the details of the site into the question and ask other lovemoney.com members for their opinion about whether it's a genuine site. You'll soon discover whether or not you're alone in your suspicions!

This is a lovemoney.com classic article, originally published in November 2010 and updated.

More: Get a 0% credit card | Government failing to protect us from scams | The dangers of using Paypal

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.