Don’t get more than you bargained for

Don't get more than you bargained for

By Gerry Grant, Chief Security Officer

It’s that time of year again when our email inbox gets flooded with special offers and not to be missed deals. That’s right, the Boxing Day & New Year’s sales are upon us again and there can be lots of bargains to be had. But, it’s also the time of year when scammers and cyber criminals know that lots of users will be at their most vulnerable to things like phishing attacks.

Don't rush into clicking

Attackers are well aware that sales periods increase the chances of getting a user to click on a link. The majority of phishing and scam emails work on a sense of urgency. The rest of the year, the criminals need to try and create that sense of urgency themselves with luring subject titles and emails worded to make the recipient panic and click a link or download a file. Post-Christmas however, the retailers and media are creating that sense of urgency by telling us that these special offers are for a limited time period only. In our rush to bag that must have bargain before it’s too late, we are more likely to believe an email from a criminal offering us a ‘great’ deal. Regardless of how good an offer appears to be, make sure that you don’t rush into clicking the links in emails or text messages for that matter. Open up a browser window and visit what you know to be the genuine website.

Double check the website address

It’s also a wonderful time of the year for criminals to be setting up what looks to be genuine websites in an attempt to either harvest details from users or to take payment for fake or non-existent products. It is important that you check that you are on the correct page before purchasing anything or entering any details. Look at the URL (the address of the webpage) that you are visiting to make sure that it looks genuine. The best way to do this is to read it from back to front. For example, out of these three URLs, which one do you think is genuine?

  • mobile.facebook.com
  • facebook.mobile.com
  • facebook.fakebook.com

The only one of the three above that would take you to the genuine Facebook site would be the first one. The other two would take you different sites.

A URL can be broken down into different parts; sub-domains, domains and top-level domains. The Top-Level Domain (TLD) is supposed to tell you a little about the site and is the last part before any /. For example, .co.uk is a TLD that indicates that the site is probably based in the UK. In the above example the TLD is .com. The part before the TLD is the domain. This is the actual website that you are visiting, in the above its Facebook. This is the section that you really want to check. The first part, or the sub domain, can be made to look like anything.

What do the reviews say?

Even if you are on what looks like a genuine website and the URL looks good it is always worth checking for reviews on the website to make sure that their customers are happy. Have a look and see if you can find any links to social media pages and check them for reviews as well.

Even though there are bargains to be had, and time might be limited, always do a sense check. Is this deal really too good to be true? If it is then there is probably something fishy going on. (See what I did there?). Take two minutes to think before clicking any links and have a good look round a website before entering any details. Happy Shopping!

Stay safe online