Shopping at Christmas

Submitted by aburrows on Mon, 05/12/2016 - 10:13

One of my big bug bears is phishing websites. Especially at this time of the year, when you're doing the last minute hunt for deals and you get caught out by fraudsters which could potentially ruin your Christmas.

Who wouldn't think that 50% off at Superdry for example would be to authentic.

The reason for this article is what @surreypolice twitter put out.

Online shopping for gifts this xmas? 📱👠 Our #ElfOnTheShelf is #SmartonSecurity! Look for the https before the website address you buy from 🔒


This albeit is almost correct there are things that need to be noted.

  1. Anyone, anywhere can get an SSL certificate (Symantic, Rapid SSL, Comodo) - this does not confide that your website is authentic is secure. All it does it add an extra layer of security and encryption to data sent and stored on the server. This is not hackproof!
  2. If you are unsure of the website do not visit it, instead copy the URL (website address) into google and search for it. 9 times out 10 you'll come up with results saying this is a phishing site or fake.
  3. Check that if its from an unofficial source that you check the official website to see i this is deal is on or available elsewhere.
  4. Check for grammer, phishing emails tend to have a lot of bad spelling that does not make sense.
  5. If it appears to good to be true then don't buy on the site.
  6. Look for accredited icons on the site, if its approved by the payment merchant then you will be able to click on the icon to bring up, up to date urls.
  7. Don't transfer £100,000 to the prince of Nigeria.
  8. Pay using a payment merchant (PayPal, WorldPay, SagePay) if available on the website - these type of websites have to physically be reviewed by the merchants and have to past a strict set of rules in order for the website owner to use them.
  9. Always pay online using a credit card - the bank fraud systems are very smart and can identify fraudulent websites and transactions.
  10. If in doubt don't purchase anything off that site.

Some websites do look authentic, and as a developer i can spot the more authentic looking ones usually by code review/comparison, but I can understand that this is hard for more vulnerable people to do.

Always think that if you sign up to a website, that the owner of the website could have your personal details, and this could bring on identity theft. 

Happy to answer queries on websites in comments below.