The first Advent weekend marked the start of the most anticipated season of the year for most traders. However, the growing popularity of online shopping and people's desire to spend also creates a breeding ground for all kinds of fraudsters who, in the midst of the Christmas shopping frenzy, try to get access to customers' sensitive data or directly to their bank accounts. Cyber attacks have increased rapidly in the last two years - according to experts, this is an increase of up to tens of percent. This is largely due to the coronavirus pandemic, which has caused people to spend much more time online. That's why Alza, together with its IT experts, compiled 10 simple tips on how to avoid virtual traps and enjoy a peaceful online Christmas with everything.
Almost everyone has encountered e-mails and SMS messages inviting a fantastic win, easy earnings, or encountered fake websites imitating established companies or banks. The so-called however, scams or phishing are becoming more and more sophisticated and are no longer just emails from dubious addresses written in bad Czech (although this is also one of the most common warning signs of fraud).
Data from multinational companies dealing with cyber security shows that the number of phishing attacks has increased significantly in recent years, e.g. the platform PhishLabs states that in the year-on-year comparison of 2021 and 2020 it was a full 32%. The most common targets of such attacks are the financial and banking sector and social media, but e-commerce is also not avoided.
"This year alone, Alza faced several phishing attacks that abused the good name of our company. The last time we noticed such attempts was a few days ago, when thousands of people received SMS with information about unclaimed winnings from our e-shop. At the same time, the contained link led to a fraudulent website that tried to lure people with their payment card details under the pretext of paying postage for the delivery of the promised prize," describes Alza.cz IT director Bedřich Lacina and adds: "We always strongly warn against such messages and e-mails and advise customers not to respond to them in any way, especially not to open any links and not to enter their personal data on dubious-looking pages. Alza always transparently informs about all ongoing events directly on its website."
As a rule, similar SMS and e-mails are distributed most often during the Christmas season and at the time of discount events, when attackers rely on the fact that in the flood of various shopping and promotional incentives, people are not so vigilant. At the same time, it is not difficult to detect such fraud, it is enough to learn a few basic procedures on how to look at suspicious messages. E.g. 3 warning signs should immediately catch the attention of the recipient on these "winning" SMS: linguistic inaccuracy, a link leading somewhere other than the e-shop website and, moreover, pointing to a dubious insecure domain, the absence of https should already warn us. Alza.cz, like all trusted sellers, always informs about its official events on its own website or its official communication channels. However, attackers can mask the page address under an innocent-looking link, so it is recommended not to click on the links, but to rewrite the address manually in the browser or check where the link actually leads.
Another very common sign of phishing messages is prompt call to action. "We have drawn 3 winners and you are one of them, quickly confirm your win, time is running out!” Similar-sounding prompts, preferably with a countdown timer, are intended to make the person not think too much about the message. But that can cost him dearly. This type of message usually requires the "winner" to pay a symbolic handling fee or postage for the delivery of the prize, but if he enters his bank details after opening the link, he unwittingly gives the fraudsters free access to his account. Therefore, even if the incentive looks as bombastic as possible, never make hasty decisions and first look at it with a critical eye - if it's too good to be true, it's most likely a scam!
The same rules apply to fantastic looking internet ads, pop-ups and websites. Before you get lured by an irresistible offer or a supposed win, for example a new iPhone, always take a few deep breaths, exhale, resist the urge and focus on the details that will help you detect the scam. In the following case it is again suspicious URL, insecure domain, time pressure and questionable processing fee. No reputable e-shop should demand such a thing from customers.
Does the received SMS e-mail or pop-up window look really trustworthy and you hesitate to open it? You always are first verify the competition on the seller's page. If he promises amazing winnings, he will certainly like to boast about it directly on his website. Alternatively, you can write to the contact form or call the call center and ask directly.
However, caution when shopping online pays off choosing the e-shop itself. The Czech Republic is the uncrowned king in the number of existing online shops per capita, according to data from Shoptet from this August almost 42 of them operate in the Czech Republic. They can easily hide among such a large number fake e-shops, which entice the customer to pay in advance and do not deliver the promised goods. Therefore, before buying from an unknown online store, always check its operator and spend a few minutes on customer references - they can be found on reputable internet comparison sites or search engines. "Strange and non-transparent business conditions or even a limited range of payment and delivery options should be a warning sign. If the e-shop only requires payment in advance, vigilance is in order! The equation also applies: too cheap goods = suspicious goods," adds Bedřich Lacina.
At a time when all ours are important informace (payment card data, personal addresses, phone numbers, etc.) stored online, every Internet user should at least protect himself by making the possibility of theft as difficult as possible for increasingly sophisticated cyber attackers. It means regularly update all your electronic devices such as a mobile phone, PC, laptop or tablet and for logging into your online accounts choose complex and unique passwords (thanks to various password managers, it is no longer necessary to remember them all and they can be safely shared, e.g. even within the family for joint accounts). Where possible, choose two-step verification when logging in, for example by sending an additional SMS code, and always buy over a secure network. With public Wi-Fi, you can never be sure who is really running it and if they can't read all the data you send over it. Therefore, for transactions of all kinds, it is better to use a secure home or business network or a mobile hot spot.
Online shopping is a welcome way to avoid the crowds and buy gifts stress-free from the comfort of your home, especially in the run-up to Christmas. However, the Internet has its own specifics and, compared to brick-and-mortar stores, there is a much greater risk of encountering fraudsters and losing your sensitive data or, worse, life savings. And although security companies are trying to come up with more and more sophisticated ways of securing and protecting data, unfortunately, cyber attackers are keeping up with them and will probably continue to do so in the years to come. So be vigilant so that you not only enjoy Christmas in peace and comfort. Just stick to the following ten:
10 tricks to outwit internet scammers
- Be aware of phishing SMS and emails - look out for warning signs such as unknown sender address, poor language level, suspicious fee or links to unknown sites
- Do not click on these links and never enter your personal or payment information on unverified sites
- If you are unsure, you can check the link using a publicly available database such as virustotal.com
- Buy from verified merchants, their customer reviews and the experiences of acquaintances can advise.
- Update all your internet connected devices regularly
- Use strong and different passwords for each page or user account
- Where possible, choose two-step verification when logging in, for example by sending an additional SMS code
- Shop on secure networks, public Wi-Fi is not suitable
- For online purchases, consider using a credit card, or set a limit for online transactions on your payment card
- Pay attention to Internet Banking messages and regularly check your account for anything suspicious.
