This episode talks about the how to shop online safely.
Please forward any Phishing emails you receive on to firstname.lastname@example.org and any text messages on to 7726.
Our hosts today were Patrick, a Detective and Cyber Protect officer for the West Midlands Regional Cyber Crime Unit (WMRCCU) part of the West Midlands Regional Organised Crime Unit (WMROCU) and Demi the WMRCCU as an intern taking a year out from her University Studies.
Also, a member of the WMRCCU is
Hello and welcome to the cyber threat weekly. My name is Patrick and I'm a Detective and Cyber Protect Officer within The West Midlands Regional Cybercrime Unit, I'm here today with Demi.
Hello and welcome. I'm Demi and I work with Patrick on the cyber Protect and Prepare side of the Regional Cyber Crime Unit.
This podcast runs in conjunction with our newsletter, the Cyber Sentennial. If anybody listening to this podcast would like to be added to the distribution list, please use the contact details in our show notes, and let us know and we'll add you and send you our weekly newsletter.
Okay, today, like I mentioned, we were in conjunction with our newsletter, and our newsletter contains a number of items, and this week, one of them is online shopping. And online shopping is always an issue that we need to be aware of, and any potential vulnerabilities that we can be exposed to when I'm shopping online. However, unfortunately, we've got a number of additional issues that's worth bearing in mind at the moment. One, we're coming up to Christmas, of course. So this is very much seasonally focused, we're going to potentially do even more online shopping than we normally would. And secondly, we're unfortunately still dealing with this worldwide pandemic, so I think a lot of things that necessarily weren't done remotely, are now being done remotely, that increased the amount that we're actually doing, or me doing our online shopping. And I know that Debbie has done some research into this this week, and will be given us some of the facts and figures. What do we find out this week, Demi?
So I've been on Actual Fraud, which is a very useful website if you haven't been on it before. I found that during last year's holiday period, figures show that 17,407 shoppers fell victim to Cyber Crime and online scams. This amounted to a grand total of 13 point 5 million pounds lost over the Christmas period. And this was a 20% increase compared to the 2018 figures. And in light of pandemic, as you've said, the numbers of online shopping fraud as already searched. While online shopping is very useful and convenient I think it's something that most of us take advantage of. As with all aspects of the cyber world, it's important to be aware of the risks and dangers so you can do so more safely.
Thank you for thank you to Demi, you know, when you said 17,000. So was that reported? Or was that from research?
That was reported? The figures are on the Action Fraud website, if anyone would like to do further research,
During your research, have you found any like nice, short, sharp tips, people listening to this, that would be useful for them to know.
Yeah, and I think these tips can be used, you know, not just during the Christmas period, because, sadly, online scammers and Cyber Criminals are a all year round thing.
So some good tips are always check that the site is genuine before you add any personal information, including financial information.
One way to do this, which is quite simple, but effective is to pay close attention to the URL. If you're looking for things like misspellings or numbers where they shouldn't be maybe a full stop where it doesn't really make sense. That's usually an indicator of a fake site. It's actually best practice to type in the site you want onto your search engine like Google or Bing if use that rather than clicking a URL, just because these URLs can look so similar and these sites can be set up to look almost identical to the real thing.
You know the the URL is actually a thing called typosquatting. An L can get replaced for a one or a capital I can get replaced for one. If you want to know more than just Google typosquatting.
That's such a good point, because even if you are paying attention, and I in an L can look almost identical or maybe like an I and a one, they can be almost indistinguishable, because usually the writing is really small, so that's definitely one to pay attention for.
Another handy thing to look out for when it comes to URLs is the https. If look for the S that stands for secure, there'll also be a padlock icon usually shown somewhere. So this means that the page you're on is secure for payment, though it's a tricky one, because even though that the site or the pages secure, it could still be run by scammers. It's something to look out for but it's not something to 100% Trust.
With regards to the HTTPS and the secure locker. You're quite right to me that definitely definitely need to look out for absolutely run a mile if it don't see the lock and the HTTPS. But as Demi quite rightly said, unfortunately, the fake website can also be a secure website. So please bear in mind or the first thing that Debbie said and considering the lack of HTTPS, you'd have to say okay, it's got a lack of HTTPS, but I'm going to look at for the typo squatting tactic.
Another good tip is to never pay for goods by a bank transfer, if you don't know the person or the company, and even if you do know that there's another company, still be wary. Because if the exchange turns out to actually be fraudulent, it's likely that your bank will not be able to recover the lost money.
As always, you should be vigilant of phishing emails, and avoid opening any links or unexpected email attachments. Even if they promise brilliant deals or bargains, they could still be fraudulent and usually they have some sort of urgency about them. So it makes you want to click without thinking. But these could be very malicious links or lead you to malicious websites. Again, with links is adverts. I know from personal experience, someone in my family clicked a Facebook advert for a well known jewellery brand. And it looked insanely legitimate, you would never believe that it wasn't, but it was, in fact, a scam website and sadly, that person lost some money. Thankfully, the bank was able to intervene, but that is not always the case. So I'd recommend avoiding any links or attachments. If in doubt, just go to the website because the deals won't be there.
Phishing is something that I talk a lot about. I know anybody who's heard me speak on this podcast and potentially been present during one of my presentations it is something I constantly banging the drum of, because when it comes to like ransomware attacks 91% of ransomware attacks begin with a spear phishing email. But phishing in general, or as old as it is, is not going anywhere and is constantly evolving. And we have to be super careful all year round. But sadly, with the increased traffic around this time of year, and sadly, as we said, along with this pandemic we're currently in, you have to be even more careful, it's almost like its ramped up even further, I can't stress enough the dangers phishing can pose.
And when we talk about phishing is usually emails. but text messages can also be very tricky to navigate. I often get legitimate text messages off sites that I've subscribed to. But then you also get the fake ones mixed in with them, which will be very hard to distinguish, especially if you're just kind of not thinking and just wanting to see a deal or go to the site, so, that's another thing to be very vigilant off.
Yeah, a couple of things worth bearing in mind is when you get these emails, like Demi's already alluded to this amazing deal, and it's too good to be true. Well, that's exactly the usually the case, if it's too good to be true that it is not true. And if it comes right out the blue. Oh why are they sending me a deal? Oh, that's probably because they're linked to this company. One of the things you also can find is that there's spelling and grammatical errors within the email. But also, if you hover over that, do not click links within the email, you will see like say it's from supposedly from Amazon, and you hover over, it's a good chance to say something completely unrelated to Amazon, the real core of a phishing email is a sense of urgency, and a threat of some sort. So it doesn't mean you're going to get you're going to get hurt or anything's gonna get damaged, it just means that this is the best deal you're ever going to see. If you don't take advantage within the next four hours or 10 hours, even 24 hours, whatever it is, then you're going to lose out. Do you want to lose out type thing thats the sort of approach that they have, a sense of urgency, and a threat. You're going to miss out if you don't do it sooner rather than later.
Yeah, and there's sometimes I know, I've seen in these emails, there's like a countdown, just like this deal is going to go in, and it's coming down to seconds. But usually if we refresh the page, it just it just restarts.
Very true. That's really good point. Yeah, these countdowns, I should treat them with a huge pinch of salt. So we've covered the main thing we wanted to cover this week. Is there anything else about online shopping, you have for us Demi.
Another topic I think it's important to bring up is how we handle our new devices. Because I know around Christmas time is when a lot of deals happen. We may be you may get bought a phone, tablet, computer, whatever it may be. I think it's important to understand what you should do around that. Whether the device you've bought is new from a shop bought online, or second hand. It's always important that you ensure you protect your devices when trusted and secure software and others something that I say a lot but it is very important in protecting your devices from all manner of things. It's also important to protect your devices with passwords and backups to ensure that you don't lose anything important or sentimental. I know personally all my photos and everythings is on my phones if I lost that I'd lose so many memories and things. So it's very important to add that little extra security net. So if something does, unfortunately happen to your device, you've got your important things backed up and that goes for documents and work and anything you may have on your device.
If you buy or receive a second device, it is always good practice to perform a factory reset erasing any data from previous owners. And this along with a trusted and secure software can help protect your device from all manner of malicious software. Also, it is very important that you only download apps and games from the official App Store for your device. So on Android, I think this is Google pay. It's could be Microsoft Store or the Apple App Store. So it's really important that you know where you're downloading things from.
That's an extremely good point Demi, because of a couple of reasons. One, when you referred initially to the new devices, absolutely. But I think it's worth focusing a little bit on older devices, because of course, there's most likely these are purchased secondhand, because there's still a lot of life in them. The thing is, I couldn't agree more about doing the factory reset it highly likely a person selling will have done a factory reset. I would not for one moment, accept, okay, you've done a factory reset. So that's fine. No I would be doing it myself. And there's two reasons for that one, because you as Demi's already highlighted about potential presence of malicious software. But it doesn't bear thinking about if you've genuinely bought a second hand device, or received as a gift, a second hand device and it has potentially material which is actually of a criminal nature and of course we'd have receipts, and we'd have times and dates of transactions, all that type of stuff, and I get that. But you really don't want to go down that route. Because we want to from the start have a completely clean across the board device that was second hand. Because the other reason that it could be an issue is you wouldn't want to comfortably have the laptop in your home, and potentially the camera. My advice is always to cover up your camera when not in use. But let's say for example, your camera wasn't covered up who's to say there's not some sort of hidden software that is actually quite intrusive and even used to spy on people. That is unfortunately a real risk. As Demi rightly said, buying a new device, you need all the recognised brand names for your antivirus follow the National Cyber Security Centres advice, Action, Fraud, CyberAware when you get a new device. Things that you should do, for example, often get on a new device, you get an admin account and a guest account, the guest account needs to go and needs to be deleted. Because that's only there, and it's wide open, couldn't be more open, and it allows potentially, for people to manipulate their level of access via the guest account. So you need to get rid of that. And I fear that the admin username and password could most likely be username and password. Please change this, even a good username and password. It will be default and like the router in your homes. When you get your router, you change the default password and Wi Fi name.
I don't really have anything else to say there. I think Demi is covered very important issues and we may even revisit this again before Christmas because I just think it's such a generally important thing but also the time of year and on top of it. The current situation we all find ourselves in with constant lockdowns and tier three and tier two's we will be doing more and more purchasing. I've got nothing else to say. I don't know if anything else has come up for you, Demi whilst I've been talking there?
No, I think that's all from me. I think I spoke enough.
Yeah, I think you and I both I think they'll be looking for the the countdowns of time left on the podcast, now.
As we've said, we are the Regional Cyber Crime Unit. There'll be various things in our show notes to assist, but if anybody does want any more information, awareness, guides, education in anyway, workshops, please don't hesitate to contact us on their details within our show notes to protect and prepare yourself and your business online. Thank you very much and goodbye for now.