With the festive season around the corner, it's a great time to brush up on how to shop safely online. Online fraudsters will utilise the popularity of events such as Black Friday, Cyber Monday and Christmas as they know there is an increased level of online activity, and once you get into the groove of Christmas shopping, it can be easy to miss some of the tell-tale signs of fraudulent activity.
We've compiled this guide on what you should be looking out for as you browse online. Fraudsters can attempt to gain your information or lead you to take an unsecured action through many means and platforms, so make sure you're thinking about the trustworthiness of everything from an email to the website you visit.
When you visit a website, there can be some signs that it isn't a safe place for you to be visiting. Websites may act as a front to obtain personal information about users and can even play host to malicious software that affects your device. If you're savvy as to what to look out for and proceed with caution when browsing online, you can do so in confidence that you're not at risk.
Although it may sound like every website could pose a risk, this just isn't true. Most of the websites we visit are from trusted retailers or established companies. These websites have to be secure for the company to succeed and be trusted, so you shouldn't put your focus on the websites from brands or companies you know, but rather on those you may have never heard of. You should be aware that some people will try to mimic the website of a large company, but these can usually be pretty quickly sussed out. Some search engines will show a warning when you try and visit a website. In these cases, if you're in doubt, do not proceed.
An SSL certificate, or Secure Sockets Layer, is a digital certificate that means any users connecting to a website will have their information encrypted. They're commonly used on websites that require you to enter personal information, such as eCommerce or marketplace platforms, however, most established business websites will have an SSL certificate. If a website does not have an SSL certificate, it means that your personal information is potentially at risk.
It’s very easy to find out if a website is encrypting their information, the clue is within the URL of the page itself. Follow these steps to find out:
For example, the website address of this page may only appear as ‘ukpostbox.com/blogs/safe-online-shopping’. But if you copy and paste the address, you’ll be shown: ‘https://www.ukpostbox.com/blogs/safe-online-shopping’, confirming that an SSL certificate does exist.
Top tip: Ensure you’re using a secure browser such as Google Chrome or Safari. They will show you additional information (such as a padlock) to confirm whether a website is secure to use. If you’re using an unsupported browser and a website has an SSL certificate, it does not necessarily mean it’s safe to use.
The content on a website is also an excellent way to uncover whether a website is legitimate or if you should be cautious. Look out for the following 3 things:
Top tip: paste the website address into Google and see if it matches the company it is claiming to be. If nothing appears, then it may mean that their business isn’t registered at the address they claim it to be.
If a website plays host to online advertisements, this isn't a reason to worry on its own. Many websites will generate all of their income through adverts alone, but it's how the adverts look, where they're placed on the page, what happens when you interact with them and the destination of the ads that should be looked at.
If in doubt, do not click an online advert and leave any website you do not trust.
Customer reviews are a fantastic way to judge the trustworthiness of any online business. There are many third-party unbias review websites that are diligent in ensuring only legitimate reviews are posted on their platforms. For example, reviews from Trustpilot, Tripadvisor and Feefo can be trusted, and if a business has reviews in those platforms, you'll be able to judge whether a site can be trusted.
Just bear in mind that some new companies may not have any reviews yet, and if everything else on the website looks legitimate, a lack of reviews shouldn’t deter you from shopping with them. Keep an eye out on obvious paid or fake reviews; they’ll generally be posted by new accounts that leave the same review with little to no word/content changes.
Most online retailers will have social media profiles as it helps them to reach new customers, allows them to advertise on multiple platforms, and it can be used as a communication tool between the business and customers.
Not every company will have a social media profile, especially if they're very new. However, taking an extra step to see if they do have them can help to give you more information on whether they appear fraudulent or legitimate.
Fraudsters send phishing emails in an attempt to collect your sensitive information, usually relating to a business they are pretending to be. For example, you may receive an email from a fraudster who appears to be from Paypal. They will ask you to visit a website they've created that looks similar to Paypal, however, you won't be able to log in successfully, and the fraudster can access any information you used. Banks and payment processors will never ask for personal information in an email, but this is commonplace in Phishing emails. Be especially wary if you email is pressuring you into a sense of urgency and claim that an action will be taken against you if you don’t comply in a set time period. Phishing emails can be extremely dangerous as they often seek to obtain financial information. However, they can be easily spotted if you know what you're looking out for:
Fraudsters may purchase email lists that provide them with contact information for many people, including their email addresses and names. This can make it easier for fraudsters to appear as if they know you, or they’re contacting you in relation to something you have an interest in.
You should bear in mind that GDPR requires all companies operating within the EU to obtain consent from a customer before contacting them with marketing emails. So, if you’re contacted by a company you don’t recognise and you’re sure you haven’t opted to be contacted by them, you should be wary that they’re not complying to GDPR and may be fraudulent.
One of the very first things of every email to check is who it's from. This information will appear at the top of your email message, meaning that it can be quick to determine whether an email is secure. Look out for the following:
Top tip: In some cases, fraudsters may hack a companies email account making it difficult to judge whether it’s secure.
Fraudsters may purchase email lists that provide them with contact information for many people, including their email addresses and names. This can make it easier for fraudsters to appear as if they know you, or they’re contacting you in relation to something else.
You should bear in mind that GDPR requires all companies operating within the EU to obtain consent from a customer before contacting them with marketing emails. So, if you’re contacted by a company you don’t recognise and you’re sure you haven’t opted to be contacted by them, you should be wary that they’re not complying to GDPR and may be fraudulent.
Another clue to look out for in phishing emails is the content of the email itself. Fraudsters will have a generic email that is sent out to thousands of targets which means they'll be void of any personalisation. Emails that are discussing sensitive information and account details are likely to address you by name rather than generic terms such as customer, user, member etc.
Similarly to websites, email campaigns will go through a review process and if they appear to be from a large company, then the spelling, grammar and English should be of high-quality. Fraudsters will often operate from outside of the UK, meaning that errors in writing can be obvious to native speakers. One small typo isn't something to worry about, but broken sentences and strange word choice can reveal that an email isn't genuine.
One common occurrence in phishing emails is that they’ll link to a website that you think is from the company they’re pretending to be. Once you visit this link, you’re then vulnerable to having your information stolen.
Many of the tactics to look out for when online shopping is relevant to what we have discussed about using websites safely, but there are some additional things to look out for.
Fraudsters can also use alternative methods of payment as a way to scam you, such as requesting you pay outside of a platform you purchased a product on.
You should ensure that you only pay for online goods through a secure payment method. All major online retailers will have this integrated within their checkout process, so you should avoid deviating from using these options where possible.
Fraudsters may ask that you pay them via alternative payment options after purchasing a product from them. If you agree to pay for something outside of the retailer's payment system, then you are at risk of being unprotected for the transaction. Here's an example:
The issue in this scenario is that the fraudster may have never owned the item in the first place, and it's simply a front to get you to pay them unsecurely.
As an example, if you purchase a gaming console from a platform such as eBay and the seller requests that you pay them outside of eBay's payment system. The issue is that the fraudster may not have the intention of posting the item they have sold to you. If you agree to pay outside of a secure payment system, you may not be protected by the transaction meaning you cannot claim for the missing item.
Major online retailers will use a secure payment method, but if you're shopping with a lesser-known company, here are some payment methods that are safe to use:
Most major credit card providers offer buyer protection, meaning that if you make a purchase and use them for payment, you’ll be covered if a good arrives damage or doesn’t arrive at all. This can be a safe payment option to use online as you’re offered additional buyer protection.
Ensuring that any accounts you make are secure is another thing to bear in mind. User accounts will often house personal information such as your full name, address and may have your card saved for future purchases. Fraudsters may attempt to log in to your account to access the information you need, so ensure you follow these steps:
Being savvy to the fraudulent methods taking place can keep your sensitive information secure and private. If you follow the points in this guide, you should easily be able to uncover whether something is genuine. To recap, always think of the following when shopping online:
If in doubt, it is always safer to avoid a potentially fraudulent email or website than take the risk. Due to the availability of goods across a wide range of retailers, you should be able to find alternatives easily.
As a sole trader or freelancer, there will be times where you need to provide an address. In these scenarios, you may not want to or be able to provide your personal address. Find out how virtual offices can help.
Software can help small businesses to save time and improve their offering. We’ve listed 23 of the most popular options to review and consider.
Learn how to turn your skills into a successful freelancing career. Our guide covers everything from defining your expertise and setting your rates to marketing yourself and finding new opportunities.
Outsource your mailroom and automate the way your business handles its post. Find out about our digital mailroom service and the benefits it could offer to you.
With Covid-19 continuing to put pressure on businesses to operate remotely, we’ve written a guide for some of the key considerations a company should be aware of.
If you’re thinking of using your home address for your business, you should understand what this really means for both your company and your private home address.
Self assessment tax returns are used by HMRC to calculate whether you owe any tax on earnings you’ve received. Learn about what it is and how to file one.
Business insurance can help sole traders to reduce the risks associated with running their company in the event of a claim being made against them, or suffering from natural disasters such as floods or fires.
Memorandum and articles of association are required documents for all limited UK companies, and contain information about the business from share allocation to day-to-day responsibilities.
Registering your UK business for VAT is sometimes voluntary and other times required depending on your revenue. Learn more in this blog post.
A virtual address makes for a great influencer mail solution, allowing content creators to manage mail online whilst retaining their privacy.
This article explores whether or not changing from a Limited Company to a Sole Trader is possible, & what the potential advantages are of doing so.
This article explores what registering your business will mean for you as a sole trader, what the benefits of registering a business are, & why to consider it.
This article explores the different steps required to register a company & how UK Postbox’s services can help you with your registered business address.
We answer what the main remote working risks & processes you need to be aware of are, & what your GDPR remote working policy should look like.
Digitising your business comms is the way forward; this blog will explore the types of business communication & the advantages of digital communication.
A Bring your own Device (BYOD) policy lets employees use their own devices for work. Read on to learn more about how to implement proper BYOD Policy.
Need help working from home? Here you’ll find the best software for remote working, with solutions for communicating with the team & planning your days.
This guide covers what remote working means for staff, sole traders, SMEs & corporations, taking into account physical & emotional needs & best practices.
In this post we’ve explained how a virtual address can be used when signing up for services such as Google My Business and Google Adsense.
Understanding what KYC is & what information you may be required to provide when signing up to services can help you prepare for the application process.
Learn about business mail redirection and how UK Postbox has developed a solution to entirely digitise your mail management process.
If you’re a remote worker, it can be hard to replicate office life in a personal environment. Here are some tips to help you get by and stay productive.
In this guide, we’ve covered everything you need to know about setting up a limited company within the UK and some considerations for your business.
Considering starting an e-commerce business? Here’s what you should consider before getting started, & some tips for the platforms you could be selling on.
Considering registering as a sole trader? Here’s what to prepare, the responsibilities you’ll be taking on and how to apply.
Dropshipping & fulfilment services are a perfect way to start your ecommerce journey. Find out what they are & how to get started with this business model.
As of September 14, 2019, there are new rules in place for processing payments. These checks have been instated to boost security of user transactions.
It’s recommended that businesses have an efficient & secure mail process in place. We’ve looked at how you should organise your business mail in this blog.
CN22 & CN23 customs declarations are required when sending goods outside of the UK through the Royal Mail. Learn what they are & how they’re used here.
For anyone looking to start an online business, we’ve covered some of the basic do’s and don’ts to help you get started and remain competitive online.
If you’re considering entering the buy-to-let business, read some of our top considerations. It’s never too late to take the step in the rental market.
An EORI number, or Economic Operators’ Registration & Identification number, is used by customs to monitor trading between EU and non-EU countries.
Flexible working is on the up! Did you know that in the UK alone, one in seven employees now works from home on a regular basis?
