One of the principle weapons used by online thieves is some sort of major event. It's why you see phishing attacks and malware distribution rings use events such as royal weddings, celebrity scandals and paparazzi photos as a tools for spreading malware. And online shopping events, like Click Frenzy, are also a prime tool used to part us from our hard-earned cash.
Most of the same rules that apply whenever you shop online apply during Click Frenzy and other sales. But they're worth reiterating because we can get a little complacent or forgetful of what's safest when confronted by a great offer.
The ACCC noted in their latest Targeting Scams report that millions of dollars were lost to scammers. Often, the thieves target vulnerable people with the over 65s, people with disabilities and indigenous people among the most targeted.
Aaron Bugal, Global Solutions Engineer at Sophos, offers some suggestions.
If it sounds too good to be true, it is too good to be true
We've all see the scams on Facebook and through email remising us a free smartphone, tablet or other high-value item for free if we just follow a series of steps which usually involve handing over a bunch of personal information.
Only shop using secure websites
Never fill in purchase details on a website that doesn’t use an encrypted connection.
Bugal says "Don’t be fooled by padlock images on the webpage itself: look for the padlock in your browser’s address bar".
And don't simply hit the OK button to bypass warnings about expired or potentially dodgy certificates. Pay attention and if you're in any doubt, use a VPN to secure your connection.
Don’t click on links in unsolicited emails
Email remains the number one vector used by bad guys to attack users. If you get an email that looks like it's from your favourite shopping site, don't hit the link. Go to the site directly.
Dodgy links can land you on phishing websites or expose you to malicious drive-by downloads.
Never provide more information than necessary
No one should ever ask for PINs, passwords or personal information that's not directly required to complete the transaction. Only provide the information needed and no more.
Even if the site is legitimate, they could be breached one day and end up with more of your data than expected.
Check your bank statements
It's not unknown for transactions to go through twice erroneously so, it's worth checking statements even if it's just to pick up errors.
But it's also important so you can detect unauthorised transactions.
Banks are pretty good at stopping potentially dodgy transactions - it's happened to me a couple of times recently - but they aren't perfect. So keep an eye on things and immediately report anything untoward.
I'd go a stop further and check my transaction history the next day via online banking rather than waiting for the next statement period.