How to stay cyber secure over Christmas

This is an updated version of the online shopping checklist I put together to help people shop more safely online and find out who they are buying from before getting scammed.

Before buying a product online, always check out the seller and the product. Even the most legitimate-looking websites can be fake so do your homework first.

Look for all the names, addresses and phone numbers associated with the website. The website name, the company name and the seller name can all be different. Beware if none of this information is available.

Can you find addresses for the seller? A seller might use several addresses – registered address, VAT, trading, website, check them all out. Are there other ‘sellers’ at the same address?

Search tip: Put phrases in “double quotes” to get an exact match. Works on Google but not all sites.
Removing the double quotes might also bring up some interesting results.

Here are a few sites you can use to check before you buy:

Search for businesses and people
Companies House
https://find-and-update.company-information.service.gov.uk/search/companies
Addresses don’t work too well but single words do. There is now a search for officers by location that sort of works for other search terms e.g. John Smith location:”High Street, London”.

https://www.google.co.uk

https://uk.trustpilot.com/
What you find is not necessarily the truth but can be a good indicator. Many of the reviews on are fake – a sure sign that something is amiss. Look to see what other reviews the reviewer has left.
I take more notice of bad reviews that often give further information on the seller or the product.

Check VAT numbers
http://ec.europa.eu/taxation_customs/vies/
http://www.vatcheck.eu/

Look up addresses Check the timeline to see how the building or area has changed. Scammers often use an address of a vacant building or one that has just been knocked down.
https://www.google.co.uk/maps
https://www.getmapping.com/ (limited but different timelines for free)

Search phone numbers
Put number in double quotes to move spaces around e.g.
“01234 567 890”
“+44 1234 567890”

Search product images
https://www.google.com/imghp?hl=en
Reverse images (flip horizontally) and search again.

How long has the seller been trading?
Amazon and ebay both show this info. If the seller is new, be very careful.
Ask the seller a question just to get a reply. This could be just asking the weight or dimensions of the product.
Search the reply email address.

Search selected text in “double quotes” from advert or reviews: e.g. “left-handed screwdriver”
https://www.google.co.uk

Search products on foreign eBay/Amazon sites
Put part of the description in double quotes “like this” with e.g. amazon.de or ebay.ca

Google translator (Chinese names & addresses can have interesting results)
https://translate.google.co.uk/?hl=en&tab=TT

Facebook
It is almost impossible to check out sellers thoroughly especially with so many scammers on Facebook selling products that look to good to be true. My advice would be to only buy locally and arrange to meet the seller where you can examine the product and exchange product and cash in person.

Website Checkers
I don’t know very much about the following websites but Kaspersky rates them as safe. A good rating might mean they haven’t been found out yet especially if they are fairly new.

http://google.com/safebrowsing/diagnostic?site=
Check the safety of a website or email. No unsafe content found is only one indicator and should not be trusted on its own.

https://www.scamdoc.com/

If anyone has anything to add or knows some useful sites please post them here. Putting a space after the http will stop them going into moderation.

I totally disagree with storing passwords in the browser, or anywhere online, or on the computer or a phone. I keep mine written on cards which are then locked away, I don’t use password managers or anything similar and I NEVER store anything sensitive or private on my PC or my phone or anywhere online, that’s just asking for trouble. And you should always use top of the range full security programs with a safe pay feature and put any websites you intend to buy from in there first, that should give you an extra layer of protection. And if you use paypal then don’t use the friends and family feature to send money to strangers, always treat them as a merchant. And if you must store sensitive files, then store them on CD or DVD discs or a separate external hard drive which can be unplugged from the computer and locked away somewhere secure. And of course NEVER use the same password for two or more sites or accounts etc. or the same username. And keep passwords long and complex without any proper words or names or well known number combinations etc. but use combinations of upper and lower case letters, and numbers and symbols which can’t be so easily cracked with dictionary software which some fraudsters use. And of course always check the web address for the https feature, if the s isn’t there it’s not secure. Although some sites while not secure as a whole still have a secure payment page which must have the https feature so always check first before entering anything sensitive. And of course check to see if the padlock feature is there in the address bar which you can click on to check the site information to see if it has a valid certificate which it MUST have. A decent security program should warn you about invalid or expired certificates and block any sites which have one and it should also block any site which has other security failings or is infected with malware. And always clear cookies and other sensitive stuff after browsing.

I now store password in Apple’s Keychain on my Macs. This avoids the temptation to use the same. password for different purposes, or a weak one. I presume that Windows offers a similar system.

The NCSC advises storing passwords in your browser – this is TERRIBLE advice!
Anyone else using your computer/iPad or whatever can then have access to all your passwords!
Ergo this is a pretty stupid suggestion.
They can do this pretty easily even if you have a password or PIN which you think is a protection – and a hacker can easily get around this too.
Passwords on most computers including Windows and Macs are easily by-passed if people even use them and very people use password protection on their browsers – so it is open season on your passwords!
Malware on your computer is another way someone could easily gain access to passwords on your browser too – storing them in this way is just asking for trouble.
The most secure method by far is using a password manager that encrypts the passwords and is itself protected by a very safe passphrase longer than at least 12 characters with a mix of upper and lower case letters and numbers and symbols and using multifactor authentication.

I find it astonishing that the NCSC would put out such astonishingly bad security advice.

Another thing you can do is not keep too much cash in your current account, or whichever account you use for online purchases. But instead try and keep as much cash as possible in another account, like a savings account so it’s out of reach of thieving online scammers. It’s like the old saying which is now far more relevant, don’t put all your eggs in one basket.