Our digital dependence has never been thrown into such stark relief as during the, sadly ongoing, coronavirus pandemic. The first half of 2020 saw much of the UK working or studying from home and a surge in online shopping as high street stores shut their doors. This opened the flood gates for opportunists to create fake websites and apps that steal personal data, or online pop-up shops that take payments with no intention of posting the advertised product.
To protect your charity from scammers who could steal confidential data or bank details, here are some top tips for your staff on spotting bogus websites.
S is for security
The first place to look for proof of a website’s legitimacy is in its address, which should begin with either “http://” or “https://”. These look pretty similar but the “s” in the latter stands for “secure”, meaning that data transferred via this site is encrypted and therefore better protected from hackers. Although many http:// sites are still safe, it’s best to err on the side of caution when sharing personal info.
The key’s in the padlock
On most internet browsers, on the left of the website address bar you’ll find a tiny padlock symbol that you can click for more details on the site’s security. Some browsers will simply have “secure” or “not secure” in place of a padlock, while others raise a warning when you click on a suspicious site. Google Chrome actively prevents users accessing unsecured sites unless the user chooses to proceed regardless of risks.
Symbols of certification
Some websites carry a green shield or tick logo to show they have been certified by a high-profile security standard, such as DigiCert or Symantec. However, scammers can easily embellish their sites with fake logos, so always click the symbol to see if it takes you to the certification details, or is simply an image file and therefore a fake.
Beware the bargains
When shopping for supplies or specialist equipment for your charity, be cautious of offers that seem too good to be true… They probably are. Some websites advertise rare or valuable items at an exceptionally reduced price, then either take money without delivering the goods, or send an imitation product.
Masters of disguise
Another online trap are the websites posing as real, big name brands, such as Amazon or Apple. They lure you in by using a very similar website address and hope it goes unnoticed, especially if you click through from another sire or email. You can avoid this by accessing the genuine website directly and searching for the item you want from there.
Test their grammar
We may forgive a few typos, but emails or websites scattered with spelling mistakes and grammatical errors should be an immediate red flag. The seller may not be who they claim, so check for other security verification, and proceed with caution.
Cyber crooks can set up new websites in a flash, sometimes for just one day of trick trading before it gets taken down. While not all freshly made sites are fake, a website’s age can be a big clue to its legitimacy, especially if the business is selling itself as a well-established one. You can check the age of a website here.
The safest way to pay
Even when a website has passed all of these security checks, don’t hand over any money just yet. Always make sure the site only uses secure payment methods, and do not purchase from them if they ask for a wire transfer, money order, or other non-refundable method.
For more information on recognising and reducing the risks online, read our blog on general cybersecurity "Insure IT: Recognising risk in the digital age". Our insurance experts would also be happy to talk through any concerns and queries around protecting your charity against cyberattacks. Give us a call on 0345 040 7731.