Have a safer cyber-Christmas with our online buying advice

By Nikki Hookway - Senior Account Handler

If you’re anything like me, you started Christmas shopping weeks ago and have already forgotten some of those purchases. As the parcels arrive and you scratch your head wondering if you’d already ordered the sewing kit for Auntie Mary from Amazon, cyber criminals are using this to their advantage and possibly contacting you to say the parcel has been lost.

The rise of the scam emails and text messages, letting you know that your parcel couldn’t be delivered, is something we can all fall for – including businesses. Cyber criminals know there is an increase in buying at this time of year and tap into the worry that family, friends and colleagues won’t receive their gifts in time.

A Citizen’s Advice report released this year found that scams linked to parcel deliveries or online banking came top in 2023, with 40 million people already targeted by mid-year.

The scariest part is they use popular courier business or online retailer logos to head their emails, and text messages are looking increasingly like the providers’ own in layout and terminology. 

There are a few things I look out for when I receive an email that could be fake:

·       Usually, the address won’t be the domain of the retailer you bought from. Instead of @onlineretailer.com, you might see [email protected], or similar.

·       Check the app or account you ordered from. What does the retailer’s dispatch information say? Is there a tracking or order number included? If so, cross-reference it to the app or the ‘Your orders’ section of the website you bought the product from.

·       Does the email include pictures of the product you purchased? Phishing attempts won’t know what or where you bought a product. In fact, they don’t even know if you bought anything at all – they’re taking their chance on you recently making a purchase.

·       Finally, do not click any link and do not input any debit or credit card information should it request you to do so. No courier will ask you to pay a fee for an undelivered parcel.

This is all good practice for an individual. However, businesses must provide training to employees on the importance of not using a work email address to order goods or set up accounts with online retailers, as it’s all too easy to click a link when an email hits your inbox. Before you know it, the only gift you’re receiving is a virus to shut down operations and leak sensitive data.

The best scam awareness advice is to avoid clicking links or responding to messages. Instead, you should go directly to the known website of the business or courier. This means you’ll have independently verified the contact details to them and reduce the likelihood of your data getting into the wrong hands.

If you’d like to discuss cyber insurance options, now is as good a time as ever. We’ve seen additional insurers come to the market this year who provide expert risk management services as well as advice on how you might go about reducing your vulnerability, and here at Howden, our specialists have the expertise to align you with the perfect cyber insurance provider.