9 Tips For Safer Online Shopping

Istock_000017462236xsmall
Bonfire Night has been and gone and we know what’s coming next.  Yes, it’s that time of year when we turn to the internet for inspiration and busily browse for that must-have gift.

The UK is Europe’s leading e-retail economy and 37 million of us now shop online.  Those facts come from IMRG (Interactive Media in Retail Group), the UK’s industry association for e-retailing.  So, it’s official, more and more of us are doing it as the fear of online shopping decreases with each passing year.  However, as we get caught up in the excitement of Christmas and gift-buying, there can be a danger of merrily entering card details while throwing caution to the wind.  To avoid that, here’s AGUK’s quick guide to safer online shopping.

  • Type shop website addresses into your browser manually, or visit favourite and frequently visited shops via your bookmarked sites.
  • Online shops are increasingly displaying an official, mark-of-trust logo.  Where you see an unfamiliar one, check it out.  Click on the seal/logo to see if it directly links with the crediting organisation.
  • If an online shop is not a well-known name or familiar brand, search Google for reviews and complaints.  The search words “Argos complaints –site:argos.co.uk” will reveal general online complaints, but exclude results from the Argos website.  Be sure to check results up to at least page five to thwart any attempts to bury bad reviews.
  • Many online shops carry customer reviews so read them, but be cautious of any similar/copycat reviews in case they are fakes.
  • When browsing from a work or shared computer, avoid using the “Remember me” function.
  • Before you enter any personal information and card details, check the website address in your browser and ensure it starts with https:// .
  • Where a password is required in the ordering process, opt for a strong password that uses a combination of letters and numerals, and upper and lower case.  DO NOT use the same password as your online banking!
  • Consider paying by credit card, rather than using your debit card.  It can offer consumer protection if anything goes wrong with your purchase.
  • Make sure you have the latest Anti-Virus software as many programs now include website screening to protect users from fraudulent websites.
If, however, you need further guidance about internet safety, please review our
Internet Security products.  Alternatively, contact us to discuss your individual system requirements for business and/or home security. We will be happy to arrange an audit.

Please feel free to leave any comments, queries or share your own tips.

Domain Renewal Group Warning

Domain_renewal_group

Do you have a domain name due for renewal? Notifications from a company called the “Domain Renewal Group” are being sent out. They are cleverly worded and can resemble a bill, as per the example shown. Do not reply to any such communication and certainly do not send any money.  Instead, take my advice and file it in your bin or shredder.

Your domain(s), if due, will certainly have to be renewed but do this through the company you already use to manage your domains.

If you are in any doubt about any requests you receive from the Domain Renewal Group, or have any domain ownership/payment queries, you are welcome to contact us for advice.

Domain Management is one of the specialist services available from AGUK Solutions Limited, ensuring domains are always kept up to date and renewed in good time at a competitive rate.

 

Protect Your Twitter Password

Images
Readers of my articles will know I am security conscious:  you have to be if you do business via the internet.  Increasingly you also have to be security conscious where social media networks are concerned.

According to one internet-based survey, Twitter is ranked as the second most popular social media network for interaction between friends, communities and business organisations.  If you use Twitter, this is a very important post.  However, I have seen a growing number of Twitter users getting hacked due to their account password being stolen through a scam.

A social media hacking scam is designed to encourage email recipients to click on an innocuous-looking link.  The “friendly” message is often along the lines of:  “I cannot believe this picture of you”, or “This picture of you is very embarrassing.”  Authenticity appears genuine as the message, with its picture/video link, purportedly comes via one of your friends/followers.  It is just that they, too, have been hacked.

If you receive such a message and click on the link you’ll see a Twitter log-in page.  Beware!  Despite its realistic appearance it is fake and designed to capture your password.  To spot the deception, check the url in your browser address bar as Twitter will only ever ask you to log-in at twitter.com

Some Twitter scam sites have used addresses such as:

  • tw1tter.com
  • twittter.com
  • twwiter.com
  • itwitter.com
  • twitter.com.somedomain.cm
Look again at the second example.  The letter “t” appears three times, not two.  Notice that the last example tries to fool you it is the real Twitter site by actually starting with “twitter.com ….”  The other fake urls are easier to identify.

Unfortunately, the official Twitter website does not make things easy.  Its official log-in page is at https://twitter.com  However, it can also use two others:

If you receive an email or message with a log-in link to Twitter my advice is to check it.  Open another window and key in https://twitter.com.  Sign in and, if you’re on your own computer, click the “remember me” box.  Go back to the link you got and click it again.  If you are not logged straight into Twitter, the link is fake.  Being cautious will keep you safe, and help you protect your Twitter password.

Security Announcement: Update your Browser

AGUK wishes to draw to your immediate attention that this week (21 March 2011) there was a potential security breach in the trust of SSL certificates.

SSL certificates are issued by Certificate Authorities (CAs). The CA is responsible for ensuring the certificate is issued correctly and in accordance with industry standards.

When using a website where you provide sensitive information or login details you are protected by SSL technology. This technology encrypts the connection between you and the server. It also asserts that you are connected to a legitimate website.

Comodo, the CA who issued the suspect certificates via a partner, released information on 24 March 2011 that several certificates had been issued to a fraudulent organisation, potentially based in Iran. This means that the attacker could direct you to one of these sites and successfully pass off that site with a valid SSL certificate.

The affected websites are listed below:

  • mail.google.com
  • www.google.com
  • login.live.com
  • addons.mozilla.org
  • login.skype.com
  • login.yahoo.com
Because of the risk associated with these links the major browser vendors have issued an update to hard-block access to them if they are using one of the fraudulently obtained SSL certificates. Access to legitimate websites will be unaffected.

Google Apps Customers
You can see that some of the affected websites include the Google links associated with your Google Apps account. It is therefore extremely important that you update your browser as soon as possible.

Updating Your Browser
In most cases your browser may have already automatically updated itself. Internet Explorer updates via Windows Update, the frequency dependant upon individual PC settings. Both Chrome and FireFox can verify if they are running the latest version via the Help menu.

The latest versions can be downloaded from the links below:

If you use an alternative browser please contact its manufacturer for support and information about any updates it has supplied to counter this threat.

Update your Anti Virus
Make sure your anti-virus software is up to date. Anti-Virus solutions such as PrevX can help provide zero-hour protection against threats such as these. This particular solution can now be supplied by AGUK as one of its newly added services.

Questions or Concerns
If you have any questions or concerns about this update please post your comments below so they can be shared. If you would prefer private support please email [email protected].

Further Reading
If you are interested in the more technical aspects of this issue please click here for information provided by Symantec.

 

Internet Explorer Security Update

This is a follow up to our article on the Internet Explorer Security Scare sent earlier this week. Microsoft has now released a security patch to fix its weakness. Depending on your system’s update settings, this should have been downloaded by Windows. However, to check and ensure you have the patch installed, here is AGUK’s advice.

INTERNET EXPLORER LATEST UPDATE
Windows XP Users: Go to Windows Update website and follow the steps given.

Windows Vista and Windows 7 Users: Click Start and in the search box type "Windows Update" then press Enter.

In either case you will see the critical updates available. If none are displayed then your system is up to date.

FUTURE SECURITY PRECAUTION
If your computer is not set to receive automatic updates then I recommend you immediately rectify this. It is crucial for any system to automatically download and install updates daily. For more information about how to do this please click here (Microsoft Website).

CURRENT SECURITY STATUS
After you have installed this latest patch from Microsoft you can, if you wish, adjust Internet Explorer and change your browsing security from High security to Medium-High. Alternatively leave the Internet zone setting at High and instead add any trusted sites not displaying correctly at this level to your “Trusted sites” section. To do this take the following action:

Windows XP Users: Click Start > Run and type inetcpl.cpl then press Enter.

Windows Vista and Windows 7 Users: Click Start and in the search box type inetcpl.cpl then press Enter.

In either case then click the Security tab and select the “Trusted sites” zone as per the diagram below.

Diagram of required steps to take. 

FINAL SAFEGUARD
AGUK recommends you maintain up-to-date AntiVirus software and never open email attachments, or follow links in emails to unknown websites. Also, whenever you receive an update or security patch, ensure your system is set to restart automatically after installing it, or do this manually. This will ensure immediate effect of the update.

 

Internet Explorer Security Scare

You may have seen, or heard, news coverage about a significant security problem with Windows Internet Explorer. Following Microsoft’s admission that Internet Explorer was used to hack Google the German Government warned against using Internet Explorer. Now France has issued a similar warning.

INTERNET EXPLORER SCARE
Internet Explorer is the web browsing software used by many to access the internet. If you use this browser, the current flaw allows exploiting hackers to access files on your computer, to log keystrokes made, and to redirect you to specific websites. However, the advice from AGUK is not to panic but be cautious. 

To take any such advantage of a compromised system, a hacker must get you to either visit a specific website, or install a browser add-on. Depending on your security settings, this add-on (unlike software browser add-ons known as ActiveX controls) can be installed without you knowing. It is also undetected by current anti-virus software.

AGUK’s Security Action Plan
If you do not know which type of browser you are using click here and visit our browser test page. If you are using Internet Explorer there are steps you can take to reduce the risk of falling victim to Internet Explorer’s browsing weakness.

(1) Alternative Browser
You could install and use an alternative web browser. AGUK recommends Google Chrome. This lightweight browser is faster than Internet Explorer and is growing in popularity. This would not necessitate the removal of Internet Explorer.

(2) Run Internet Explorer in Safe Mode with add-ons disabled
It is possible to run Internet Explorer with all add-ons disabled. This will help prevent your browser being susceptible to this latest attack. The simplest way to do this is by creating a shortcut on your desktop. Here’s how:

Close down all open programs and on your desktop right click on your mouse and select: [New > Shortcut]. Then in the box labelled "Type the location of the item” paste the following text exactly, including the quotes:

“%ProgramFiles%\Internet Explorer\iexplore.exe” –extoff

After you have done that click [Next] and then [Finish]. A new shortcut will now be on your desktop called iexplore.exe. When you use this shortcut you will see that Internet Explorer is launched with all add-ons and ActiveX controls disabled.  In this mode it is possible some websites will not display correctly, but this is the sacrifice you must pay until the security hole is closed by Microsoft.

(3) Enable High Security level in Internet Explorer
It is recommended you follow this process in conjunction with option 2 above.

Windows XP Users: Click Start > Run and type inetcpl.cpl then press Enter.

Windows Vista and Windows 7 Users: Click Start and in the search box type inetcpl.cpl then press Enter.

You should now see the Internet Properties window. Click on the Security tab, select Internet from the zones and then move the slider to High as per the image below. Make sure you click OK once you have changed these settings.

If you have any questions or concerns about this issue please let us know in the comments.