Black Friday: Tips for staying safe online from GCHQ cyber chiefs

Cyber security chiefs are warning Black Friday deal-hunters to be wary of risks while looking for bargains online.

Here GCHQ’s National Cyber Security Centre technical director, Ian Levy, and head of public engagement Kate Sinnott give some tips on how to shop safely on the web.

GCHQ launching Instagram channel
The NCSC is part of GCHQ, the Government’s online intelligence and security agency (PA)

– What information should I give when signing up to use online retailers?

Dr Levy said: “It might be a legitimate thing to ask, it might not be malicious, but it’s just not worth taking the risk.

“If they are using this for your account security they won’t care what you put in. So don’t give them your mother’s maiden name. Give them the name of your first cat.

“If it’s a criminal and they try and use your first cat’s name as your mother’s maiden name they are not going to get very far.”

Not sure how to securely set up your devices? Wondering about how to create the ultimate password? Get your questions in now for our very first #cyberchat this Black Friday! pic.twitter.com/hpgB1oHmSd

— NCSC UK (@NCSC) November 22, 2018

– Check out as a guest where possible

Dr Levy said: “Try not to make an account. Unless it’s an existing relationship you’ve got with a retailer, where you want to buy stuff from them long term, I wouldn’t bother making an account just for this weekend.

“Unless you have to give a retailer all your personal information I wouldn’t, because if they are not holding it, the next time they are breached they can’t lose your data.”

– How do I check if my data has been stored safely?

“Responsible companies should tell the customers who’ve been involved in the data breach. It’s the law now, they have to.

“If you’ve heard about a breach of a company of which you are a customer and you’ve not had an email from them you’re probably OK.”

– Still suspicious?

Dr Levy said: “You can check if your account has been compromised in a data breach at haveibeenpwned.com.

“One of things you might want to do before you go shopping on Black Friday is just check your email address on that site.

“If you haven’t changed your password since one of those data breaches and you were involved, go change it before you do stuff.”

– Make strong passwords

Ms Sinnott said: “It’s really important not to have a password that can in any way be associated with you, be it your partner’s name, your child’s name, your street address. Anything like that can be guessed by criminals.

“What we say is make it random. So we talk about three random words – that’s really hard to guess. You can enhance it with an exclamation mark or something like that.”

– Should I use the same password for everything?

Ms Sinnott said: “Your email is your most important account. It contains so much personal information about yourself.

“It’s so important that’s got to be super-protected. Have a separate password for your email account, so if one of your other accounts gets compromised criminals can’t access your email.”

Phishing – new dance move, or criminal activity? On #BlackFriday we will be joined by some cyber VIPs to chat about YOUR cyber security concerns! Submit your question now #cyberchat pic.twitter.com/W0WgtpwBRz

— NCSC UK (@NCSC) November 22, 2018

– What if I think I’ve fallen victim?

Ms Sinnott said: “Don’t panic, don’t worry. Unfortunately loads of people are falling victim to fraud, so it’s not you.

“But, if there’s something that’s making you feel uncomfortable or a little bit suspicious about the transaction that you’re making as you’re shopping – it might be that they are asking you for an excessive amount of information, or you notice the company’s based in a bit of the world you know it’s not – don’t panic, just take some action quickly.

“Take a note of what the website is, immediately close down your internet browser and then report those details to Action Fraud. Finally, once you’ve done that, just contact your bank.

“It might be nothing, you might be fine, it depends often how much information you’ve put in. It’s just really important to report it and contact your bank so they can be on the look-out for any suspicious transactions.”

National Cyber Security Centre launch
Dr Ian Levy (right) showing the Queen and the Duke of Edinburgh in 2017 a robot vacuum cleaner which could be vulnerable to cyber attack (PA)

– How can I stay safe with my new purchases?

Dr Levy said: “Try and buy a reputable brand and where the device you buy has got a decent guarantee length so you know everything is going to be kept up to date and maintained.

“When you get it home I know you want to plug your shiny thing in, but it’s worth reading the instructions – make sure you know what this thing is going to do and if, during the set-up it asks you for a password, choose a decent one that you haven’t got somewhere else.

“If you’ve got to set up an account, go into the settings and look at the privacy settings – make sure they are what you want them to be, not what the default is. And please keep the software up to date, that’s really, really important.”