We all use the internet for a variety of reasons; we stay in touch with our friends and family using social media and shopping online is easier than ever. But it’s important to remain vigilant when a website requires your personal details to complete a transaction (e.g. if you need to register your contact and payment details).
Here are our top tips for keeping your personal details safe online:-
1. Check the website is HTTPS secure
The simplest way to check if a website is safe is to check if the site URL prefix is HTTPS e.g. https://drmlegal.co.uk.
HTTP is the underlying protocol for the World Wide Web. The ‘s’ stands for ‘secure‘ and ensures communication between your device and the server is encrypted. If you choose to continue to a site without secure HTTP connection, do not input any personal information.
When a website is encrypted, the data is scrambled between the website and the reader, a digital key is used to unscrambled that data when it is received. This prevents the data being intercepted between the sender and recipient.
On most browsers a secure website is indicated via a padlock icon before or after the website URL and an unsecured website is indicated by a unlocked padlock before or after the website URL.
However, fake websites can also have secure encryption, so this should not be the only check you perform before entering your personal details into a website.
2. Use your browser’s safety tools
Most browsers have inbuilt tools to protect its users from harm. Google Chrome, Microsoft Edge, Microsoft Internet Explorer, Firefox, Safari all have privacy options located in settings.
It’s good practice to get to know the privacy settings for a browser and to learn what messages appear if unsafe sites are found. Find the information and options for your specific browser in the help section within the browser menu.
Browser privacy options available include sending ‘do not track’ requests to websites (which prevents websites from tracking your activity), disabling Adobe Flash (a multimedia player) and controlling which sites can access your webcam and microphone.
Here are a few examples of how privacy settings appear on different browsers:
3. Check if the website is safe
If you are visiting a website for the first time, you may not be familiar with some features if you have never seen them before.
If you aren’t sure how trustworthy a website is, you can test it before entering any personal details, especially payment card information, by using a trusted ‘safe browsing’ website.
Google’s safe browsing checker is one such website and is a useful tool to bookmark in your browser for quick access. Safe browsing websites can identify which websites may not be secure. Virustotal also has a similar tool.
4. Check the links
When the mouse cursor hovers over a link in a webpage, information about where that link leads will show in very small print in the bottom-left of the browser window for most browsers. However, phishing/spoof sites will often use similar looking links to trick the browser into handing over their personal details.
For example, Paypal, a trusted online payments system is used by many people when making a purchase online. Lots of websites give users the option to check out using Paypal, rather than entering card details directly into the website as a payment method.
Scammers have found ways to take advantage of the trustworthy status held by Paypal, by inserting links to fake Paypal login websites, as shown in the image examples below.
To the untrained eye, this login page is entirely convincing and looks like the real deal. But if you compare this to the genuine login page you can see the lock in the left corner of the URL bar, which signifies that the website is encrypted:
Further to this, the below button appears to be a legitimate link to checkout with PayPal. If you are unsure whether a site you are on is legitimate and see they have a “checkout with PayPal” button, hover over the button and check the web address that shows up in the bottom corner of your browser window. If the web address that shows up is not in fact the legitimate PayPal URL then this is a clear indicator that this button is linking through to a scam checkout website.
The SSL store also has a useful guide to spotting fake websites here.
Under the GDPR, it is a legal requirement for a business to make sure its online users are aware of the way their personal data is being used.
A privacy notice should include the following information:
- Contact details for the person responsible for data
- What personal data is kept
- Why it is being stored
- How long the company will keep the information
- What legal basis the company has to use the data
When entering a website, usually you are asked to accept a ‘cookies policy’. Cookies are small data files which are saved on a user’s computer and gives the website information each time it is visited. From knowing whether a user is logged in to a website to how many times the user has previously visited, this information is stored as ‘cookies’.
More information about cookies and how they work can be found on BBC Webwise.
6. Check the website has ‘Trust’ badges
Trust badges are images which often appear on websites, usually at the bottom of a page, as an indication of site security. With so many different schemes in place it’s difficult to ensure the trust badges are legitimate. Many of the genuine schemes will have links attached to their badge, which will go to an explanation of their trust scheme. However, in most cases, trust badges are not to be trusted!
As above, you should ‘hover’ over an image of a trust badge placed on a website to see if the link leads anywhere. Be aware that images of trust badges are the same pictures whether or not they are fake.
7. Look at the company details
Is there a contact address and phone number? Does the company operate out of legitimate premises? And can they be contacted by phone or do they mysteriously live in cyberspace with only an email address for contact?
If the website lacks contact details be aware – the site could still be genuine but if you have any complaints about the website/service you receive then it can be difficult to resolve an issue without a point of contact.
8. Protect yourself with web security tools
Many of the popular antivirus packages offer add-ons to protect web browsing and online purchases by using tools such as real-time scanning of malicious code, reported fake sites warnings and password managers. These can automatically alert a user if sites are detected which are not as they may first appear.
9. Use complex passwords
Whilst it might be easier to use the same simple password for your online accounts, it also makes it easier for hackers to gain access to your accounts!
Try to use more complex passwords and don’t use same password for multiple sites. If remembering different passwords is difficult, use a password manager which can store passwords such as LastPass. Password managers can also help generate complex passwords and will auto-fill usernames and passwords for you when visiting a site.
10. Install an ad blocker
Ad blockers can prevent navigation to an untrusted site through accidentally clicking an ad. You can disable the ad blocker on trusted sites if you wish.
11. Check if you are a victim
If you are concerned that you may have entered your personal details on an unsecure site, you can use https://haveibeenpwned.com. Have I Been Pwned is a free website that lets you check if your data has been leaked in any known data breaches.
Google has also recently added a real time checker which automatically alerts a user if the username and password being used on a website has appeared in a data breach.
Finally, if you have fallen victim to data breach due to using a scam, unsecure or non-legitimate website, we can help. You can complete a data breach claim form now to see whether you have a potential case for compensation. To find out more information about making a claim for distress caused by a data breach, contact us today.