Watch out for…
Fake online stores posing as real
What’s the threat?
Whether you’re reading as you consider your last-minute Christmas shopping or during the January sales, you’ll need to be more cautious than ever when you shop online. According to new research from US security firm Venafi, there are now four times as many fake shopping websites as real ones, double the number in 2018.
Criminals create fake stores by buying URLs that look similar to real ones, but have one or two letters different. They hope to lure shoppers who have mistyped the URL, or stumbled upon the site another way.
Worse still is the fact that many fake websites are making themselves appear authentic by obtaining free TLS certificates. This is the security protocol that displays the padlock symbol in your web browser, indicating that the transaction is encrypted and therefore safe.
How can you stay safe?
It’s worth clearing up any confusion around that padlock symbol (see screenshot). Crucially, it can’t actually guarantee that a website is safe (though obviously Amazon is). All it means is that your connection to whatever website you’re visiting is secure – not that the site itself is legitimate. Even the FBI warned about this earlier this year. TLS certificates can be obtained from places like Let’s Encrypt (https://letsencrypt.org), which will provide a free certificate to anyone who can demonstrate that they control the URL in question.
The simplest way to stay safe is to type URLs perfectly every time. But that’s not much comfort to those of us cursed with shaky fingers. Instead, you could consider a password manager (if you’re not already using one). LastPass (https://lastpass.com), for example, protects you against fake websites by adding your password only on legitimate sites.
New tools - DuckDuckGo’s Smarter Encryption
The most pleasant surprise so far this year is that the revamped version of Microsoft’s Edge web browser (www.microsoft.com/en-us/edge) is actually pretty good. Built using the same open-source code Google uses for Chrome, it feels fast and reliable yet reassuringly familiar.
Not only that, but its privacy options are more comprehensive and easier to set than Chrome’s. Click the top-right menu (three horizontal dots), Settings, then ‘Privacy and services’. Choosing Strict here (see screenshot) is a quick way to block most trackers that follow you across the internet, tormenting you with the same adverts day and night. It’s so strict it’ll block some adverts even if you don’t have an ad-blocker installed. By default, Strict tracking protection is turned on when you enable Edge’s InPrivate browsing mode, which also disables cookies and browsing history.
This greater emphasis on privacy, combined with more extensions and slicker design, makes Edge a genuine rival to Chrome. We’ll give more reasons for switching soon, plus instructions on how to do so without losing your existing browser settings.
ScamWatch
Readers warn readers
FedEx delivery email is fake
With so many deliveries arriving in the weeks before Christmas, your readers should be warned about a scam that claims FedEx tried but failed to deliver a package. You get an email saying that FedEx had “incomplete information of your physical address”. If you click the ‘Update my address’ button you’re taken to websites that try to steal your personal details. It’s not the most convincing scam I’ve ever seen. It uses a rubbish fake FedEx logo, although the colours are accurate. You can see the email at www.snipca.com/33413. If you shop online, make a mental note of this scam.
Colin Lloyd
For more ways to protect your tech, try Computeractive magazine.
Get 3 issues for JUST £3!