E-COMMERCE, STORES | editor, Singapore
Paul Ducklin

Staying safe before, during and after peak retail seasons


It is that time of year when consumers all over the world, and in Southeast Asia succumb to a shopping frenzy due to hot deals from events like 11.11, Black Friday and 12.12 coming up.

Online shoppers have been the target for cybercriminals for many years now, and the increase in e-commerce activities over the past year makes healthy cybersecurity practices vital. After all, cybercriminals don’t care whether they steal credit card details or phish email passwords on Black Friday, 11.11, or on any other significant shopping event of the year – these events are just opportunities and the crooks aren’t going to wait until 11.11 itself to try to scam you, nor are they going to stop their criminality when Cyber Monday is done.

Having said that, the upcoming 11.11 and Black Friday deals can look so competitive that many of us may be more willing – at this time of the year – to take risks buying via online merchants we’ve never heard of before. Appended are some tips on how to stay safe online during this shopping season and beyond.

  • Write down contact details for your financial providers.

It’s just a few minutes’ work to make an old-school written copy of the emergency contact numbers and email addresses for organisations such as your bank, card issuer or insurance company. That way you will have access to them even if you lose your payment card or your phone gets stolen.

  • Learn about account lock features offered by your bank or card issuer.

These days, many banking apps have a “quick lock” option that allows you to freeze and unfreeze access to your account or payment card in seconds. In an emergency, such as if you think you put your card number into a phoney site or you misplace your card, you can block access to it right away, even before you call up to ask the bank for advice. (And see tip 1.)

  • Learn how to clean up your browser’s autofill storage.

Modern browsers try to help you by automatically remembering and storing details such as passwords, credit card numbers and even addresses. In many browsers, these autofill features are turned on by default, which may not be what you want. Learn how to review how much personal data your browser has kept up its sleeve in case you need it again.

  • Consider using a pre-paid debit card for one-off purchases.

If you’re determined to purchase from a retailer you don’t know much about, a low-value pre-paid debit card can help you limit your risk. A $50 pre-paid card, for example, reduces your exposure to that very $50 amount (when the money is gone the card simply stops working), and isn’t linked back to any of your other accounts.

  • Turn on 2FA wherever you can.

2FA, short for two-factor authentication, usually refers to those one-time login codes that you need to type in together with your username and passord when logging in. This can be annoying at times, and it means that you can’t login on your laptop if you don’t also have your phone handy, because most services rely either on a one-time text message to your phone, or a special mobile app, for supplying the needed codes. But that small extra hassle for you makes it very much harder for the crooks to mess with your accounts, even if they figure out your password.

Lastly, remember these three simple sayings that you can repeat to yourself out loud, just to slow yourself down a bit before you commit to online transactions you might later regret:

  • If in doubt, don’t give it out.
  • Be aware before you share.
  • Stop. Think. Connect.

And remember that if it seems too good to be true, it is too good to be true, so if you have a hunch that what you’re looking at is a scam, back yourself: it IS a scam! 

The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Retail Asia. The author was not remunerated for this article.

Do you know more about this story? Contact us anonymously through this link.

Click here to learn about advertising, content sponsorship, events & rountables, custom media solutions, whitepaper writing, sales leads or eDM opportunities with us.

To get a media kit and information on advertising or sponsoring click here.

Paul Ducklin

Paul Ducklin

Paul Ducklin has been many things at Sophos—programmer, malware analyst, technical supporter, public speaker, and security evangelist.

These days, Paul spends most of his time writing for Sophos' community website, Naked Security, where he has built up a global reputation as the go-to guy for explaining even the most technical issues in plain language.

Contact Information