Online Christmas shopping presents opportunities to hackers - Nikhil Rane

My work as a bug bounty hunter, also known as an ethical hacker who looks to outsmart the malicious hackers, means I am always on the lookout for a breakdown in the security of websites.

I can tell the signs that people, or organisations, need to look out for that may make them prone to such attacks.

We all should be alert, or otherwise we risk falling victim to a hacker’s trap.

People should be even more wary of such targets at this time of year as they use their mobile phone and other electronic devices to fill up their online baskets with gifts for loved ones ahead of Christmas. Credit or debit card details can become a tempting treat for hackers.

Let’s take the right security steps as individuals so we do what we can to make sure that we don’t fall into the trap. Security mechanisms should be enabled in the browser and paid antivirus software should always be installed in your laptop.

Christmas time is like a honey pot for a cyber attacker. It becomes easier for them to carry out attacks because there is more traffic online. There are more attacks around at this time of year.

People shopping on websites should look for genuine companies with good reputations.

I would recommend that people buy goods online from reputed brands, those names that are known and trusted.

People need to be self-aware of what to share and what not to share and of the situation when they are online, even if they are not from a technical background.

Be wary of clicking on malicious links, which may have free offers or money off goods if you go through to the websites, as people might then fall for the trap. Always cross-reference a website before you visit it. This will provide you with extra security and confidence before you use a website.

Customers should do their own research on the companies that they are buying from beforehand.

For example, look for the review and rating of the company as well as look for news of any cyber incidents that have taken place with the company recently.

Be cautious about sharing your data. It’s really scary when normal people become victims of cyber-attacks.

This next piece of advice may not be anything new, but it is something that we all need to do – we should not have online passwords which are easy to crack or guess for hackers.

We are asked to come up with different passwords for different websites so that we are not left vulnerable. Using the same password for different websites may save us time, but it may instead make us more vulnerable and appealing to malicious hackers. What we should be doing is to create passwords using uppercase, lowercase, numbers, and special characters.

The more complex a password is, the harder it is for hackers to crack them.

It’s very concerning and alarming that companies share data. It makes cyber-attacks more prone for personal users.

It is not just online shoppers for Christmas gifts that need to be wary, huge organisations can also fall victim to such attacks.

One example of a cyber-attack was the British Museum’s HR department in October 2023. The Rhysida hacker group has given time to fulfil the demand or else the data will be leaked, which is an alarm for the companies and organisations to make the cyber defence strong. Even if the company’s primary goal is to grow commercially they should equally give importance to the Confidentiality, Integrity, and Availability (CIA) of the data.

To maintain the CIA there should be regular Penetration Testing taking place to maintain the security of the website, security awareness training should be given to the employee and a framework should be integrated.

As the target was the British Museum’s HR department, the data compromised will be mostly financial and personal identification information of the employees. As a supportive measure for the employee, they can restrict the online bank transfer amount just to help alleviate any safety concerns.

The next time you go online to do a quick bit of retail therapy, or Christmas shopping for others, just think – is my password secure and if not, change it immediately to try and stay safe this Christmas.

Nikhil Rane is studying for a MSc in Cyber Security at the University of Bradford and works as a ‘Bug Bounty Hunter’.