web analytics

How to shop online safely this holiday season and all year round

Fraudsters and scammers are always looking for a way to make money quickly – and that often involves targeting you for your information and money. Online shopping has slowly gained ground in Mauritius, with the trend being accelerated by the outbreak of the pandemic, and fraudsters have taken notice. 

In terms of payment modes, Mauritius straddles the middle ground at the intersection of contactless payments and virtual cards. Most big banks are investing in contactless payments to begin with, and would be looking at the digitalisation of cards only as a next step. Also, following in the footsteps of first mover, Juice by MCB, telecom majors such as Emtel and Mauritius Telecom have launched payment apps such as blink and my.t. Thus, contactless payments are gaining traction too, as online shopping becomes a popular trend.

Below, Peach Payments Head of Information Security Judy Winn shares her tips for consumers on how to stay safe ahead of the Christmas holiday season, and all year round.

Judy Winn
Judy Winn Peach Payments

Public WiFi hotspots – Be wary of performing online banking or any other sensitive online activities over public WiFi hotspots.Poorly secured public networks could be vulnerable to attacks, and those attackers can get access to your data. Fraudsters can set up fake and enticing hotspots to get you to connect to their shared WiFi, often by mimicking the names of the restaurants or shops in the vicinity. Anything you do on the internet will be visible to them (including your online banking username and password) as they are sitting between you and the internet. If you are out and about, and need to access your online banking, rather use your mobile data. Even better, many banks have made their banking applications zero-data accessible.

How to tell if a website is legitimate? This one can be quite tricky, as some fraudsters can make very convincing website lookalikes, as well as seemingly valid stores. One way to check the legitimacy of an online company is researching their reputation.

Try to answer questions such as
: Do they have any reviews that you can find on Google or sites like Trustpilot? Do they use a reputable payment gateway? Were the reviews generally good, or mostly complaints? Has the organisation responded to any feedback? Do they have an active social media presence? Does the company provide a way of contacting them? Does the deal they are offering seem too good to be true?

If you can’t get concrete and comforting answers from doing research to answer these questions, then rather err on the side of caution and don’t use the site. See if you can find a trusted, alternate site that is selling the same product you want.

Suspicious phone calls – sometimes fraudsters will phone you and pose as the fraud department of your bank. They often claim to have detected fraudulent transactions on your card and then try to trick you into providing various types of sensitive information, including your residential address, for delivery of the “new” card. If you get someone alleging to be from the bank calling you about fraudulent transactions on your account, don’t give them any details. Rather end the call and instead phone your bank’s fraud department directly from their listed number and make enquiries with them. Log into your online banking securely to check your account to verify the claims made.

Secure Connection (Website lock) – The little lock that you see to the left of a website address essentially means that the information you enter on the website will be sent in an encrypted format – meaning that no one else can read the information you have entered while it is in transit.

Phishing & smishing – be extra aware of possible phishing attacks and other scams that can be delivered by email or SMS. These messages generally invoke some type of emotional response, to get you to let down your guard. It is normally something that involves a panic response – such as “your account password has been compromised, login here to reset your password”. To stay safe, never enter any sensitive information (including your banking credentials) in a link that you opened via email or SMS. Never call numbers provided in SMS or emails – rather Google the official numbers of your bank or organisation, from their official website. Never disclose your online banking OTP to anyone either. Ever. Your bank will never ask for it and if you are asked for it you should immediately be suspicious.

Selling something and receiving EFT payment – if you want to sell something of yours through advertising online, be cautious when accepting EFT payments. Ensure that you have definitively received payment and that the money reflects in your account, before sending or making the product available for collection.

Waiting a day or two to be sure the money has come through can be a safe bet – this is important if someone uses a deposit via a fake cheque, that later bounces. With cheques being commonplace in Mauritius – where, despite having achieved a very high level of banking penetration early on, instruments which were popular in Europe many years ago are still in currency – receiving payment by cheque for an online sale is a real possibility. If in doubt, rather call your bank to verify funds. If the person becomes very aggressive or threatening, they are likely trying to scam you.

Scammers will also send fake Proof of Payment documents or messages so it is safer to ensure the funds are received first before handing over goods. In addition, never allow strangers to collect goods from your residence – this discloses your address. Rather arrange to have the product couriered, or collected in a public place.

Verified by MonsterInsights