How to survive online shopping, protect your data online, choose a good password, what not to share on social media, why your best weapon is the phone and becoming a big fat liar! Warts and all tales of ecommerce from both sides written by an etailer.
If your parents are venturing online for the first time or getting a more advanced mobile phone or you are worried about various scams going on generally, this is a good thing to share with them.
We hate seeing our lovely customers get their email accounts hacked into and Marta’s old hotmail account got hacked as well recently. Marta is the founder of Once Upon a Belt. We have seen loads of customers on Yahoo emails worldwide get hacked because we then get the spam too. Those very short emails with a random link in them. Today they have the date and time as the subject, then in the body of the message is the random link, followed by the sender’s name and a ‘x’. And with thousands of customers worldwide, all that spam gets annoying. In the Yahoo case it is not the user’s fault and many big names from Twitter to Evernote have had user data and passwords stolen of late so we really want to encourage you to think about your virtual footprint that is at risk.
We are so incensed at the sheer amount of skullduggery and rubbish going on right now, especially that brought up by the rise of the internet, we felt compelled to write this post and have bit of a rant.
So here are some handy hints we want to share to help you protect yourself and others generally online (note we are not security experts, are not able to answer specific questions and this is just what we do and have gleaned on our travels through cyberspace):
1) Never have important data stored in attachments or body of email messages left in your email account. Important data makes you identifiable as you – full name, date of birth, address, telephone, email address and answers to common security questions such as your first school, pet’s name, place of birth etc. Empty the trash bin regularly to ensure deleted emails are flushed out.
2) When using wifi your data could be stolen unless it is your own wifi connection at home which you have set up to be secure or you know for sure the wifi connection is secure because your employer provides it for example or you are techy enough to know it is secure. Out and about in hotels, cafes, etc. is the real issue.
3) Avoid using public computers, especially when on holiday. They could have key logging software on them. Always make sure you have properly logged out if you do and when logging in make sure no ‘remember my password/me on this computer’ boxes are ticked. There are bad people everywhere including in the IT departments of top companies (cannot tell those tales) plus hackers are getting smarter. Many major services have been hacked lately so now we have to be careful about our footprint to i.e. what data we leave behind every where we go online.
4) Be selective about the websites you buy from. Does the design look professional i.e. like they threw proper money at it because they are a serious business and it is not a neglected hobby or worse – a ruse? Ruses also come bundled in very professional looking designs just like scam emails can look very genuine from PayPal etc.
Is there a telephone number and email address that both work? Don’t just assume they will. Is the delivery cost clear upfront and is their returns/refunds policy agreeable? Sometimes from the language and tone they use in their website or on the phone you feel they are going to be troublesome to deal with.
Marta spent hours looking for the perfect ceiling light for the living room and when she found it only available from one place, the website design gave her no confidence at all. The colour contrast was so poor she could barely read the text (purple on blue) to use the website. However she was able to call them and speak to a very helpful lady who sounded kosher enough so still made the purchase. If there’s a choice of sites to buy from and someone gives really helpful information like exact specifications as well as looking credible they get extra weight in the considerations of where to buy, which of course include price.
If buying in great quantities always get a sample first as the quality of even the most basic items like boxes, jiffy bags and tissue paper can really vary to the point some stuff is unusable or embarrassing. If you are not happy always feed back direct to the company so they can improve their products / change their suppliers and you will protect other consumers too. If you just buy from a different person the next time, the mire just continues.
Do they answer your emails appropriately and in a timely fashion? Often smaller one man band or family owned ecommerce companies give the best service, even sourcing the perfect item for you as well as being very responsive by phone/email – even over a weekend, but that’s not always the case and the big flashy looking sites can also turn in a poor show.
5) Things are not always as they seem so it pays to be a skeptic. Be aware for instance that sometimes it is the same company selling the same stuff but through different websites – all of which they run themselves. Ebay sellers sometimes do this so they can dump an account if they get poor ratings. Marta who has been an internet professional for years running online operations for big corporates such as RAC and Virgin Media Business (now head honcho of two honchos at Once Upon a Belt), prefers to shop online and much to her husband’s dismay shops like a demon.
Her pet hates are:
5a) Fake products and misrepresentation. We certainly see some PU passed off as leather especially if produced outside of Europe (we refuse some items from suppliers, even high end or well known ones, because we have serious doubts about the materials). Setting light to it is the way to tell the difference!
We feel more and more that the more local you can buy the safer you are. When it comes to food the UK’s laws are pretty darn strict. However we were once told by a food producer that the word ‘organic’ is code for ‘only spray the crops at night when you can’t be seen’. Hmmmm? No likey. It is sadly a world where you can have little trust all round.
I have faith in the smallest producers most of all who are truly passionate in an almost crazy way about what they do and don’t let purely pound or dollars signs dictate them. Don’t get us started on the so marketed fresh healthy foods that are not really. Seems the stronger the marketing is with good for you messages or happy faces, the more a load of baloney it is when you dig down into the details. Heads up – a general buyer beware of marketing messages online and offline.
Scariest fakes are beauty products because they are not only bad for the brand’s revenue, but could be dangerous to your health too (become super attentive when it comes to packaging and other physical product traits like viscosity etc and some stuff it is just better to shop for in a reputable store in the High Street and definitely not from a market stall unless you were wanting a dose of mercury with that).
An Amazon seller (only place she could get hold of it and not pay more for postage than the product) sold Marta a fake US beauty product (not the same effect in use and text printing not central on the tube etc) and there was no way to get in touch with them, even on their website with the emails bouncing. In the end Marta’s bank processed a charge back/refund as our warrior Marta does not take things lying down.
By the way it is not the banks being super generous refunding you when they alert you to fradulent activity – the money is taken back out of business’ merchant bank account along with a hefty admin fee. The eretailer loses the stock and the postage costs incurred, the money they were paid and gets in effect a fine too up to 6 months from the date of the sale.
It’s also very much in the interest of eretailers to prevent fraud. There is also wholesale fraud. We have lost count of the emails we get from people in Africa who clearly spent no time looking at our site, claiming they have shops asking us to send them a product catalogue and asking if we take credit card payments (because they are sitting on a load of stolen credit card details they want to use no doubt).
Back on the subject of Amazon Marta says: “I know there is a big hoo haa about Amazon not paying tax in the UK (come on government – legislate that .co.uk sales pay UK tax) but as someone who is into recycling and minimising the cutting down of trees, I love buying used books where available instead of new ones plus I choose the ones sold by charities perhaps for a few quid more, so I can support them by doing so. We don’t sell our belts on Amazon partly because of that issue. If the UK government didn’t fund the ‘lazy bones’ of the EU masses I’d probably have more wrath toward Amazon’s tax avoidance.”
Interestingly other people had used Amazon feedback to question authenticity too of what was being sold by the beauty product’s seller but Marta’s email to Amazon complaining did not get a satisfactory response or action. So the message is you can’t trust an Amazon seller just because you trust Amazon (what’s that song about only being in it for the money?) and ebay sellers are not that well trusted anyway.
We have been burnt with that too with an ebay business to business supplier selling under two ebay hats who never delivered the goods and stopped answering emails, but after the claim process at least we got our money back. Trust is the reason many of our own customers tell us they would never entertain shopping on ebay but Marta does quite often as some items are really difficult to find such as 2nd hand real pine 4 x 3 foot kitchen table.
For retailers it can be incredibly hard, if not impossible, to have their website come up amongst all the competition in Google search results in the first few pages and for many, ebay accounts for the vast majority of their sales from what I gleaned looking at small business forums when we first started OnceUponaBelt.com. Many web users now use ebay instead of Google. So what I am saying here is if you cannot find what you want don’t rule out ebay as a shopping destination. There are some great ebay sellers offering superb products and a superb service.
We have our regular UK packaging suppliers on there too giving us the best deals as otherwise a single box can cost as much as the postage. It is fair to say in general you go to ebay for price and not to source the best quality product and other etailers concur that it’s to flog stuff to people only driven by a bargain. Have to say I personally don’t enjoy using ebay at all. It’s a messy user experience;
5b) Second pet hate is the overwhelming amount of websites happily selling you stuff that may not exist and from a company that may not exist either like the pop up websites that appear prior to Christmas who will never give you anything but woes. Fortunately it normally takes a good few months of being in existence for Google to take you seriously in its search results so it is harder for these fly-by-nights to be found.
There is a shocking amount of products sold that are out of stock and not just from the many websites who are drop shipping (especially big items like furniture – we at www.onceuponabelt.com do not drop ship because we are control freaks and only wish we had more power over Royal Mail to have full influence to make the customer experience as wonderful as possible) where they take the order and someone else has it in stock and has to despatch it on their behalf.
More often than not only when you chase 1-2 weeks later or they make you wait out the lost parcel time of a month (happened to Marta last month with a book she bought from the USA via an Amazon seller) you find out they never had it in the first place. So frustrating when you could have bought it elsewhere or if you needed it for a certain date. Best thing to do is call and verify that the item is in fact in stock and when exactly you could expect it to arrive on your doorstep.
Very very occasionally we have a stock error or may notice a fault on the belt when packing but we advise the customer quickly as we are fast to dispatch (same day if ordered by 4pm) so find out quickly and believe in good communication so will phone the customer up to let them know there is a hitch which is the only reason we ask for a telephone number (well unless the rare case where we need to do a fraud check). If we can do it, why can’t other companies especially when they are larger and well staffed.
The eretailers giving a poor service make us ever so cross because it puts people off online shopping in general when there are so many brilliant small companies and big companies doing a stirling job working really hard to ensure customers are completely happy. We say to those ‘have-a-go-eretailers’ if you are not going to do it well, don’t do it all!
6) When signing up for accounts online your biggest help in protecting yourself will be lying about your data if forced to give it. Give as little as possible. Never never never never never give your real date of birth even if it breaches their Terms and Conditions. Amazingy Marta managed to open a credit account with a famous UK store with the wrong date of birth last week as she didn’t want the credit account – just to make a purchase, so perhaps DoB is not so important unless her data all ties up because she lies too consistently about it!
Some never have anything with their DoB or address in their wallet to protect against fraud should it be stolen. Marta for instance but then she is a worrier and has been pick pocketed thrice before and had someone steal her post when living in flats who proceeded to make a false benefits claim pretending to be her. Instead of having her details in the wallet or on her keys, she has her policy number and Card Protection Plan’s telephone number in case of being found.
Don’t give a telephone number unless a) it’s your mobile for regaining access to your account and they will send a code by text to you (and remember to take your mobile on holiday abroad with you and be sure it will work abroad on your service) or b) you are making an order online as this will be best way to contact you if there is a problem with your order and that number is also used in fraud checks to match what is normally given as the telephone number with that payment card which is data held by SagePay.
It is SagePay we use who pick up dodgy stuff to feed back to us as part for the fraud risk assessment for every order made. Big Brother is watching your spending patterns. When we clearly see a fraudster trying to abuse someone’s data we contact the Police with the details in the hope they can contact that person and let them know. We are now wondering if it is the likes of SagePay who alert your bank to alert you when funny stuff happens. Another reason to give your telephone number is if the eretailer may need to contact you should it be flagged as a potential fraud. Don’t take this unkindly as all these steps also protect your card from being used by a fraudster.
US Corporate cards seem to be the worst for getting abused. There was a man in London who twice tried to buy from us and on his address record giving a whopping high fraud score, it showed that over 300 different cards had been tried in the last six months. Seriously – you would think the Police would be on it like a car bonnet but they are overstretched and under-resourced apparently. Marta even threatened to make a citizen’s arrest to try to get them to take action. Only then they took down the details probably just to get the loon off the phone.
She gets flustered on this subject as she knew exactly who copied her card details in the petrol station (he said there was a problem with the payment going through and took the card out the back saying he’d try that machine – yeah should have known to shout stop and subsequently learnt it happens a lot in petrol stations where the CCTV is recording your pin number entry) and then someone was taking out money in Thailand on it that night but nothing happened and the guy who did it was still working there instead of being banged up in jail which she would have liked much more as an outcome. So the message here is protect yourself as far too little is happening to apprehend the upstarts who perpetrate these crimes.
7) Use different security questions and passwords on different sites and lie about the security answers as can be easily possible via social media or LinkedIn to work out what school you went to, name of pet etc. Don’t voluntarily put information on facebook you would not want sold to a fraudster if it got stolen and regularly go through settings to keep things as private as possible only visible to real friends that you trust.
Minimise your LinkedIn public profile to key points/skills/experience without dates if you are looking to be head hunted. When helping large companies recuit their head of ecommerce or eteams Marta used facebook to see if they were palatable human beings or ones with an understanding of privacy online plus LinkedIn to see where they had perhaps lied on their CV.
The funniest social media mishap we observed was by someone who was an “internet professional” who had linked LinkedIn to their Twitter account which was posting their tweets as the status post on LinkedIn. Somewhere along the line they had not made the connection so if you looked at their LinkedIn page you also saw all the vitriol about hating their current employer, boss etc which is never going to make you an attractive candidate. No wonder they were struggling to find a new job. We duely informed them.
8) A good complex password is not a known name, place or word found in a dictionary. One way to do it is find a catchphrase you like or you use with a close friend like ‘The Sun Will Shine Tomorrow’. Choose something that people don’t generally know you for i.e. one more personal to you. Turn ‘The Sun Will Shine Tomorrow’ for instance into TSWST. Then swap a letter for a number so t5wst (not all passwords need to be case sensitive but sometimes it helps so you could use t5Wst) and then add a set of numbers you will remember for some reason that are not sequential e.g. 5678 or well known or easily linked to you and your closest ones. Could be the date of your first kiss with your spouse or partial DoB of your favourite cousin, whatever. So we could get to t5Wst0578. Some people then add the name of the website to the end to make it unique for that site so t5Wstebay0578 or for us t5Wstouab0578.
Every so often change your passwords. You could use a really easy password with your numbers for all accounts where no important data is stored so you don’t need to keep changing those unless you run into a problem.
Remember that on many sites giving data is optional so don’t give details when you don’t have to – who cares if the website doesn’t send you a birthday email or doesn’t have exact details for their marketing analysis – you can pick a similar year for your date of birth. Far more important to protect yourself because if worse than being hacked you become a victim of identity theft it will be very painful and could take years to sort out.
Companies should also only ask for data they will actually use or is really necessary but some are crazy about collecting everything they can about you. We wanted to know the demographic profile of our customers in terms of age so we used to ask for an optional bit of data which was to give the decade they were born in. Once we had what we felt was enough answers we analysed it and removed that question.
10) If a company (bank even) to set up your security asks too many questions or worse asks you to write to them with what your password is to be or to tell them over the phone – don’t use them or if you have to, make sure it is completely unique to them.
It’s worth having a few email accounts (email addresses) you use for different purposes. One for communicating with friends, one for business unless you have one from your employer, one for social media like facebook, forums etc. and one for online shopping. The last two, if compromised then are not a big issue as you just get another email address. Even businesses should have a throwaway spam email for business purchases.
We have seen a handful of our customers with their own domain name, create email addresses for each site they use and that way if weird stuff happens they will be able to identify there the security breach came from. Say you had a domain name of wishywashyhouse.com you might create an email address to use on our site of ‘firstname.lastname@example.org’. Personally we buy far too much from too many different places to bother with this.
You may need a crib sheet (mine is 4 pages long what with running ebusinesses and being very active online personally and a keen online shopper) to help you remember what password is used where by coding clues i.e. if you use Kazakst4n as part of your password you might note that as ‘place’. It is not safe to keep this crib sheet stored in your email. If you have it on your computer to edit it and then print out and even if you don’t make sure you need a password to use your computer/laptop/phone etc in case they are stolen and make it a really difficuly one to crack.
The more important it is the more unique your password should be.
11) When you receive emails or see weird stuff online best bet is to be a pessimist and assume funny business is going. The foreign family scams of help me get my millions released or you have won in our lottery you never entered or from a Russian lady offering you love having seen ‘your profile and not quite ready for a relationship’ are clearly obvious dross but some are harder to spot. It seriously worries us that enough people fall for the aforementioned ones that it is worth the scammers wasting their time sending out this garbage. It’s what we call a ‘stupidity tax’. You simply cannot believe everything you read. Even if it is online – best could be out of date and worst made up like much ‘gossip news’ in trashy mags and tabloids.
Then there are more cunning scams that pretend to be your bank – often a bank you have never banked with in your life but sometimes get it right which can be worrying for you as you question whether it is really your bank or a scam.
If you are a facebook user and suddenly the most unlikely person has shared a saucy photo with a tabloid type headline keep away! There was one going around with a photo of Kate and Wills like this titled ‘The honeymoon photos they did not want you to see’. Then it was a sexy teenager who had done something amazingly shocking. DO NOT CLICK!
Only ever open attachments when you know what they are and better still were expecting them. There are some emails which say a parcel destined for you is delayed or you need to pay the fees, which have a file which you definitely don’t want to be clicking. Delete it and forget about it. If in doubt google the keywords from it and ‘scam’ or ‘hoax’ and you should get to a page like this UPS delivery failed hoax malware example.
A lot of facebook stories like warning emails about energy drinks being unsafe that are shared are fictitious too. Some people just get a kick of seeing their made-up dribble propogate around the world so always google to see if it is hoax before sharing unless you know it is true.
What about the so many clicks and you’ll get a free toaster, airplane, whatever – if it sounds too good to be true it probably is just scuttery web poop. Move along. Ignore. Better still go outside into the fresh air and lap up nature’s beauty instead of spending time wondering about virtual conundrums. When it starts raining, come back inside, make yourself a nice drink and buy a belt on our website to go with the latest garment you bought.
Tying in nicely with that thought, definitely don’t repost manipulative facebook content that sends people on a guilt trip e.g. “If I don’t see your name I’ll understand. May I ask my friends wherever you might be, to kindly copy and paste this status for one hour to give a moment of support to …” or emails that ask you to send on to 10 people and something amazing will happen. It doesn’t show you are a good person but that you are easily manipulated and you’ll get your posts filtered out by friends who get quietly fed up with it along with that millionth competition you entered.
If you want to “show your support” get off your computer and buy a homeless person a meal, do an old person’s shopping for them and help your friends whenever you can. If you want to stay online then make a donation to a good cause. Actions speak louder than words, clicks do not really count as meaningful actions and virtual words are pointless echoes too much of the time sadly.
Marta no longer signs all online petitions that strike a chord as has had her data abused that way too. Even the would be good guys can be bad guys. And don’t you hate it when after you give money to a cause they then bombard you with direct mail, emails etc to get more money from you? For us that’s the time we cut all ties with them. And if you are fundraising many of these sites, especially the best known ones, where you create a sponsorhip page take a cut of the money raised but Virgin Giving does not and is truly not for profit so use them or a site like them.
12) Let’s mention telephone scams while we are scaring the b’jesus out of you. It really is worth being aware of these. First if your bank calls you because someone has been using your payment card and they will of course want to “take you through security” asking for all sorts of key data tell them you will call back. This should not be to a telephone number they give you. Use the number you always use for them or the one on your bank statement.
Also look out for the ones where they call and say they can fix your computer (you just happen to be having problems when the call comes) and you have to give them access to it (and all your data) and pay a fee to them for the privilege of exposing yourself.
Telephone sales are annoying anyway but can be littered with untruths and prompts to make you believe you are talking to a trusted company so be careful about what information you give and always best to ring them back if unsure.
We hate where they pretend to be doing you a favour but just want to sell you stuff or they waste 30 minutes of your time before giving you the most ridiculous price. A good response is to say you already have whatever they are trying to sell you and just get off the phone as fast as you cna even if you have to be abrupt. A “Sorry, got one of those. Not interested. Got to dash. Bye.” and put the phone down. At one point so many people knocked on our door at home so regularly to flog us a grant for insulation, that we put up a notice by the door bell informing everyone “Our house is fully insulated, thank you. No need to ask.”
As a business we have noticed that the lying by people that call you up is on the up and quite remarkable from pretending to have your BT bill in front of them promising to beat it (we’re not even with BT), to pretending to add you to a directory just to get your data so that they can sell it on for marketing purposes, to giving the impression it is Orange calling you for your mobile phone contract renewal when they are not Orange at all. It has got to the point that when they mention energy prices we just put the phone down as it’s incessant and can’t be bothered to listen to a pack of lies.
Another local business man made me laugh telling us his staff are instructed to respond the cold callers question of ‘What provider do you use for your telephone service?’ with “Oh we don’t use the telephone here”. If all else fails let’s try to confuse the hell out of them. You may as well amuse yourself while the world gets more tricksy to navigate.
Life was so much simpler when all you had to worry about was rough looking chaps turning up on your doorstep asking for money to tarmac your driveway, clean out your gutters, etc and then disappearing forever.
Mobile phone tip from Marta
Finally here’s a tip re getting your phone back if stolen or lost. It’s lovely to think everyone would hand it in to a police staion but they are worth a lot of money and not everyone is so kind or could be bothered. Let’s be realistic!
I found an iphone in the street and had a job to find the owner. It had a password, quite rightly, so I could not unlock it to get some clues or call someone in their address book. Plugging it into itunes told me the user name only which meant I could ask for this as proof the phone was really theirs as well as what the screen saver image was.
As I had walked to our local shops I had passed a girl chasing a toddler walking with another girl and thought may be when she did that it fell out as was close by that spot. In the local shop I mentioned these girls to the staff and they immediately had a hunch who they were so I left my details. I didn’t leave the iphone because I was not trusting enough that someone would nick it. I wanted to be sure it got to the owner. I later got a call and they came to my house to collect it and I did ask them for some info so I knew it was theirs. Honestly, do I think I am Miss Marple? All ended well.
However it was lucky it was near the local shops and there was that connection made. I considered what would happen if I lost mine. Naturally mine is protected with a different password on the sim and to unlock it. I decided my husband’s mobile was the best one to give as a number to call if found as well as an email address I am not precious about – my spam one I use for all my web shopping etc.
I use a case so this email and mobile is written on a scrap on paper found between the phone and case. My background/screen saver image which you can see without needing to unlock the phone is a photograph of that piece of paper making sure the tel number, email address and key details can be read when you look at the phone in its locked state. I’d have liked to have a photo of my lovely cat but having this gives me the reassurance at least I am making it really easy for someone to reunite me with my phone.
Here – you enjoy the photo instead😉. Ooops – nearly told you the cat’s name then and that would be no good, would it after all we’ve advsised.