Security 'FAQ' - or: Tips for Secure Online Shopping and Staying Safe Online

These FAQ cover security issues that you may encounter when using the GT Decorations website to purchase artificial silk flower products or even when using other shopping websites that offer online ordering.

Plus, we have selected a few topics that may apply to most users who simply 'browse the web'.

The problems presented and solutions offered will hopefully help you in staying safe. Please bear in mind that as technology moves to new levels, other difficulties may arise that have not been covered here.
One of the most important things is: stay alert and use common sense.

Problems:

Answers/Solutions/Explanations:

Secure site, SSL, https, encryption and what-not: What does it mean, how do I know it's there?

Lets start backwards:
Encryption obviously means that information is encoded using a particular formula (or algorithm) and must be decoded by the recipient before it can be read.
HTTP (without the s) is the protocol which is used by computers to communicate and exchange website information.
HTTPS is the version of this protocol that uses a secure channel (hence the s). Secure in this case means that the information is encrypted.
SSL stands for Secure Socket Layer and is the current de facto standard for performing the encryption. You will often see companies praising themselves for using 128, 256 or higher bit SSL. In general, the higher the number, the stronger the encryption, and the harder for a malicious person to decode the information.
A secure site is one that makes use of the mentioned (or equivalent similar) technologies to provide an encrypted link when highly sensitive information, such as credit card details, need to be transferred between you as the user and the website you are using.

You can tell that a secure link is being used by looking for at least 2 signs:

  • The address (or URL) in the address field of your web browser starts with https://. This indicates that the secure version of HTTP is being used and is probably the most reliable indicator for a secure connection.
  • A little closed yellow or golden padlock in the bottom right corner. Many companies invite to look for the padlock, however there are fraudulent sites that display a padlock nearby even though no security is employed and this can be confusing. Thus it is better to also look for the 'https' in the website address.
  • Some browsers issue a warning when the connection is switched to secure or vice versa. Others can be configured to do so. In this case a dialog window will open prompting you to continue or cancel.
  • Some newer browsers (such as Internet Explorer 7 or Mozilla Firefox) additionally change the appearance of the address bar when the site is verified as being secure.
Is the GT Decorations website secure?
GT Decorations use PayPal to secure sensitive information such as your credit card details. PayPal use 128bit or higher SSL encryption to keep this information safe. Should we change payment providers in the future, we will of course take the necessary steps to make sure that they take security similarly seriously, or to implement our own security solution at the highest possible standard.
SPAM, Junk mail, 'phishing', filtering and how to tell them apart.

Email is now the cheapest advertising medium on earth as there are no costs involved other than an Internet connection.I 'Spam' of course refers to unsolicited commercial email, which is often sent to hundreds of thousands of recipients in one go. Thus it is often also referred to as 'bulk' mail or 'junk' mail (since most people will delete it straight away).

Spam can be extremely annoying and reduce productivity in the workplace. Spam filters are often used to catch the most obviously 'junky' messages including common adverts for dodgy medications, body enhancements and stocks.

One of the more recent developments is that of 'phishing'. This refers to certain individuals sending emails that seem to be from companies such as eBay, PayPal or financial institutions that usually claim there was a technical fault and that the user is required to verify his details or his account may be removed. A prominent link leads to a fake website that looks like its real counterpart. Entering details results in an error message such as 'try again later', but in fact the submission has already been saved somewhere.

If you are inundated with emails asking for personal details, please use common sense! Banks for example love their customers for the interest they pay on their loans and mortgages and often make a nice profit from it (more than £100 per customer according to The Independent).

In fact, banks don't send emails, especially not if you are not actually a customer. The reason is that they have no reason to do so, in addition to not wanting to increase the risk posed to customers by confusing them.
If you use PayPal (who may occasionally send an email), you can log in to your PayPal account, click on 'profile' and find the settings for 'updates and information' by email. You can turn off unwanted newsletters Unless you make or receive a payment.

Similarly, if you receive threatening eBay emails, check first whether this is really from someone you dealt with at all. And regarding 'account suspensions', eBay always allow you a chance to prove yourself 'innocent' before taking drastic measures.

Hint: Why not open a separate email account with a provider such as Hotmail or Yahoo?
Use this account whenever you sign up to freebies and other unknown sites on the Internet. Most sites will allow you to change your registered email address in the future, so using a different account at first gives you the ability to catch out companies that pass your email to others or sell them to spammers.
As for legitimate companies you can change the address used to your 'real' one once you have verified their intentions.

Hint: Whenever you are given the choice, opt to receive 'plain text' emails. Links cannot be disguised in plain text emails so that spammers are forced to use the HTML format if they want to trick you into clicking a link. Choosing to receive plain text emails foils this in 9 out of 10 cases including eBay and PayPal.

Prevent getting swamped with 'Junk'

There are a few unwritten, yet effective rules for dealing with SPAM:

  • Keep your spam filter up to date if you use one. If your anti-spam software is capable of 'learning', be active in telling it what is spam and what isn't. Over time this will allow it to become more effective at dealing with the masses of incoming rubbish.
  • Do not click on any links in the message and do not reply (even for swearing at him/her). This could tell the sender that your email address works and he may end up sending you more. Sometimes the sender even puts a different email address which is not really his, so your efforts might be received by the wrong person.
  • If you can, disable message previews in programs such as Microsoft Outlook or Mozilla Thunderbird. Many messages can be identified as junk only by looking at the subject line. Preview opens the message, which potentially can already notify the sender in some way that your email address is 'live'.
    Many free services such as Hotmail already use a filter to block images and other content. This can protect against images that are actually 'tracking links' which can notify the sender in a similar way.
Clicking on links in 'phishing' mails and keeping your passwords secure.

Remember phishing emails and phishing websites? How can you be sure that an email is genuine or a spoof? Many companies now offer dedicated email 'help lines' that will give you exactly that answer. To name two: spoof@ebay.co.uk and spoof@paypal.co.uk
You can also use the equivalent with a .com ending instead of .co.uk. For other companies you may need to investigate their website to find out, however it can be worth a try to simply use spoof@companies-web-address.whatever
If you receive a dubious email, simply hit the 'forward' button and send the email exactly as it is to the spoof address and you will receive a response within a few hours to confirm whether the email was really sent by that company.

But what if you already clicked? If it is a phishing website, then so far nothing has happened. You may have come a step closer to fulfilling the phisher's intent, but it is not too late yet.
Check the website address or URL carefully!
The address, like with a secure connection, is an instant give-away. The URL may start with www.paypal.com, but if in its entirety it spells www.paypal.com.fake.i.am.just.trying.to.get.your.password.com, then caution is required. Even if you think it's just a quirk, close the window, send the email to the relevant company and let them check. There is nothing to lose if you do not update your banking information to avoid account closure, but there could be hell to pay when somebody manages to get your login credentials for the bank account management system!

Spyware: Become a master in anti-espionage!

A spyware infested machine is one of the worst things a home user might imagine. The thing is slow, crawls, crashes multiple times per hour and in general does not seem very healthy. Buy a new one?

Maybe; as in life sometimes it can be too late to cure a disease, but many can be prevented by being alert. In the case of spyware, small changes in the browsing behaviour of the average Internet user, but also their household members including children, can have a huge effect on the risk of getting 'infected'. It is important that both parents and children as computer and Internet users are aware of the limitations and dangers of the technology.

Some websites, especially those offering free downloads of some kind, prompt users to install a little gadget to 'enable' the download. Our general advice is to stay quite clear from these sites. Installing any kind of software locally allows the company (or in some cases criminal posing as such) to run anything they like on your computer, disguised as the utility described on the respective website. In many cases such programs are used to track your browsing history (to harvest information) and use your Internet connection to 'phone home' - Alien software that should be removed rather than saved.

As previously mentioned, prevention is the best choice: A website that tries to automatically install something should be closed as soon as a conceivable opportunity arises. Do not panic and click buttons randomly, but carefully read any messages presented and act with full understanding as reversed wording or misleading text on buttons could be part of the trickery.

If in serious doubt and you have no means of deciding, try using the task manager to 'kill' the program. In the Microsoft Windows XP operating system, the task manager is activated by holding the 'Ctrl' and 'Shift' keys on the keyboard, then briefly pressing the 'ESC' key once while still holding the other two keys down. It will present a list of running programs on which you can click and end them using the 'end task' button.

If you have children that use the Internet, consider purchasing monitoring/filtering software, or a program that allows usage time limits to be set. You might also try to explore the Internet together, not only can this be quality time spent together, but can also improve learning for everybody involved.

Cookies: The myth and the truth

Cookies are small pieces of text that a website can use to store small amounts of information on your computer. Since only text is involved, this is relatively harmless. Some sites do however employ cookies to record browsing behaviour and being able to identify the same user.

Indeed, cookies have a notorious reputation for being used with malicious intent. It used to be common practise to disable cookies as a 'security' measure. What many people forgot is that cookies can also be used to legitimately store information that needs to be kept throughout your entire visit rather than just a single page click.
This includes for instance shopping cart contents (including those on the GT Decorations website). These are normally stored in what is called a 'session cookie' which are deleted as soon as you close your browser. The main benefit is that information can thus be kept transparently. It would otherwise need to form part of the address which would become very long indeed.
Another type of cookies is termed a 'persistent cookie'. These are not deleted when the browser is closed, but have a validity date. The validity can range from seconds to minutes, days or even years depending on its purpose.
GT Decorations use persistent cookies to store your cart contents even beyond your single visit.
As a complete example: if you add an artificial flower arrangement to your cart, this selection is remembered using a session cookie. When you go back and add further arrangements or other products, all cart contents are remembered in this session cookie and remain there unless the session expires or you close your browser.
Sessions time out after 20-30 minutes. To avoid you losing your shopping cart contents after this time, a persistent cookie is also saved which expires 48 hours after you close the site. This means you can contact us about other items and return to our site to continue as if nothing had happened. On the other hand if you do not return for a while, the cookie will also simply be deleted.

In summary: Cookies are not necessarily bad, however deleting them will usually not cause any problems. Disabling cookies altogether is not recommended as it can (and will) seriously affect the functionality of a majority of websites.

Buying online from an Internet cafe or other establishment with shared computers.
Cookies that stay behind and things like automatically saved passwords can be a bane when you access the Internet from a shared computer. Especially in Internet cafes it is possible that the next person can find out what sites you visited. With sufficient knowledge, even the odd password might be retrievable if it was saved accidentally.
Just before your allotted time runs out, use the browser settings dialog to clear all sensitive information, including temporary files (cache), browsing history, cookies, form details and passwords. Again, this is mostly common sense, but sometimes forgotten. And don't think that only criminals cover their tracks, in this case they are the ones looking for them!
Buying by Email
Some companies may offer purchasing by email or may ask you to send credit card details by email.
Unless they send an email which contains a special link or button to take you to a secure (see above) checkout page where you can complete the purchase, sending confidential information by email is not recommendable and should be avoided if at all possible.
As we have seen with SPAM (not the canned stuff), email addresses are easily faked and we must therefore think that emails can also be intercepted.
Learning from mistakes
If you have ever been a victim of fraud or had something bad happen to you on the Internet, don't let it scare you. There are many others out there in a similar situation. Instead, try to find out how and why it happened and learn from the event and finally gain the confidence to teach others how to avoid a similar situation.
What if I have another, unanswered questions?
Please try our other FAQs, but if you cannot find an answer anywhere, please contact us.

More in FAQ:

Back to:

Stay Safe!