Skip to content

Ethical hacker's advice on avoiding online scams


Student sat down at desk in front of a laptop and a computer at a desk


The following opinion piece was first published in The Yorkshire Post on Thursday December 14.

Nikhil Rane is studying MSc in Cyber Security at the University of Bradford and also works as a ‘Bug Bounty Hunter’ - his work has even earned him a place n the Indian Guinness Book of Records. Here, he explains why we should all be extra wary while shopping online this Christmas.

Cyber-attacks are very common these days, the number of such online attacks is increasing day by day. Nobody is safe.

Everything is connected to the internet these days. Our phones and laptops are connected to the internet, so we all should have a basic awareness of how things work with the internet.

It is more important to have cyber awareness and educate yourself. This helps us to develop the layer of protection and protect us from an attack that can be executed by the malicious hackers.

Student wearing a medal holds a box featuring a certificate

My work as a bug bounty hunter, also known as an ethical hacker who look to outsmart the malicious hackers, means I am always on the lookout for a breakdown in the security of websites. I can tell the signs that people, or organisations, need to look out for that may make them prone to such attacks.

We all should be alert, or else we all can be victim to a hacker’s trap.

People should be even more wary of such targets at this time of year as they use their mobile phone and other electronic devices to fill up their online baskets with gifts for loved ones ahead of Christmas. Someone’s credit or debit card details become a tempting treat for hackers.

Let’s take the right security steps as individuals so we do what we can to make sure that we don’t fall into the honeytrap. Security mechanisms should be enabled in the browser and paid anti-virus software should always be installed in your laptop.

Christmas time is like a honey pot for a cyber attacker. It becomes easier for them to carry out attacks because there is more traffic online. There are more attacks around at this time of year.

People shopping on websites should look for genuine companies with good reputations.

I would recommend that people buy goods online from reputed brands, those names that are known and trusted.

People need to be self-aware of what to share and what not to share and of the situation when they are online, even if they are not from a technical background.

Be wary of clicking on malicious links, which may have free offers or money off goods if you go through to the websites, as people might then fall for the trap. Always cross-reference a website before you visit it. This will provide you with extra security and confidence before you use a website.

This means that customers should do their own research on the companies that they are buying from beforehand. For example, look for the review and rating of the company as well as look for the news if there is any cyber incident taken place with the company recently.

Be cautious about sharing your data. It’s really scary when normal people become victim to cyber-attacks.

Christmas time is like a honey pot for a cyber attacker. It becomes easier for them to carry out attacks because there is more traffic online.

This next piece of advice may not be anything new, but it is something that we all need to do – we should not have online passwords which are easy to crack or guess for hackers.

We are asked to come up with different passwords for different websites so that we are not vulnerable for using exactly the same password for each website. Using the same password for different website may save us time, but it may instead make us more vulnerable and appealing to malicious hackers. What we should be doing is to create password using uppercase, lowercase, numbers, and special characters.

The more complex password is, the harder it is for hackers to crack them.

It’s very concerning and alarming that companies share data. It makes cyber-attacks more prone for personal users.

It is not just online shoppers for Christmas gifts that need to be wary, huge organisations can also fall victim to such attacks.

One example of a cyber-attack was the British Museum’s HR department in October 2023.

The Rhysida hacker group has given the time to fulfil the demand or else the data will be leaked, which is an alarm for the companies and organisations to make the cyber defence strong. Even the company’s primary goal is to grow commercially they should equally give importance to the Confidentiality, Integrity, and Availability (CIA) of the data.

To maintain the CIA there should be regular Penetration Testing taken place to maintain the security of the website, security awareness training should be given to the employee, as well as framework should be integrated.

As the target was the British Museum’s HR department, the data compromised will be mostly financial and personal identification information of the employees. As a supportive measure for the employee, they can restrict the online bank transfer amount just to help alleviate any safety concerns.

As the security measure has been taken for the compromised system, there shall be some measures taken by the employees and users. These shall include not clicking on unwanted links or message send by the unknown numbers.

So, the next time you go online to do a quick bit of retail therapy, or Christmas shopping for others, just think – is my password secure and if not, change it immediately to try and stay safe this Christmas.