When staying safe online, it’s important not to go “out of bounds” for communication. Simply put, going out of bounds could mean a recipe for how your users could fall victim to a phishing attack. For example, if you or your users are buying something on eBay, stick to eBay for bidding, negotiating, and payment.
Because it's Cybersecurity Awareness Month, I wanted to also share a quick video explaining why it's so important to stay in bounds and what can happen if you don't:
Criminals and scammers want nothing more than to take communications with your users out of bounds. The reason for this is because going out of bounds strips away any protection the platform is offering.
Let’s look at our eBay example. eBay holds a lot of personal information such as your name, address, phone number, email address, your browsing history -- and through PayPal, it also has bank account information.
However, all of that information is shielded from other parties, and only the relevant information is revealed to them when it is necessary. Even then, certain information such as bank account or credit card number will always remain confidential.
If the other party reneges on a deal, or sends the wrong goods, or there is any other form of dispute, then eBay offers a certain amount of protection and can help refund or block any further communications.
Consider this when compared to going out of bounds when the bad guys attempt to communicate with your users. All the protections have been removed, so not only does the other party need access to your user’s details to proceed with any transaction, they can send malicious links through other channels, resulting in your users to be phished. And if there is a dispute, there is no arbitration available.
It can be tempting to go out of bounds, after all, sometimes the platform takes a commission from each sale, and you may want to avoid that. But is saving a few pence really worth potentially losing a lot more to a fraudulent transaction?
But this isn’t just restricted to commercial transactions. We see this kind of activity occur in the corporate world all the time. Sometimes it’s just a colleague asking for a favour and asking for something to be done without going through the trouble of raising a ticket with IT. While this can be an innocent request, if it is a criminal, then there is no audit of where the request originated from, and why it occurred.
Processes and official communication channels are often put in place for a reason, and staying within the confines of those channels offers protection for all parties involved.
Therefore, at all times, it’s important for your users to stay within the bounds and don’t use unauthorized channels, regardless of whether that’s to buy or sell something online or to interact with your colleagues in the office.