At ASOS, we take online safety very seriously. We are aware of fraudsters’ ways of exploiting customers, including scams by email or text message, posing as ASOS on social media or simply trying to guess your password to get into your account.
Here are a few tips to help you stay safe when shopping online.
Having a strong password is one of the easiest ways to protect your online accounts and your data.
Use the recommended three random words method and make it as long as possible. You can add numbers and symbols if you need to. For example, GlitterMagicMountain
Never use personal information that can easily be found on social media, like pet names, family members, favourite sports, your date of birth, anything related to ASOS, etc…
Please remember to use different passwords for different accounts. The password to your ASOS account should be unlike all your other shopping accounts or email accounts.
Too many accounts and too many passwords to remember?
Make managing multiple complex passwords easy with a Password Manager. Some are built into your internet browser (such as Google Chrome, Microsoft Edge or Firefox), and others are a part of the operating system on your smartphone or tablet (such as Apple Key Chain).
Or you can choose to use one of the standalone Password Manager platforms available out there to help you manage multiple accounts.
Phishing is a method used by cyber criminals to trick you into disclosing your personal information by clicking on fake emails or websites so they can steal something from you, like your money, your personal data or your identity. Sometimes, this can also be done by text message (SMS) – this is usually known as ‘smishing’.
These emails (or SMS) look like they come from someone you know (friend, family or a retailer) but they will look suspicious and prompt you to click on links or open attachments.
It might be a scam if…
You are being asked to enter personal information, like your bank details, username or password.
There is a sense of urgency, like a threat or security risk to your account unless you take immediate action.
The message is not addressed in your name and has a generic greeting like ‘Dear customer’.
There are spelling mistakes and the sender’s email address looks suspicious.
To spot a suspicious email address, just hover your cursor over it to check it’s legitimate.
Customer Care (firstname.lastname@example.org) A real email from our Customer Care Team at ASOS
cutomercareassos (s39gjuson39mcoleoj.as0s.dodgy-dodgy.com) Someone pretending to be from ASOS and phishing for your personal data
The golden rule is NEVER click on a suspicious link asking you to log in, change your password or provide any other personal information (even if it appears to be from a legitimate site).
Look out for the padlock
Only shop on secure sites that have a padlock symbol on the left of the URL. Keep an eye out for this icon to ensure the site is safe.
Check privacy settings
Make sure your privacy settings are up to date especially when it comes to social-media accounts. Ensure you are not sharing too much about yourself.
Things that seem too good to be true usually are
Think carefully when you see adverts with incredible deals. Chances are there is no dream holiday to be won if you enter your personal data and password when requested in a dodgy email.
Take control of your information
Use your right to erasure and get companies you no longer use to delete your information.
Double your protection where possible
On sensitive accounts (e.g. your social media accounts, email and financial related) enable 2Factor Authentication, Multi Factor Authentication or One Time Passwords on your accounts. It’s a bit like when you do your online banking and you need to enter a code additionally to your password to prove it is really you accessing your account.
Add a pin code or password
The longer the better, and if you have fingerprint or face recognition, you should use it.
Want to know where your phone is at all times? Switch remote location tracking on so if your device is lost or stolen, it can be tracked or remotely wiped.
Keep it updated
Stay on top of the game and keep your apps and software up to date. Use the ‘automatically update’ option if you have one.
Back it up
What if you lost the thousands of photos of your cat? Remember to back your phone up to the cloud and get extra storage if needed.
Phone apps can do everything these days, but some may not be as safe and secure as others. Before downloading an app, check out its reviews if you don’t think it looks legit.
Turn it off
If your device is stolen when it’s turned off, your data is harder to steal.
Keep it safe
When travelling, keep it zipped and not obvious you are carrying a laptop.
Don’t lose track of your device. Switch remote location tracking on so if your device is lost or stolen it, can be located.
Keep it updated
Stay on top of the game and keep your software and anti-virus up to date. Use the ‘automatically update’ option if you have one.
Always use websites with the secure padlock symbol.
Check your bank statements online often and report any anomalies to your bank.
We’re all about taking risks when it comes to our designs, just not our security. If you’ve noticed something’s up with our tech, let us know. Drop an email to email@example.com with your contact details, including your company name (if you’re not an ASOSer), and details of the vulnerability and what we need to do to reproduce or validate it.
We expect legit security researchers to avoid privacy violations; not destroy or corrupt our precious data; and not interrupt or degrade our awesome service. We only read reports that have been encrypted using our PGP public key too, so make sure you download the ASOS.com PGP Key.