Anyone buying Christmas gifts warned to follow eight steps before they click buy

As Christmas approaches, people doing online shopping have been advised to exercise caution before clicking the 'buy' button. With December 25 just around the corner, cyber security experts emphasise the importance of this precautionary measure whether you are buying stocking fillers, a large gift, or even a festive feast.

The UK Government organisation, NCSC, the National Cyber Security Centre, has provided detailed guidance on their website, highlighting that while most people are aware of the need to use legitimate websites and read reviews, there's an often overlooked step. The saying 'if it's too good to be true, then it probably is' holds particularly strength during this festive season when purchases are rife. It noted: "You might receive suspicious emails or texts (known as phishing messages) that contain links to fake shops, with promotions that seem too good to be true.

"These days it's easy for a criminal to duplicate the design of a legitimate website, which will often include logos, trademarks, and products copied from a genuine store."

With this in mind, if you're uncertain about a link, it's recommended to type the official website address of the organisation (if known) directly into your browser's address bar. Shoppers are also encouraged to search for the organisation and then take time to read the entries on the results page - "don't just click the top item", it warned.

Even when using a legitimate website and having conducted all necessary checks, it's still advisable to have a backup plan in case things go wrong, such as the company taking your money but failing to fulfil your order or going bust. You can use a credit card to pay as many of them protect online purchases as part of the Consumer Credit Act. The security experts have noted that this option is best if you can put money on you credit card, as "debit card payments offer less protection".

You may be able to make a claim for a refund under a voluntary scheme called 'chargeback'. If you use payment services such as PayPal, Apple Pay or Google Pay, check their terms and conditions to see what cover they provide. Just make sure that you "never pay by direct bank transfer", it warns.

Bear in mind, if you're setting up an account to make a purchase, try to use a unique password. Using the same password across multiple sites, particularly when paired with the same email or username, increases the risk of being scammed or having your details stolen - from your address to your card information, all of which could be used to steal your identity and money.

Adding to this, the experts noted: "You should also turn on 2-step verification (2SV) for all your important online accounts. This can stop hackers from accessing your accounts - even if they know your password - by asking you to confirm your identity using a second method, for example by sending a confirmation code to your phone. Note that 2SV is sometimes called 'two-factor authentication' (or 2FA)."

If a text message, email, website or social media post doesn't feel right, follow the NCSC guidance on dealing with suspicious emails and text messages. It is as follow:

• If you have received an email which you're not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk
• If you've received a suspicious text message, forward it to 7726. It won't cost you anything, and allows your provider to investigate the text and take action (if found to be a scam).
• If you have visited a website you think is trying to scam you, report it to the NCSC.
• If you come across an advert online that you think might be a scam, report it via the Advertising Standards Authority (ASA) website. This allows ASA to provide online service providers with the details they need to (if appropriate) remove these from websites.

Your mental checklist - bookmark this page or take a screenshot to remember it

Make sure the website is legit

Read the domain and ensure you are not on a scam website which is made to look like the real deal

Read reviews first - good and bad, if any

If a price seems too good to be true, have a look around and see why this is - is it fake or just a good deal?

Try and use your credit card to pay or pay through PayPal, Apple Pay, or Google Pay - ensure they payment method you're using has cover via their terms and conditions

You may want to purchase as a Guest rather than sign up for an account

If you are signing up for an account, use a unique password

Use 'two-factor authentication' - you may see this be called 2FA or 2SV which stands for 2-step verification

Report it to the right people if you have been scammed or think you have - don't wait - do it asap

Do this if you think you're a victim

If you were misled into making a payment, contact your bank immediately and report the incident as a crime. You can either report it to Action Fraud if you're in England, Wales, or Northern Ireland or to Police Scotland if you're in Scotland.

If you suspect that someone else has used your credit or debit card without your permission, inform your bank right away so they can take action to prevent further use. Always use the official website or phone number to get in touch with them.

If you didn't receive an item you paid for, or it arrived but wasn't as described, you may be entitled to a refund. Citizens Advice offers helpful guidance on how to get your money, particularly if you paid by credit card, debit card, or PayPal.