Author: Robert Broxup

The minefield of buying and selling online

Robert Broxup

Online marketplaces have transformed over the past decade. While it’s never been easier to buy or sell, it’s also never been riskier. Artificial intelligence, mobile-first commerce, and peer-to-peer platforms have created new opportunities and new threats. Whether you’re an occasional user or an online trader, staying safe in 2025 means understanding modern risks and adopting secure behaviours. This article highlights some of the essential areas for both buyers and sellers. I also refer to some older security awareness articles that are still relevant today.

How online threats have evolved

Online scams have evolved far beyond basic phishing and fake listings. Fraudsters now use AI-generated content to impersonate people, automate conversations, and create fake websites that closely mimic trusted brands. At the same time, there are many new entries to the market. Amazon and eBay were the pioneers, but they no longer dominate the marketplace.

  • Threat actors use AI to create convincing fake profiles, listings, and customer service chats. It is harder to spot fakes because tell-tale signs such as poor spelling and grammar are becoming a thing of the past.
  • Traditional auction sites are now part of a much larger, more fragmented ecosystem.
  • Email protection and spam filtering have evolved, but so have fraudsters with more convincing emails, social media profiles, text messages, instant messaging, and in-app messages.
  • Scammers now behave like real users, mimicking platform language, branding, and interfaces with ease, making scams harder to spot than ever.
  • The Website Credibility Test (5th March 2018) – Not all websites deserve your trust, even if they look professional. This article explores how poor design choices, such as fake search boxes (containing links), pop-ups, and sneaky opt-out purchases, often indicate dishonest business practices. It reminds readers that site behaviour directly reflects the people behind it, and you may be unable to trust it with your payment information.

Staying safe as a buyer

Buyers today must navigate deals across dozens of platforms, some offering little or no protection. Many scams involve off-platform communication or payment, which can void any dispute rights. Even when a transaction appears secure, scammers may attempt to use urgency or fear to push buyers into quick, irreversible decisions.

  • Stick to platforms with formal buyer protection and avoid off-platform transactions.
  • Use credit cards where possible, as they offer the strongest consumer protection.
  • Enable Multi-Factor Authentication (MFA) on shopping and payment accounts.
  • Be cautious with deals that seem urgent, emotional, or unusually cheap.
  • Always double-check the seller ratings, the age of the account, and listing consistency.
  • Confirm shipping costs and return policies before you buy. Consider the item’s location carefully as returning a low-cost item from overseas may cost more than the item itself.
  • Deviation from the Norm (29th June 2019) – Scammers don’t always ask for your money directly. They often ask you to behave in ways that feel unusual. This article highlights how fraudsters push victims into unorthodox payment methods like cash or bank transfers, offering excuses that sound urgent, emotional, or even official. Deviating from established norms, like not using a credit card, removes your safety net. The key message is simple: if the process feels off, it probably is.

Protecting yourself as a seller

Sellers face increasing pressure to provide a fast, friendly, and reliable service but also face rising risks from fraudulent buyers and chargebacks. Verifying payment, understanding platform rules, and setting boundaries are key to staying protected.

  • Never dispatch items until you’ve confirmed cleared payment.
  • Avoid off-platform messages that could void your ability to raise a dispute.
  • Watch for overpayment scams and never refund a mistake before verifying the original payment in cleared funds.
  • Understand how your platform handles refunds, chargebacks, and seller disputes.
  • If in doubt, cancel the sale and report the user.
  • Document what is available for the transactions, such as photographs, messages, proof of postage, and receipts.
  • Unsafe financial transactions (16th July 2019) – Despite years of warnings, unsafe transactions are still commonplace. This article explains why bank transfers, upfront fees, and cheques expose buyers and sellers to avoidable risk. It also describes how fraudsters manipulate trust by creating fake emergencies, fake job offers, and fake loans to trigger emotional decisions. Recovery is difficult or impossible once money is sent, especially outside of regulated systems.
  • Reducing fraud with virtual cards (6th March 2022) – Virtual cards act like a firewall between your real bank details and the internet. This article introduces how they work, why they matter, and where they’re most effective, especially against subscription traps, stealth auto-renewals, and websites that refuse to remove your card details. By generating a disposable card number for each transaction, you can cancel future payments instantly without exposing your real account details. It’s an innovative process in today’s risk-heavy digital economy.

Trust and transparency

Trust still matters, but it is getting harder to gauge. Reviews, profiles, and trust signals are now easily faked. Scammers often impersonate legitimate businesses or flood their accounts with fake reviews to seem credible.

  • Look for account age, detailed feedback, and a history of similar transactions.
  • Check for signs of review manipulation, such as the same comments across multiple sellers, and be suspicious of vague or overly glowing feedback.
  • Use official company registers to validate business identities.
  • Providing visible contact details and policies demonstrates transparency and builds trust.

Modern Security Hygiene

Cyber hygiene has become a baseline expectation for all users. Relying solely on strong passwords isn’t enough. Buyers and sellers must adopt multi-layered security measures to protect their money and personal information.

  • Use a password manager to create and store strong, unique passwords. Don’t reuse passwords across multiple sites.
  • Enable Multi-Factor Authentication (MFA) on every account that supports it.
  • Avoid clicking on links in unsolicited emails or instant messages and go directly to the platform.
  • Keep mobile apps updated and install only from trusted sources.
  • Log out of platforms after transactions. Don’t rely on closing the browser tab.
  • Time for some digital housekeeping (25th February 2024) – The sheer number of online accounts we create has grown beyond what most people can realistically manage. This article looks at the long-term risks of account proliferation, from weak password habits to privacy exposure and an ever-expanding attack surface. It also critiques common website behaviours like blocking password managers (preventing the cut and paste of complex passwords) and unnecessarily requiring logins. With practical advice on using password vaults, enabling MFA, and deleting old accounts, it serves as a modern guide to cleaning up your digital footprint and regaining control.
  • More on passwords (21st January 2019) – This article revisits the basics of password security and why those basics still matter. It covers weak PINs, social media oversharing, and the risk of password reuse across multiple sites. It also touches on modern hacking tools that guess passwords based on personal information. Strong, unique credentials remain part of a solid defence.

What to do when something goes wrong

Even when you’re careful, things can still go wrong. Acting quickly and documenting everything improves your chances of recovering lost money or resolving disputes successfully.

  • Save all messages, screenshots, emails, receipts, and postage confirmations.
  • Report issues directly through the dispute resolution process.
  • Understand payment protection options like PayPal Buyer Protection or credit card chargebacks.
  • Monitor your financial accounts for unauthorised transactions after purchases.
  • File complaints within the time limits mandated within the platforms.
  • If necessary, escalate to consumer protection bodies or regulators.

Concluding thoughts

Online marketplaces are no longer just the domain of digital natives. While younger generations have grown up with e-commerce, many people who previously avoided online transactions are venturing into digital marketplaces for the first time. Whether out of necessity, convenience, or curiosity, this growing wave of new participants includes individuals who may be less familiar with the risks. That’s why messages around online safety, fraud awareness, and secure practices need to keep circulating.

The technology may change, but the underlying tactics of scammers remain the same. To paraphrase P.T. Barnum, “There is a victim born every minute”. Here are a couple more articles that remain relevant today.

  • Caught in the Net (29th January 2019) – Phishing is still a leading cause of online fraud, and it’s not going away. This article explains how phishing emails work, why they’re effective, and how they prey on urgency, fear, or empathy to trick people into clicking links or sharing sensitive data. It also explains how even experienced users can fall for realistic scams and why a cautious, verification-first approach to email is essential in today’s environment.
  • Hit with the Spear (22nd July 2019) – Spear phishing is phishing with precision. This article explains how scammers gather personal details from social media, CVs, and online profiles to craft highly believable messages. Unlike random spam, these messages are tailored to the recipient and often bypass spam filters entirely. The article breaks down the process, from initial research to final action, and shows why oversharing online can open the door to persuasive attacks.

Rethinking the Ethics of AI in publishing

Robert Broxup

In publishing, where authority and trust are paramount, ethics can be both a guiding light and a minefield. Artificial Intelligence is reshaping how content is written and published, offering unprecedented efficiency but also raising ethical questions. This article explores how AI use in publishing can either support expert work or simulate it for influence or profit, often with damaging consequences.

  • Use of AI to enhance the work of expert writers and publishers – AI can support skilled professionals by streamlining research, suggesting improvements, and accelerating drafting processes. This allows authors, editors, and publishers to produce higher-quality content more efficiently while retaining creative and authoritative control.
  • Use of AI to fake expertise in writing and publishing for profit or influence – AI tools can generate polished, authoritative-sounding text, enabling individuals with little subject knowledge to publish materials with no means to verify accuracy, such as sites with a primary purpose of generating advertising or referral-related revenue. Inaccurate or misleading information undermines trust, distorts public discourse, and floods the market with low-quality or deceptive content while projecting authenticity.

Ethical AI use enhances productivity while ensuring that human expertise, critical judgment, and accountability remain central to the publishing process. The threshold for ethical AI use is clear to me: AI should assist experts, not create expertise, and the authors should be the subject matter experts and able to write the article independently, even if they choose to use AI to enhance productivity, clarity, and efficiency.

Ethical AI in Support of Human Expertise

When used ethically, AI can enhance the capabilities of skilled professionals without compromising integrity or authority. These are examples of how AI can respectfully support subject matter experts in the publishing process:

  • AI-assisted outlining and structuring – Subject matter experts can use AI to organise ideas, generate summaries, or improve coherence, allowing them to focus on deep analysis and insights.
  • Improved productivity without sacrificing integrity – AI helps streamline tasks like grammar correction, rewording, and formatting, reducing the time spent on administrative aspects of writing.
  • Experts are responsible for factual accuracy – AI may provide suggestions, but final validation, critical thinking, and real-world expertise shape the published work.
  • Refinement without compromising meaning – AI tools can enhance readability, correct errors, and optimise for audience engagement while preserving the writer’s original message and intent.

Where Ethical Boundaries Are Crossed

Unfortunately, AI is often used not to enhance genuine expertise, but to simulate it. This approach introduces risk, erodes trust, and undermines professional standards. Misuse includes bypassing real subject knowledge, misleading audiences, or generating content purely for financial gain, regardless of accuracy or credibility. AI should never be used to publish work that the author couldn’t understand, write, or explain without it.

  • Mass-production of AI-generated content without subject knowledge – Using AI to generate numerous articles on specialized topics without subject-matter expertise leads to shallow and misleading content.
  • Plagiarism and misinformation risks – AI can fabricate facts, misinterpret sources, or produce content that closely resembles existing material, raising ethical and legal concerns.
  • Deception and false authority – Presenting AI-generated work as if written by an expert misleads readers and erodes trust in professional knowledge.
  • Revenue-driven content farming – Some use AI to create high volumes of low-quality content, designed solely to rank on search engines and generate advertising revenue, regardless of accuracy or reader value.
  • Automated publishing without human oversight – AI lacks ethical judgment, industry experience, and the ability to apply critical judgement in context, making unchecked AI-generated content prone to serious errors and misleading claims.

Ethical AI use supports expertise, boosts efficiency, and preserves credibility. In contrast, misuse leads to misinformation, low-quality content, and eroded trust in professional knowledge. AI is a powerful assistant but human expertise remains irreplaceable. As AI continues to evolve, so too must our standards for credibility, authorship, and trust. In a world where anyone can publish, the true measure of value lies not in how content is created, but in who stands behind it.

Rethinking Asset Management in the SaaS Era

Robert Broxup

The shift to cloud computing and Software as a Service (SaaS) hasn’t just changed how we use software, it has redefined how it is licensed, governed, and valued. Traditional models gave way to subscription pricing, consumption-based billing, and dynamic feature access. Perpetual licences and manual true-ups are becoming relics of a bygone era.

Many years ago, I was deeply involved in both software development and the day-to-day realities of Software Asset Management (SAM) and Hardware Asset Management (HAM). At the time, licensing models still largely revolved around local installations, user counts, and processor limits, concepts that made perfect sense when software was installed on physical machines and managed entirely within the organisation’s IT environment. A decade later, the landscape has changed beyond recognition.

In this article, I want to reflect on that transition, not just as a passive observer, but as someone who lived it from both a technical and governance perspective. Whether building systems, maintaining compliance, or navigating the complexity of evolving vendor models, the shift from ownership to access has reshaped every aspect of software management.

The Subscription Era and Usage-Based Pricing

Over the past ten to fifteen years, software licensing has undergone a quiet revolution. What was once a matter of buying perpetual licences for locally installed software has evolved into a complex, usage-driven ecosystem shaped by cloud computing, SaaS delivery models, and on-demand scalability.

In 2015, organisations typically purchased software outright or acquired long-term licences based on devices, users, or installations. These models implied ownership even though legally it was still a licence. Software was purchased once, installed locally, and controlled entirely by the organisation. The move to cloud-native solutions and SaaS changed this dynamic. Instead of owning software, businesses now pay for access, often through subscription or consumption-based models. Even the terminology has changed – when I developed this type of solution, they were typically called Web Applications or Application Service Provisioning. That was many years ago, and the technology has evolved dramatically.

SaaS providers introduced a shift toward monthly or annual subscriptions, bundling maintenance, updates, and support into a recurring fee. This replaced unpredictable upgrade cycles with predictable operating costs. More recently, licensing has become increasingly usage-sensitive.

New Metrics, New Challenges

Organisations are now also charged based on metrics such as:

  • Storage capacity used – charges based on data stored across cloud platforms
  • API calls made – licensing tied to application integrations and external access
  • Per feature with Attribute-Based Access Control
  • Transactions processed
  • AI inference or compute time consumed

This granular licensing aligns better with real-world value delivery, but also introduces new complexities in forecasting, budgeting, and compliance.

The End of Traditional Licensing Models

Cloud platforms make it harder to define clear per-device or per-site boundaries. Software can be accessed from anywhere, by anyone with credentials, across distributed and hybrid environments. The familiar models of per-CPU, per-installation, or per-location licensing have largely become obsolete, replaced by identity- and activity-based access control mechanisms embedded into cloud platforms.

Vendors no longer rely solely on trust or retrospective audits. Instead, they embed telemetry and real-time usage tracking into SaaS platforms, allowing precise billing and dynamic licence enforcement. This shift increases transparency, but also reduces flexibility for internal teams, who must now manage licences in real time rather than periodically.

SAM Must Evolve or Fail

Traditional SAM tools were designed for on-premise environments. As licensing moved to the cloud, organisations had to rethink SAM entirely and new priorities emerged:

  • Integration with cloud cost management software
  • Monitoring shadow IT and SaaS
  • Automating licence optimisation
  • Ensuring compliance across federated identities and multiple cloud tenants

Licensing is no longer just a procurement concern, it’s an operational, financial, and governance issue. As AI services, platform modularity, and API monetisation expand, licensing models will likely become even more dynamic and fine-grained. Organisations must shift from static compliance checks to continuous licence awareness, integrated with broader governance, risk, and cost management strategies.

HAM in the Age of Mobility and BYOD

A decade ago, HAM was often about tracking desktops, laptops, and servers across physical offices. Today, device lifecycles are shorter, mobile and remote hardware dominates, and Bring Your Own Device (BYOD) models blur the lines of asset ownership. Modern HAM must now integrate with endpoint management tools, support remote provisioning, and align with security and data governance policies. Like SAM, it has evolved from an inventory task to a core enabler of operational control.

Lessons from 2015 – Revisited with 2025 Clarity

Back in 2015, I explored various aspects of HAM and SAM through a series of articles, following the completion of several different asset management related projects over several years. While the landscape has evolved dramatically, many of the core themes still hold true, particularly for organisations at earlier stages of maturity. Here is a look at what I wrote then, and how it still applies today:

  • HAM and SAM project considerations (8th January 2015) – This article highlights important considerations for selecting appropriate Hardware Asset Management (HAM) and Software Asset Management (SAM) solutions. It emphasizes that the most popular vendor offerings aren’t always the best fit for every organisation, particularly if integration becomes costly or difficult. Ultimately, aligning chosen solutions with organisational requirements, capabilities, and strategic objectives helps ensure successful, efficient, and cost-effective asset management implementation.
  • The Complexity of Software Licensing (12th January 2015) – this article explores the ongoing confusion surrounding software licensing and the risks it poses to organisations and their leadership. Despite years of discussion, many still fail to grasp that software is licensed, not owned. Licensing models vary widely between vendors and products, making compliance complex. Poor oversight can lead to legal penalties, reputational harm, and even personal liability for directors. Effective licensing governance is positioned not merely as an IT task but as a strategic, executive-level responsibility.
  • Understanding Software Licensing Models (19th January 2015) – this article provides an overview of common software licensing models used by vendors, including per-user, per-installation, concurrent, site-based, processor-based, freeware, shareware, and open-source licences. It also explores emerging cloud-era models such as per-feature, per-space, per-bandwidth, and usage-based pricing.
  • Inside the Chaos of Licence Mismanagement (26th January 2015>) – this article explores how unlicensed software often becomes embedded in organisations due to a mix of chaos, ignorance, and weak controls. It outlines common causes, including unrestricted administrator access, lack of defined processes, and ineffective vendor enforcement. The piece argues that without proactive Software Asset Management (SAM), unlicensed software can accumulate unnoticed, creating compliance and legal risks. It recommends a dual approach: tactical clean-up of existing issues and strategic implementation of long-term controls.
  • Eliminating Unnecessary Software Licence Costs (2nd February 2015) – this article explores how organisations can reduce unnecessary software licensing costs by identifying and eliminating inefficiencies. It highlights common issues such as maintaining licences for former employees, renewing support contracts without reviewing actual usage, and over-deployment of software that may trigger costly vendor audits.
  • IT Asset Accuracy (10th February 2015) – this article highlights the frequent inaccuracy of SAM and HAM data in organisations and the risks of accepting 90% accuracy as sufficient. It draws a parallel with financial systems, where precision is mandatory, and argues the same standard should apply to IT asset data. The consequences of poor asset data include undetected software misuse, missing hardware, unpatched vulnerabilities, unnecessary support costs, and licence compliance issues, making accuracy critical for effective risk management and security.
  • Strategic Drivers for SAM and HAM (24th February 2015) – this article outlines key reasons why organisations implement SAM and HAM, including security assurance, licence compliance, asset valuation, audit readiness, and cost allocation. It emphasises the need for accurate inventories to support patching and governance activities.
  • SAM and HAM depend on your data (1st March 2015) – this article explores why SAM and HAM initiatives often fail: not because of the tools chosen, but due to poor or missing data. It explains that the effectiveness of any asset management solution relies on the availability and quality of data already within the organisation. Drawing on real-world project recovery experiences, it lists common data sources and emphasises the need to access and analyse this information early. The article closes by discouraging premature software purchases.
  • Stakeholder Engagement with HAM and SAM (15th March 2015) – this article addresses the problem of data silos in organisations where different teams manage assets independently. It explains that disconnected systems and assumptions of data completeness often lead to fragmentation and errors. To succeed, SAM and HAM systems must become the central source of truth. Stakeholder involvement, communication, and alignment of local requirements are crucial to prevent the new system from becoming just another unused tool.
  • Improving Software Purchasing Decisions (18th March 2015) – this article focuses on avoiding costly mistakes in software procurement. It warns against solutions that require unexpected consultancy or custom development to meet basic expectations. Buyers are encouraged to evaluate whether a product functions effectively out of the box, whether integration with existing systems is included, and how much customisation is really needed.
  • Inadequate SAM during Mergers & Acquisitions (27th March 2015) – this article explains the risks of neglecting SAM in mergers and acquisitions. While financial and legal due diligence is common, software licence management is often overlooked, leading to compliance gaps, unexpected costs, and integration problems. The article outlines key questions to ask before finalising a deal and encourages proactive vendor dialogue. It argues that IT due diligence must become a standard practice in M&A to protect business value, especially as licensing models and software landscapes evolve.
  • Application Whitelisting (9th September 2017) – application whitelisting is a proactive security control that enforces a deny-by-default approach. Only approved software can run, everything else is blocked. This article explains how whitelisting significantly reduces risk from malware and unauthorised software usage. With proper planning and ongoing oversight, application whitelisting becomes a powerful tool for improving control, visibility, and resilience across the enterprise.
  • Practical Steps to Improve Software Management (16th September 2017) – effective Software Asset Management (SAM) is essential for maintaining control, ensuring compliance, and maximising value from software investments. This article outlines practical steps organisations can take to manage software more effectively, from maintaining an accurate inventory and enforcing licensing controls to reducing support costs and avoiding unnecessary project spend.
  • Mixed Enthusiasm for Cost Avoidance (23rd September 2017) – this article explores the often-overlooked value of cost avoidance, using a software licence audit as an example. By identifying unused installations and reducing the need for additional licences, the business avoided £250,000 in future expenditure. However, the immediate £50,000 cost to achieve compliance overshadowed the invisible savings, drawing more attention and scrutiny. The piece highlights how visible costs often provoke stronger reactions than hidden savings – an insight that applies beyond software licensing to many areas of business decision-making.
  • Governing Hardware Assets (17th December 2019) – This article outlines the essential principles of effective hardware asset management. It explains how maintaining an accurate inventory, tracking new and portable devices, and ensuring proper ownership records are fundamental to both operational security and business efficiency. By choosing the right management tools and maintaining up-to-date asset valuations, organisations can support troubleshooting, streamline refresh projects, and strengthen governance.

The Strategic Future of HAM and SAM

A decade ago, asset management was often viewed as a supporting task. Today, it is at the heart of digital governance, security, and operational efficiency. Whether you’re revisiting these topics or addressing them for the first time, HAM and SAM are no longer optional disciplines, they are strategic enablers in a world where technology is both everywhere and always on.

Reflecting on a decade of transformation, it’s clear that SAM and HAM have matured into essential governance tools. As AI and platform modularity introduce further complexity, success will depend on continuous awareness, collaboration across teams, and strategic alignment. The journey continues, but the foundations are stronger than ever.

Stay safe and avoid Black Friday scams

Robert Broxup

Black Friday is approaching again, and while it promises incredible deals, it’s also a time to exercise caution. Cybercriminals see this as an opportunity to prey on unsuspecting shoppers who may let their guard down in pursuit of huge discounts.

  • Stick to trusted retailers – it can be tempting to explore unfamiliar websites offering huge discounts, but this is where the risk of scams is highest.
    • Stick with the businesses you know and trust, especially those you have successfully shopped with before.
    • If you are curious about a new retailer, search for reviews and verify their legitimacy before purchasing.
  • Avoid clicking links in emails – phishing scams are rampant during shopping seasons, with fraudulent emails disguised as offers from popular brands.
    • Go directly to the retailer’s official website through your browser.
    • Scammers often use addresses that look similar to legitimate companies but include subtle differences.
  • Beware of unnecessary software and apps – installing unfamiliar software or apps to access discounts is a significant red flag.
    • Avoid downloading new apps unless they are from familiar and trusted retailers and official app stores.
    • Avoid apps that request excessive access to your device or personal data.
  • Watch out for hidden memberships – special deals may sometimes come with strings attached, such as hidden memberships that require regular full-price purchases.
    • Before completing a transaction, ensure you’re not unwittingly subscribing to a recurring service.
    • Avoid deals that feel overly complicated.
    • Genuine bargains don’t require convoluted commitments.
    • Avoid paying for access to discounts.
  • Use secure payment methods – protect your financial information by choosing safer payment options when shopping online.
    • Use credit cards or payment services such as PayPal or Apple Pay, which often provide buyer protection in case of fraud.
    • Avoid direct bank transfers.
    • Avoid payment methods that don’t offer recourse if something goes wrong.
  • Look for HTTPS and Security Indicators – before entering any personal or payment information online, ensure the website is secure.
    • A secure website address will have “https://” at the beginning of the URL, along with a padlock icon in the address bar.
    • Be cautious and avoid unsecured websites.
  • Monitor your bank statements – fraudulent transactions can go unnoticed if you don’t keep an eye on your bank accounts.
    • Check your bank statements regularly to spot any unauthorised transactions.
    • Report suspicious activity immediately to your bank or card provider.
  • Avoid public Wi-Fi for online shopping – shopping on public Wi-Fi networks can leave you vulnerable to hackers.
    • Make purchases using private, password-protected Wi-Fi connections.
    • Virtual Private Networks (VPNs) add an extra layer of security, making your online activity harder to intercept.
  • Think before you buy – impulse purchases often lead to regret, especially for items you wouldn’t normally consider buying.
    • Be realistic about the product’s value.
    • Pause before purchasing. If something seems worthless or unnecessary at the recommended retail price, it’s likely not worth buying with a 90% discount.

Although this article is about Black Friday, adopting these practices all year round is wise to ensure safe and secure online shopping. Generally speaking, it is good practice to avoid buying in a way that doesn’t align with societal norms; being asked to do so should be considered a huge red flag.