From the convenience of making purchases at your fingertips and next-day delivery to getting great deals and the endless catalog of purchasable items, online shopping has only grown in popularity. Shoppers can choose from a variety of sites, retail platforms, and online marketplaces to purchase products making their holiday shopping fast and easy. And where else can you do your Holiday shopping in your pajamas?
While the increased availability of online shopping is convenient, it also makes it more lucrative for scammers to trick buyers into paying for goods they won’t receive or obtain their personal information for financial gain.
So as this holiday season approaches, we should remember to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Everyone needs to be extra careful and safeguard themselves against scammers, hackers, and cybercriminals – who are actively on the hunt – for you!
Black Friday (Nov. 29) and Cyber Monday (Dec. 3) are getting close, and are the two busiest internet shopping days of the year offering convenience, great discounts, and no crowds! But they’re also very convenient for cybercriminals.
During these peak online periods, cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. There’s also an increase in viruses, scams, and identity theft during the holidays. Just last month the FBI issued a warning about hackers infiltrating online shopping carts to steal credit and debit cards and other personal information, called e-skimming. Similar to skimming at ATMs and gas pumps, it happens when cyber criminals install malicious code onto retail websites and then capture credit-card data as shoppers enter it, which then gets sold by the criminal or used to make fraudulent purchases.
How do attackers target online shoppers?
By creating fraudulent sites and email messages. Traditionally, you would do your shopping at a brick-and-mortar store you knew was who the sign said they were. But now criminals can create malicious websites, or send you email messages that are very real looking with logos and other details, but they are not what you think they are. Their goal is to get you to enter your personal and/or financial information into their fake sites.
And if you are sending information online in a transaction and the vendor does not use encryption, that transaction and all the information involved is not secure and can be intercepted by an attacker.
Is your computer vulnerable? Yes, if you do not protect your computer from viruses or other malicious code and don’t have the latest available updates, someone could get access to it and all the information on it! Likewise, if a vendor does not keep their computers protected your transaction information could also be stolen.
So, what can you do about it?
Stick to recognizable websites, and always verify the URL before entering any personal information. Check the website address (URL) to be sure it begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
You might find yourself on a fake malicious website, if in doubt check the site certificate, especially the “issued to” information.
You should also use a credit card, rather than debit card since there are limits to your liability for fraudulent charges that you might not have when using your debit cards. And since the debit card transaction is debited when the transaction takes place, the money is immediately gone, and waiting to get your money back might leave you without the cash you may need for your other expenses. You can also use a low-limit credit card to make all of your online Holiday purchases.
Additional areas you will want to keep an eye on.
- Fraudulent “order confirmations” or “shipping alerts”
- E-cards that want you to open an attachment or click on a link
- Fake notices about your credit card being compromised
- Emails requesting information
What to do:
- Be suspicious of any unexpected email that wants you to click on a link or open an attachment, or ask you to confirm a purchase or account information
- Hover your mouse over a link to see the real URL. If the two don’t match, or the link seems strange, don’t click
- Beware of any offers you received by email or text from merchants you don’t know. It could be a phishing attack
- If you’re even slightly in doubt, delete the email
- If you’re worried it might be real, contact the sender (your bank, FedEx, the store that is claiming to send the order confirmation) and see if you can verify the email’s legitimacy.
- Pressure-driven “ Black Friday” or “Cyber Monday” shopping scams
- Questionable charities
- Holiday-themed games, apps, or wallpapers that are infected with a virus
What to do:
- Use extra caution with anything related to “Black Friday” or “Cyber Monday.” Stick with well-known stores and visit their sites directly instead of clicking on links.
- Only support charities you know are legitimate. Give directly on their websites.
- Don’t download unknown software on personal devices, and check with your company’s policies to see if you’re allowed to download software on work devices.
Hundreds of fake retail and product apps can pop up in Apple’s App Store at this time of year. Such apps can open people up to identity or financial fraud if they enter their Facebook or credit card information. Other apps may have malware that can steal personal information or lock a user’s phone until the person “pays a ransom.” The safest action: Don’t download any retail apps this year. But if you must, do your research before downloading it!
And you should beware of public WiFi. It’s not secure, so don’t use it to conduct sensitive business like banking, or shopping. If you must use it, be sure to use a VPN.
Protecting your Privacy
Finally, look for and use apps that tell you what they do with your data and how they keep it secure.
At this time of year, you have enough to do to prepare for holidays. It is critical to be aware of what kind of scams to look out for, and which simple, actionable steps to take to ensure your festivities with friends and family are joy-filled and worry-free.