You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready.
One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give into the pressure of finding that hard-to-get gift that’s so hot this year. Crooks know it too, and they’ll tailor their attacks accordingly as we get wrapped up in the rush of the season.
5 ways to spot an online shopping scam
So while you already know how to spot a great deal, here are ways you and your family can spot online shopping scams so you can keep your finances safer this shopping season:
1) Email attachments that pretend to be from legitimate retailers and shippers
A common scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offering emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll clearly call those things out in the body of an email instead.
2) Typosquat trickery
A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them. You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and look for the deal there.
3) Copycat deals and sites
A related scammer trick that also uses typosquatting tactics is to set up sites that look like they could be run by a trusted retailer or brand but are not. These sits may tout a special offer, a great deal on a hot holiday item, or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Again a “close to the real thing” URL is a telltale sign of a copycat, so visit retailers directly. Also, comprehensive online protection software can prevent your browser from loading suspicious sites and warn you of suspicious sites in your search results.
4) Counterfeit shopping apps
While the best of them can look practically professional and be tough to spot, one way to avoid counterfeit shopping apps is to go to the source. Hit the retailer’s website on your mobile browser and look for a link to the app from their website. Likewise, stick to the legitimate app stores such as Google Play and Apple’s App Store. Both have measures in place to prevent malicious apps from appearing in their stores. Some can sneak through before being detected though, so look for the publisher’s name in the description and ensure it is legitimate. On a fake app, the name may be close to the retailer you’re looking for, but not quite right. Other signs of a fake will include typos, poor grammar, and design that looks a bit off.
5) The “too good to be true” offer
At the heart of holiday shopping is scarcity. Special offers for a limited time, popular holiday items that are tough to find, and just the general preciousness of time during the season to get things done, like shopping. Scammers love this time of year. During the holidays, they’ll play on that scarcity and crunch you’re under in their offers and messaging. Enter the “too good to be true” offer, typically set up on phony sites like the ones mentioned above. If the pricing, availability, or delivery time all look too good to be true, it may be a scam designed to harvest your personal info and accounts. Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate.
Great tips for shopping online any time
Apart from spotting scams, there are several things you can do to keep yourself safer while shopping this holiday season. In fact, they can keep you safer when you shop year ‘round as well.
Look for the lock icon
This is a great one to start with. Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Use a credit card instead of your debit card
Specific to the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using those while shopping online and use your credit card instead.
Consider getting a virtual credit card
Another alternative is to set up a virtual credit card, which is a proxy for your actual credit card. With each purchase you make, that proxy changes, which then makes it much more difficult for hackers to exploit. You’ll want to research virtual credit cards further, as there are some possible cons that go along with the pros, such as in the case of returns where a retailer will want to use the same proxy to reimburse a purchase.
Use protection while you shop
Using a complete suite of online protection software can offer layers of extra protection while you shop, such as web browser protection and a password manager. Browser protection can block malicious and suspicious links that could lead you down the road to malware or a financial scam. A password manager can create strong, unique passwords and store them securely as well, making it far more difficult for hackers to compromise your accounts. Identity theft protection takes your safety a step further by helping you secure your identity online and restore it should any of your personal info be found in the wrong hands.
Use two-factor authentication on your accounts
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Use a VPN if you’re shopping on public Wi-Fi
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi and harvesting information like your passwords and credit card numbers.
Keep an eye on your identity and credit reports
With all the passwords and accounts we keep, this is important. Checking your credit will uncover any inconsistencies or outright instances of fraud. From there, you can then take steps to straighten out any errors or bad charges that you find. In the U.S., you can run a free credit report once a year with the major credit reporting agencies.
Shop happy! (Don’t give in to stress and scarcity.)
So while you’re shopping online this year, take a deep breath before you dive in. Double-check those deals that may look almost too good to be true. Look closely at those links. And absolutely don’t click on those attachments that look like shipping notices or coupon deals. Hackers are counting on you to be in a bit of a hurry this time of year. Taking an extra moment to spot their tricks can go a long way toward keeping you and your finances safe.