Thanksgiving is here and we all know what that means – the holiday shopping season is in full swing. It’s likely your inbox has already been flooded with holiday discounts and the occasional “too good to be true” deal. With so many things on everyone’s to-do lists this time of year, it can be easy get caught up and forget security basics when shopping online.
Keeping this in mind, here are some things to look out for while you are online shopping this holiday season:
- Fake Invoices/Shipping Notifications: Your shopping list is probably full of gifts to get for family members and friends, and sometimes it can get confusing keeping track of all the places from where you’ve made purchases. This is complicated even further when family members share accounts (think Amazon Prime). If you receive an invoice or receipt that you don’t recognize, check your credit card statement and/or with the other family members with whom you share the account. If you receive an email from a shipping company or anyone claiming to have invoices or receipt of packages, visit the company’s website to confirm. You can also call the shipper directly to see if the email is real.
- Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. Emails/Texts/Calls: With 56 percent of email users still clicking links from unknown senders, be on the lookout for phishing in all forms this season. This includes via phone calls, text messages, and social media messages. We recently discussed everything you need to know about phishing attacks in a webinar. Tune in here to learn more.
- Malvertising: Be cautious of clicking on online ads, especially those with promotions that seem too good to be true. Malware-laden ads are often near-exact copies of the original legitimate ad, so it’s hard to know what ads are safe to click. Malicious ads can be served via plug-ins, pop-ups, banner ads, and links in text ads. Lower your chances of falling for malvertising by disabling plug-ins and using ad blocking software/extensions and pop-up blockers.
- Public WiFi Access: We’ve heard for some time now that threat actors are taking advantage of free public WiFi. This comes into play during the holidays when we’re on the go and often online shopping in public places, using free WiFi. When connecting to free WiFi, always ask an employee at the location for the official WiFi name.
- Social Media Scams (giveaways, fake gift cards, and cyber deals): Fake gift cards targeting Amazon, Apple, Wal-Mart, and other retailers are rampant during the holiday season and quite common through all sorts of social engineering techniques. Be cautious if you receive offers for gift cards, credit card purchase receipts, airline ticket confirmations, and greeting cards. If it’s too good to be true, it probably is. The safest place to buy gift cards is directly from the retailers and ask for cards kept behind the counter as opposed to on a large end-cap or public display.
- Fake Charities: Cyber criminals take advantage of consumers’ generosity during the holiday season and often lure consumers in with bogus charities asking holiday shoppers to donate money by misusing the name of a genuine organization or making up their own. These campaigns are often launched via social media in an attempt to attract larger audiences and are aimed at consumers looking to do good for the community while in the midst of their holiday shopping sprees.
We hope pointing out some of the ways you can be taken advantage of online will help you to identify and not be a victim of scams in the future. Feel free to share these online shopping tips with family and friends!