Online Shopping Scams to Avoid – How Scammers Try to Steal Your Money and How to Avoid Them During the Holidays and All Year Round
Online shopping scams are in peak swing. Scammers are looking for ways to hack into your accounts. The Cybersecurity and Infrastructure Security Agency (CISA) issued another warning to holiday shoppers to protect their money and personal information. Holiday online shopping scams peak during one of the most lucrative shopping seasons of the year – Black Friday until Christmas. Hackers aim to steal money from bank accounts and rack up charges on credit cards. They can also steal personal information like phone numbers, account numbers, and addresses, and login information for online accounts. When a hacker has enough information, they may be able steal your identity to purchase items, open new accounts, or apply for loans.
Phishing Emails
Phishing emails come in many forms and with endless spins on content. Clever holiday scams include bogus order confirmations and shipping notices that are designed to look like they were sent by legitimate retailers. Other phishing emails may try to scare shoppers into thinking there is suspicious activity on their credit card or PayPal account. Regardless of the email contents, the goal of a phishing email scam is usually to steal money from the recipient either by getting account login credentials or credit card numbers.
READ: 5 Phishing Email Examples
Fake Charities
Holiday phishing email scams include asking for donations to fake charities. Tricking generous donors into giving their money to fake charities or on spoof websites designed to impersonate legitimate charity websites is another common holiday scam. Social media sites Like Facebook and Instagram are common places where fraudsters post sob story appeals for money or post holiday scams disguised as a secret Santa.
If you want to donate to a charity during the holiday season or any time of year go, directly to the donation website making sure you type in the website address carefully. If you’re giving to a charity that you’ve never heard of be sure to vet, the charity watchdog websites like Charity Navigator or GuideStar.
Fake Websites
Many phishing email scams are accompanied by a spoof or fake website. Spoof websites are designed to look just like legitimate websites. They often appear to be companies or retailers that you’re already familiar with and therefore more likely to feel comfortable giving your payment information or personal information to. Fake websites have login pages and credit card checkout pages just like their legitimate counterparts. Except that the shopper’s information and money is sent to the hacker.
Stealing Passwords
Stealing passwords is another common holiday online shoppin scam. Although the password to your Instagram or favorite retailers online account may seem unimportant and harmless, hackers steal these login credentials knowing that the average consumer reuses the same password across multiple accounts.
The login to your Apple cloud may very well be the same email and password combination to your bank or credit card account. Usernames and passwords are sold on the dark web along with corresponding credit card information resulting in identity and financial theft.
Mobile Malware Scams on Shopping Apps
Smartphone users are often tempted to download more apps from outside official app stores. Downloading an app from within a game or other site makes the device vulnerable to malware, spyware, adware, and ransomware. Unofficial apps even apps downloaded from official app stores like Google Play and the Apple store can contain malware. Limit apps to those that are necessary don’t give apps any unnecessary permissions. For example, a shopping app does not need access to your contact list and your camera.
Hacking on Public WiFi
Using public WiFi puts your phone and your money at risk. Hackers monitor and record internet traffic over public WiFi connections like those found in retail stores, coffee shops, malls, and hotels. Hackers can decrypt public WiFi communications to and from a phone and use it to steal login credentials and payment information. If you need to use public WiFi, be sure to use a virtual private network or VPN to encrypt your data.
READ: How to Choose a VPN for Your Smartphone
Reading Card Information in Public Spaces
Have you ever read your credit card information to a retailer over the phone or even at the checkout register? Once I was in a market where a woman was reading her credit card information to someone over her phone in the middle of the vegetable section. The pizza shop also accepts phone orders and asks people to read their credit card information. Many times, I watched the order taker write down the credit card number on a slip of paper while I was waiting to pick up my order. All of these scenarios are opportunities for someone to scam your payment cards.
Online Coupon Scams
Coupon scams are a seemingly innocent way that hackers can get your personal information while looking for online shoppin bargains. Beware of coupon deals that ask for too much information. It’s okay to give a coupon site your first name and possibly an email address in exchange for a discount. But there’s no reason to give a website any kind of payment information, address or phone number. All of this data can be used to get into other accounts that are connected to the same email address.
How to Protect Yourself from Online Shopping Scams -Reduce Your Risk of Being Hacked
Beware of websites that have unusual addresses or lack contact info
Legitimate retailer websites should have contact information including their business address shipping policies contact information in the form of a Phone or chat support that where you can contact them in case there is an issue a simple email format a website really isn’t a sufficient mode of contact you have no idea where the email from the email form is sent if it goes anywhere at all that a retailer by looking at their information open Google and by looking for their social media presence this will give you an idea of how old the retailer is.
Although a website with a foreign address isn’t necessarily sketchy or a spoof website it can make it a lot harder to solve issues with your order or get your money back you may have little legal recourse
Check privacy policies
Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information.
Beware of Deal Sites
When shopping online during the holiday season, o any time of year, be wary of deals that seem too good to be true.
Pay with a Credit Card Or Mobile Wallet
Credit cards give consumers a layer protection between the internet and their money. Most credit cards offer consumer protection that can reverse fraudulent charges, so the shopper is not held liable. if you use a debit card or bank card for your purchases and a hacker scams your card numbers, you may have little recourse, if any at all.
Use a Mobile Wallet
The majority of consumers still pay with a physical payment card or cash in person and with a bank card ,debit card or credit card online. Paying with a mobile wallet adds another layer of protection between a hacker and your money. Mobile wallet store payment information on a phone so you don’t have to present a physical card at the checkout. If you use a mobile wallet to pay be sure to add two-factor authentication to the wallet and biometric login to your phone in case it is lost or stolen.
Enable Security Features
Take advantage of security features. Passwords, facial recognition, and other security features like two-factor authentication add layers of security if used appropriately.
READ: The Most Common Hacked Passwords
Check Statements
Check your financial statements. Keep a record of your purchases and organize confirmation emails. Compare receipts to your bank statements. If there is a discrepancy, report it immediately.
Limit Sharing
Be careful what information you publicize on social media. Attackers may be able to piece together information from a variety of sources and use it in what’s known as a social engineering attack. Avoid posting personal data in public forums. Social engineering attacks and phishing emails are their most common attack vectors to launch a malware or ransomware cyber attack.
