The holidays are the biggest time of year for last minute shopping sprees—suddenly those discount emails, usually regarded as spam, are looking particularly tempting. Such emails are commonplace in an attempt to generate online sales, and while many are legitimate, cybercriminals also use this avenue, among others, to scam unsuspecting individuals.
Adobe reported that this year, 270 million consumers will shop online and that, for the first time, the majority of online shopping will be done on a mobile device. According to the Talos blog, this is concerning because most mobile devices do not possess the security to block many of the cyber threats that increase around this time of year. This leaves many shoppers vulnerable as attackers seek profit gain during the busiest time for online commerce.
It is important that shoppers are aware of these seasonal security threats and know strategies to avoid them in order to protect susceptible personal information.
Common Shopping Cons
Phishing emails advertising hard-to-get items, fake package tracking numbers, and huge discounts are a common trick. Unsuspecting victims often end up giving personal and credit card information.
AGV gives this list of U.S. organizations that are being impersonated the most in emails in 2015:
- American Express
- Bank of America
- Chase Bank
- FedEx, UPS, DHL
- Intuit (Taxes)
- Wells Fargo
- Westpac Bank
Similar ploys are used on social media, where a friend might send a personal message offering free $500 gift cards or 70% off discounts—in reality, this friend’s account is likely compromised and is being leveraged to attract more victims.
Shoppers should also lookout for mobile applications designed as games (and offered for free) that steal personal information from smartphones. “Research the company selling or giving away the app and look online for third party reviews before installing an app from an unknown source,” the FBI states in a written statement outlining common fraudulent attempts on unsuspecting shoppers.
How to Avoid Seasonal Swindles
For phishing emails, there are ways to verify if the source is fraudulent or valid:
If the email provider or security software marked the email as Junk or Spam, there is a high probability that it is. Look at the email address that sent the email—does it include extra variables or stray from the standard domain name? Does the email have the mandatory elements that companies need to use, including registered office details, unsubscribe options, etc.? If any email doesn’t meet one or more of these criteria, there is a good chance the email is not legitimate.
SC Magazine suggests that another defensive solution is for mobile shoppers to install ad-blocking software to protect against malvertising threats as they browse. Additional tips include the following:
- Check credit card statements routinely
- Do not respond to unsolicited email or click on links contained within those emails
- Avoid filling out forms contained in messages that ask for personal information
- Compare the link in the email to where the link is being directed to determine if they match and lead to a legitimate site
- Verify requests for personal information from businesses by contacting them using the contact information on their official sites
Nobody wants to be the victim of cybercrime, especially around the holidays. Beyond all technical layers that can be deployed, individuals need to be smart and have constant vigilance in order to protect personal information as well as keep private data secure. Remember that if the deal looks too good to be true, it probably is.