The holidays are right around the corner and that means holiday shopping is back with a bang.
Already shoppers have started early to get their hands on gifts to take advantage of any bargains or just to not lose out on them. Like in 2020, COVID-19 is still here to stay but even if it is not scaring off shoppers, there is a worry that retailers won’t have enough products to fill up their shelves.
These bottled up supply chains are serious enough that the White House had to admit that it can’t guarantee every gift or package will make it on time But despite this, the National Retail Federation forecasts that holiday sales during November and December will outdo 2020 with up to $843.4 billion and $859 billion in expected sales.
But if COVID-19 is enough of a deterrent to keep you from shopping online, there’s another evil that should not be forgotten; cybercriminals.
According to the FBI, scammers are about as excited as you are for the holiday shopping season. Taking advantage of the holiday hype and the mad dash to get all your gifts in, the bureau says these scammers trick thousands of customers out of not just your money, but also your personal information.
To reduce your odds of giving a hacker a merrier Christmas than you, here are three of some of the most common scams to watch out for on Black Friday and Cyber Monday.
THE FAKE ONLINE SHOPPING SITE
The FBI has a simple adage to follow when doing your holiday shopping online; if it looks too good to be true, it probably is.
Cybersecurity company Trend Micro says that tens of thousands of online shops appear every day and some of them are designed to trick you out of your money and data. Usually they hit you with unbelievable (emphasis on unbelievable) prices and obnoxious emails that use commanding language to urge you to buy before you miss out!
These sites are not always easy to identify, but Trend Micro says there are a few telltale signs that give away a fake. For one, if you do not see if you see there is no way at all to contact the seller, that is a huge red flag. If you look closely, you might also notice warning signs like awful spelling or that the site is really slow, odds are it is a trap.
Paige Hanson, Chief of Cyber Safety Education at Norton LifeLock, also offers a few more tips to follow on the holidays that will protect you from these sites. First, she says not to rely on not to do your shopping on public WiFi systems, which can be less secure or can open you up to what is called a "man in the middle attack".
"In a man in the midde attack, you think that you are connecting to your coffee shop's WiFi, but really it is someone in the area you're connecting to," warned Hanson. "All of your internet traffic, what websites you're going to, all your personal information you're typing in, usernames, passowords - all of that is going to someone else."
Instead, she advises that you use a Virtual Private Network, or VPN, if you are shopping in a public WiFi space. If you're at home, stay with the reputable retailers which tend to have more encryption to protect your data online.
What happens if you realize too late that you fell for a scam website?
Anti-virus provider Norton says that what you do depends on the kind of information you lost. In any case, it says to change all of your passwords, usernames and delete any credit card information you might have saved for convenience on the computer. If you used a credit card, Hanson said that alerting your provider gives you the best chance of getting your money from a scammer.
"If you were to use a credit card, it is a lot easier to get your money back. You can go through the financial institution and call it fraud," said Hanson.
She added that in most cases this should be enough to get your money back, but warned that in many cases scammers ask you to pay with another method like a giftcard or wire transfer. If you complete the transaction in one of these ways, " it is nearly impossible to get your money back."
The best defense is always being aware of these scams in the first place. For one, Hanson advises that you stick with sites and retailers that you can trust because they usually utilize stronger encryption to protect your sensitive information.
Like the FBI, Hanson suggests to be wary of online shopping offers that are unbelieveable. They are.
THE NON-DELIVERY SCAM
This one is a really common one to keep your eyes out for because it is one of the most common holiday scams out there. It is so common that the FBI estimated that scammers made off with up to $265 million dollars in non-delivery schemes and this amount is nearly $70 million more than in 2019.
Hackers are making a bet that you ordered something online during the holidays and your guard will be down while you’re waiting for the package. Sometimes they can be pretty sophisticated too. Security company Avanan identified last month a scam where hackers were using a convincing but fake Amazon email that says it is confirming your recent order.
It is at this point you remember the cardinal rule of good cyber hygiene - never click on any unexpected links you receive and verify every time who sent you it. Avanan notes that the scammers tipped their hand by making their spoof email resemble actual Amazon ones, but they end up leaving out subtle but important details that would apply for others trying to spoof different retailers.
Norton's Hanson says that fraudsters are trying to get you to click on any attachment they are throwing your way, but never do that. If you do get a message purporting to be from a delivery service with any tracking code, avoid the link and check for yourself on the main website. That way you can confirm it is legitimately yours and not a trap.
THE FAKE CHARITY SCAM
The holiday spirits bring out the best in almost everyone and this shows by the uptick in charitable donations made during the holiday spirit.
In an analysis by the Blackbaud Institute, it was found that the most charitable contributions happen in October, November, and December, which together made up 36% of all giving in 2020. Unfortunately, cybercriminals are out there to take advantage of this goodwill and show no shame in creating fake charity sites to scam you out of money.
The FBI says scammers frequently use phone calls, email campaigns, and fake websites to solicit on behalf of fraudulent charities to shake money out of an unwitting donor. In 2020, scammers made off with $4.4 million, doubling the amount they stole just the year before.
This is where verification is especially important. To reduce your odds of being tricked by this, always make sure that the charity you are donating for even exists.
The Federal Trade Commission (FTC) offers a number of trusted websites that list well-known charities, including Better Business Bureau's Wise Giving Alliance, Charity Navigator and the Charity Watch. If they are using the name of a legitimate charity to up their odds of stealing your donation, double check that the number or email they’re using matches the one on the actual site.
If you do end up giving your money or any personal information, your first call should be to the FBI or the FTC. Hanson said that customers or clients are always advised to get in touch with law enforcement because it creates documentation of what could be identity theft or any other sort of scam. This would help stop scammers from abusing your information further.
"If the fraudster were to take your personal information and try to create more lines of credit, or something else were to happen, at least you would have the documentation that shows you were the victim of identity theft," she said.