The holiday shopping season may be the time to splurge, but it’s also a favorite time of year for cybercriminals to target shoppers with fake deals, phishing scams and other threats.
Nov 27, 2023
5 min. read
The holiday shopping season is in full swing. It consisted of a seemingly endless few weeks of shopping frenzy as we rushed to take advantage of bargains and buy gifts for our friends and family. Despite the rising cost of living, Deloitte predicts a 10% to 13% increase in 2023 holiday e-commerce sales in the US compared to the same period in 2022. That amounts to more than $1.5 trillion to capture, more yet across Europe and the largest online market, the UK. But retailers aren’t the only ones after your money – malicious hackers are too.
So before you get carried away, take a minute to review the most common scams and cyberthreats, and how to stay safe online.
What’s at stake when you shop online?
Global e-commerce is on fire. the market predicted which will grow at a CAGR of 12% during the period 2021–25, to exceed $8.5 trillion by 2025. But with this much money at the ready, it is no wonder that scammers and fraudsters are ready to seize. And they are especially willing to take advantage of busy times like the arrival of Christmas, when it is easy to hide the deception of the influx of purchases and when shoppers can be distracted.
So what do they want? Simply put, your money and/or your personal information, including logins to related accounts, which can then be sold to others to commit identity fraud. Here’s a quick rundown of some of the most common threats to watch out for this holiday season.
- Counterfeit sellers: It operates on legitimate sites like Facebook Marketplace, and attracts buyers by listing in-demand products at extremely low prices. They can also create fake reviews on their “store” to add legitimacy. Users will be asked to pay through instant payment apps such as Zelle, Venmo or Cash App. But they never received their purchase, because it was all a scam.
- Account takeover (ATO): Cybercriminals are always looking for ways to hijack customer accounts. That’s because they can use stored cards to make fraudulent purchases, or otherwise find personal information on accounts that can be sold to others. The most common way to create an ATO is through stolen or phished logins. Sometimes fraudsters use logins they obtained from other sites (through a data breach), which victims use for multiple accounts. This is known as credential filling.
- Bogus online stores: This is a similar threat to the fake seller scams listed above. However, fraudsters go to extreme lengths to appear legitimate. They will spoof the website of a real retailer or brand. Not only do victims not receive their item, or possibly send a fake version, but scammers also get their card details for future fraud.
- Fake apps: These are similar to fake online stores and are often sold in unofficial third-party app stores or phishing sites. Users can end up there after clicking on a scam link on social media or via email/text.
- Phishing: It’s still one of the most popular ways for scammers to obtain personal and financial information, which can be used for identity fraud such as buying goods or applying for loans in your name. Fake emails, social media messages or texts are made to appear as if they were sent by a legitimate company.
- Counterfeit gift cards: As with fraudulent deals involving electronics or high-end fashion, you may encounter an attractive offer for a substantial gift card balance or a card sold at a large discount price compared to its face value. However, clicking on the link provided in the email or text, to claim your gift card, may result in the installation of malware, compromise of your personal data, or receiving a stolen card.
At this time of the year, they can be fake messages from delivery companies that require additional information or payment for a ‘tax’ or ‘custom’ payment. You may be ordering a lot online, so it can be difficult to track legitimate orders. Sometimes clicking a link installs malware designed to flood your screen with ads or steal personal/financial information.
12 ways to stay safe when shopping online
With that in mind, here are 12 tips for staying safe – one for every “day” at Christmas:
- Make sure you protect your PC and mobile phone with multi-layered security software from a reputable provider. This can go a long way in preventing the damage that data theft and other malware can do.
- Always use strong and unique passwords for all accounts (via a password manager) and turn on two-factor authentication (2FA). This helps reduce the risk of password theft and account takeover.
- Beware of too-good-to-be-true bargains. If an item or special offer looks too good to be true, it probably is.
- Always use secure websites for any purchase. Look for a padlock in the browser bar and an HTTPS address. This will limit the chance for hackers to eavesdrop on your communications and steal your card information.
- Always check your bank and credit card accounts during shopping, and contact your provider immediately if there are any suspicious transactions.
- Try to shop brands you trust. If you’ve never heard of it before, research it first – try Googling the name and “scam” or “fraud,” and look at customer reviews, to check its reputation.
- If you buy from an online market, always pay by credit card (because there are many buyer protections like that) or even consider using a disposable virtual card for one-time purchases.
- Only download mobile apps from trusted sources; ie, the App Store and Google Play.
- Do not buy things or log into accounts (especially not your bank account) when connected to public Wi-Fi, as this can be dangerous. Use a virtual private network (VPN) in these cases if you need to get a bargain while not using your home network or data plan.
- If you receive an unsolicited email or text, think twice about clicking on it. Separately check the sender if it is legitimate (but not by replying to the message).
- Consider checking out as a guest when buying from a legitimate company. If you save your details there is always a chance that they could end up in the hands of a cybercriminal if the company is breached.
- Do not click on pop-up ads, even if they offer great shopping deals, because the ads are often malicious.
Remember these simple steps and you won’t go wrong. Now the only risk is that you will spend more than you planned this holiday season.
Happy and safe online shopping!