By Reason Cybersecurity
on Thu Nov 23 2017
“It’s the most hackable time of the year.” Oh wait, that’s not how the song goes? Might as well. With Thanksgiving and it’s tagalongs Black Friday and Cyber Monday upon us, scammers and hackers are coming out of the woodworks to cash in on the year’s busiest buying season.
As people go online in search of the perfect holiday gifts, the natural inclination is to hunt for the best possible bargain. And where there are bargain hunters, you can be sure there will be scammers. Market experts expect that Americans will spend more than $59.57 billion between November 25-28, and sadly, a decent-sized portion of that money will go straight into the pockets of scammers.
Last year we provided you with 21 Black Friday/Cyber Monday tips to make your holiday shopping more secure. Before you get your shopping game on, check out that post and maybe even share it with your fellow shopping buddies so they stay safe, too. This year we’re sharing a roundup of some of the most common scams you need to be prepared for as you shop ‘til you drop.
This scam starts with a spam email that claims to be from a well-known retailer like Wal-Mart, JC Penney or Overstock.com, offering holiday discounts. Clicking on the link leads to a fake e-commerce site that usually has a very similar name to the one you’re looking for, like “JC Penny.cm”, where cheap knockoffs are sold. Worse than that, making a purchase on one of these sites will probably get your credit card information stolen. Scammers may have dozens of these websites set up and switch out product images and logos to fit the season and store.
How to steer clear: As you shop, stay away from email advertisements. Let’s say you just got an email from Old Navy and can’t resist that cute dress/sweater/tee, stop and think. The email could just be a really great fake out and if you give them your credit card information, that may mean the end of your holiday merriment. Instead, head over to the website, making sure it’s spelled properly and make your purchase from there.
Fake delivery emails:
The holiday shopping frenzy is the perfect time for scammers to send fake tracking notices since there is a pretty decent chance that at least one of your purchases is on its way to you. The notice appears to be from DHL, FedEx, UPS or even the USPS and may say something like “Delivery failure, click the link to find out more”, or it may simply pose as a delivery status update. Clicking on the link can fill your device with ransomware – in fact, this was a particularly popular way for the devastating Locky Ransomware variant to be delivered this year.
How to steer clear: The whole rouse should set off bells in your head, but especially the part about clicking links. Never, never, never(!) click links in emails if you aren’t 100% sure the email is legitimate.
Okay, let’s say over the course of your Cyber Monday shopping spree, you get a WhatsApp message, perhaps even coming from someone you know. It says you have won a free gift card or vouchers – but don’t fall for it – it’s a fake. Though the trending WhatsApp scam-of-the-moment focuses mainly on the UK market, as it pretends to be a voucher from British retailers like Marks & Spencer and Tesco, that doesn’t mean that there aren’t other variants floating around. Clicking on the link will lead you to websites that collect personal information and install tracking cookies on your devices.
How to steer clear: If you get any WhatsApp messages with links in them for holiday vouchers or deals, ignore them. If you’re forwarded one by a friend, let them know that it’s a scam and they shouldn’t pass it on further. Sure, they might be annoyed at you for raining on their Cyber Monday bargain parade, but it’s better than allowing more people to get reeled in.
Sad to say, but once again, the App Store and Google Play are being filled with apps that mimic luxury retailers and brands. From department stores like Nordstrom’s to upscale brands like Ferragamo, The New York Times is reporting a huge uptick in fake retailer apps in the last few weeks alone. The problems with fake retailer apps are manifold; not only won’t you get what you paid for, but your credit card information may also be collected and stolen — or, you may not even be able to make a purchase before some nasty ransomware variant encrypts all the data on your device.
How to steer clear: If, for whatever reason, you must make your desired purchase via an app, make sure it’s the real deal. Do this by carefully studying the name of the app to see it is spelled correctly. And always read the dreadfully boring but super-important TOS and EULA. Anything fishy should send you in the other direction. Moreover, try to stay away from making in-app purchases. It’s a far more secure practice to go to the web-based site and make your purchase there.
Above All – think before you shop!
The critical factor here is that scams change all the time – these are just the most common ones you MUST know about before you whip out your credit card. This means that you should always keep your wits about you, anytime you shop online, not only as we approach the holiday season.