By: Ilana Siyance
Cyber assaults and online scams are becoming more commonplace, with Internet crime complaints reported to the FBI rapidly climbing each year. The holiday shopping season is now upon us, and cyber criminals work overtime during this period— knowing there is spending money, ripe for the taking. “Coming into the holiday season, we are seeing a volume increase, and that will continue into January,” says Vikram Thakur, technical director of Symantec. “People are looking to spend money, to get together with their loved ones and for deals. As these topical themes pop up, scammers know just what to say to take advantage of vulnerable people.”
Sometimes holiday shoppers feel overwhelmed, rushed, distracted, impulsive or desperate—and this is what makes for an easier target. So, the first step to steering clear of scams is watching our own mindset, and using our good judgement. As per a recent article in the Wall Street Journal, when we keep a cool head, we can avoid common pitfalls. These include: unproven websites promoting deals that seem too good to be true; using weak passwords; or subscribing to internet-hosted mailing lists for the promise of a discount code, says retired Brig. Gen. Greg Touhill, director of the CERT Division of the Software Engineering Institute at Carnegie Mellon University. This year, pandemic led scares of scarcities will also give scammers an added supply-chain fear to exploit. “Cybercriminals understand this mind-set and take advantage of every trick to gain access to your personal information, credit-card numbers or other data they can leverage later,” Touhill says. “They prey on human nature.”
One popular scam begins with cookies tracking your searches and interests. This allows scammers to easily offer a banner ad or popup featuring the item from you searched at a discounted price. Clicking on the link will take you to a spoof site, maybe “Amaazon.com,” or something that looks familiar. The site can then take your credit card with a purchase that will never arrive, or the site can gather your personally identifiable information and sell it to criminals on the black market. Bad grammar and a poorly designed website should tip you off.
During the holidays, criminals know there is a lot of extra spending, and an extra charge on a credit card is sometimes harder to catch—so stay vigilant, says Judith Bitterli, senior vice president of consumer monetization at McAfee.
There is also the infamous shipping scam, aka the FedEx scam. This is where a customer is expecting several shipments and gets a scam email or text saying your package is delayed, but you can expedite the delivery for a fee. Criminals are hoping you will click the link and enter your personal information and credit card.
There is also the gift card scam. A criminal sets up an online store, or uses eBay hoping to get your gift card information. “Either the seller only accepts gift cards, or they say, ‘There is a problem with your credit card, do you have a gift card you can use?’ Now they have an anonymous, untraceable gift card,” says Kevin Curran, professor of cybersecurity at Ulster University and co-founder of encryption provider Vaultree. Since gift cards are untraceable and don’t have fraud protections like a credit card, it is an easy crime.
With the return of traveling following the pandemic, travel phishing is also gaining speed. This is when an email is sent saying that your booking has been canceled. Clicking the link sends you to a spoof site where you can enter your credit card number to make a new reservation. Alternatively, you may be directed to a clone site which offers crazy discounts on flight or hotels or house rentals –asking you to hold your reservation with a deposit.
There are even charity scams. On social-media feeds, there are multiple requests out there asking targets to donate to a good cause—this too can be scammers trying to take what’s in your wallet. “These still exist in the other 11 months of the year, but the messaging becomes more pointed toward the things we’d naturally be doing around the holidays,” says Raj Samani, chief scientist for McAfee Enterprise & FireEye.
As per the WSJ, even worse than a scam that will take your money is malware that attaches itself to your device, just by clicking a suspicious link. “We call those drive-by downloads. They are easy to install, and the bad guys can come back and get into your machine for whatever they want later,” says Prof. Curran. The easiest way to keep malware from infecting your phone or pc is to keep operating systems and software up-to-date, adds Prof. Curran. Companies, like Microsoft and Apple send out patches monthly with their regular updates.
Cybercrimes are on the rise, so please be alert. As per the Internet Crime Complaint Center’s 2020 report, Americans reported over $265 million in non-delivery scams, where an item is charged but never delivered. There were also another: $130 million reported losses due to credit-card fraud , $54 million of losses in spoof sites- when copycat sites ask for personal information, and $4 million in charity scams.
So, here are some expert tips to keep from becoming a victim. Double check an email to make sure it’s the real thing before clicking on. Often it’s best to just type in the website and do a simple search rather than follow a link, says Vikram Thakur of Symantec.
Check the sender’s actual email address before clicking any links from an email. Check the address bar to see if the address is correct and before divulging any personal information— look to the left of the website address to make sure the site is secured and starts with https, not just http. “That extra ‘s’ means that it uses a secure protocol for transmitting sensitive info like passwords, credit-card numbers and the like over the internet,” McAfee’s Bitterli told the WSJ. Check a company’s reviews if you have never dealt with them before, and don’t rely on just a handful. Be suspicious when a deal sounds too good. Use a credit card to make online payments and check your statement often –your card should reverse fraud charges if you catch and report them.
Use a strong password, and don’t give out personal information while connected to a public Wi-Fi network. Also, don’t update your password or personal information just because you’re asked to. You should be the one who initiates any changes to your account. As for finding a reputable charity, there are websites including GuideStar or Charity Navigator, with lists of worthy organizations.