Beware of Holiday Online Shopping Scams!

2021 is wrapping up and we are still dealing with worldwide supply chain issues and shipping delays. These problems have made it easier than ever for people to get tricked by online scams. In fact, 32% of all phishing victims were deceived by fake shipping notifications!

As we head into the holiday season, hackers are eager to take advantage of a new wave of unsuspecting online shoppers. With this in mind, the Cybersecurity & Infrastructure Security Agency (CISA) has created a list of steps you can take to be more secure before and after you shop, which we share with you below.

#1 Check Your Devices

Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if two-factor authentication is available, are you using it?

  • Once you’ve purchased an internet connected device, change the default password and use different and complex passwords for each one. Consider using a password manager to help.
  • Check your devices’ privacy and security settings to make sure you understand how your information will be used and stored. Also make sure you’re not sharing more information than you want or need to provide.

#2 Only Shop Through Trusted Sources

Think about how you’re searching online. Are you searching from home, on public Wi-Fi? How are you finding the deals? Are you clicking on links in emails? Going to trusted vendors? Clicking on ads on webpages? You wouldn’t go into a store with boarded up windows and without signage, the same rules apply online. If it looks suspicious, something’s probably not right. 

  • Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails— designed to look like they’re from retailers—that have malicious links or that ask for you to input your personal or financial information.
  • Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.
  • Some attackers may try to trick you by creating malicious websites that appear to be legitimate. Always verify the legitimacy before supplying any information. If you’ve never heard of it before, check twice before handing over your information.
  • Make sure your information is being encrypted. Many sites use secure sockets layer (SSL) to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted.

#3 Use Safe Methods for Purchases

If you’re going to make that purchase, what information are you handing over? Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.

  • If you can, use a credit card as opposed to a debit card. There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills.
  • Check your credit card and bank statements for any fraudulent charges on a regular basis. If you spot a fraudulent charge, immediately notify your bank or financial institution and local law enforcement.
  • Be wary of emails requesting personal information. Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email.

Have a happy and safe shopping experience!