The annual chaos of Black Friday and Cyber Monday sales is already upon us, as evidenced by the deluge of emails from favorite retailers and others that have already hit our inboxes.
While you may be tempted to take advantage of what looks like an amazing deal on a must-have holiday gift, security experts warn there are dangers lurking in this storm, with scammers and other online Grinches looking to take advantage of people who don’t think before they click .
Almost everyone now shops online. According to a survey by cybersecurity firm McAfee, 76% of Americans plan to shop online this holiday season, and 30% say they plan to shop more online than in previous years.
Shoppers have also come to expect ridiculously good deals during the Black Friday weekend, and they’re well aware that with each day that passes there’s one less deal to help get everyone off their holiday lists. Combine this mentality with difficult economic conditions, including high inflation, and you have a large number of people willing to pounce on anything that looks like a good deal.
Michael Jabbara, vice president and global head of fraud services at Visa, says cybercriminals understand this and want to exploit this behavior by trying to steal consumers’ credit card numbers, login credentials and other personal information.
“We are dealing with a perfect confluence of events that make the holiday season the perfect time for fraudsters to attack,” he said.
This could have disastrous consequences. Thirty-six percent of Americans surveyed in the McAfee survey said they were victims of online fraud last holiday season, and three-quarters of those victims lost money as a result.
This may seem daunting. But just as Rudolph’s bright red nose lit the way for Santa Claus, a few basic precautions can help keep you safe during the storm of digital scams. Here are some expert recommendations on how to shop safely for the holidays.
Check your list (and your credit card and bank statements) more than twice
Keep an eye on your bank accounts and credit cards. This is not only good for security, but also for tracking expenses.
You can make it easier on yourself by limiting your holiday purchases to one credit card and email address. Doing so will also reduce your risk of falling victim to a phishing scam if it is sent to your other email accounts.
Don’t use your debit card for purchases. Your bank will help you get your money back if your account has been compromised, but it’s much easier to quickly get your fees refunded if your credit card number is stolen.
Don’t be tempted to pay for your purchases with cryptocurrency. Cryptocurrencies are intended to be anonymous and extremely difficult to track. If someone steals it, it’s probably gone.
Requests to pay with retail gift cards should also be treated with suspicion. They also cannot be tracked and cybercriminals can easily convert them into cash or goods.
Don’t be a feast for phishers
As in previous years, spam and fake emails are already on the rise. Experts at a cybersecurity company Bitdefender they say they have seen a steady increase since early November and expect rates to continue to rise throughout Black Friday week.
While most of the Black Friday-related junk email caught by the company’s filters between October 26 and November 13 was classified as spam from legitimate companies, 46% was deemed to be related to fraud, Bitdefender researchers say.
There is concern that buyers may click on a link in a malicious email that will take them to a fake website that will then collect their personal or financial information, putting them at risk of financial fraud or identity theft.
Big spikes in phishing emails during the holiday shopping season are nothing new. What experts are most concerned about is that they have become much more sophisticated and personalized in recent years. As consumers increasingly moved to online shopping, they realized the risks involved, forcing fraudsters to increase their options, Jabbara said.
Inexpensive, automated technology can make phishing emails sound more natural and contextually relevant. Moreover, experts fear that the emergence of increasingly powerful and accessible generative artificial intelligence tools will increase both the scale and perceived legitimacy of these emails.
Meanwhile, while security technology has also improved, it can’t do much to stop people from clicking on things they think are legal.
As in previous years, many of the fraudulent email campaigns detected by Bitdefender so far this year impersonated large retail players, including Amazon, Walmart, Target, Kohl’s and Lowe’s. Researchers from Bitdefender and another cybersecurity company Control point also noted an increase in fraudulent emails promising shoppers amazing deals on luxury bags and accessories from brands such as Louis Vuitton, Ray Ban and Rolex.
Others take the form of shipping notifications complete with barcodes that appear to come from FedEx or UPS, something online shoppers are very accustomed to receiving this time of year.
For all shipping notifications, if you are concerned about authenticity, go directly to the shipper’s website and copy and paste the tracking number there. Don’t click on links or open attachments, no matter how tempting or urgent they may seem.
Just a warning: phishing is not limited to email these days. It is also increasingly appearing in the form of text messages, social media posts, phone calls and even QR codes. If they are unwanted, ignore them as well.
Is that Santa Claus? Or maybe just the Grinch in disguise?
Sure, you can search on Google if major retailers don’t have what you’re looking for in stock, but make sure you’re dealing with a legitimate company. Be especially skeptical of ads appearing on your social media channels touting amazing limited-time offers.
As the saying goes: if something seems too good to be true, it probably is.
“It’s a bit of a cliché, but I think a lot of these crimes could be avoided if people kept that in mind,” said Iskander Sanchez-Rola, director of privacy innovation at Gen, the company behind Norton consumer security software.
For example, a $200 iPhone offer may seem tempting, but buyers need to stop and consider the possible merits of this type of deal before handing over their personal information or credit card number, he said.
The Elf on the Shelf isn’t the only one watching this, but does it really matter?
The Internet has changed a lot in recent years. Every website is now encrypted, which means that if someone intercepted your network traffic, for example by logging into the same Wi-Fi network as you at a nearby coffee shop, it would be scrambled and unusable.
For this reason, many security experts say that a virtual private network, or VPN, which masks people’s locations in addition to encrypting data, is overkill for most people.
However, both Jabbara and Sanchez-Rola say that while the risk of the average person being attacked online by a cybercriminal is slim, there is always a risk of accidentally connecting to a malicious Wi-Fi network, especially in busy places like such as a shopping mall or airport, which could put their data at risk of interception. A VPN will prevent this from happening in such a situation.
Regardless, the basic cybersecurity precautions you should take year-round are a must if you want to ward off a visit from the cyberkrampus.
Before you start shopping, make sure your devices and online accounts – bank and credit cards, emails, social media, shopping website logins, etc. – are locked. Update your operating systems, antivirus software and all applications.
All your online accounts require strong, unique passwords. If you need help, use a password manager. Two-factor authentication, which requires a second identifier, such as a biometric notification or push notification sent to your phone, should always be turned on if available.
If you’re still concerned about the security of free internet at your local store, use your smartphone’s cellular connection instead. It is much more secure than any other Wi-Fi connection.