Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The holiday shopping season is in full gear, and Santa will be on his way soon. If you haven’t started shopping yet, now is the time to go.
Giving gifts and delivery dates are fast approaching, but try not to panic. Security experts say you should think before you pull out your credit card, as scammers and other online Scrooges want to take advantage of your haste and trick you into falling for fake offers and other shopping scams.
The surge in online shopping combined with countless busy and distracted shoppers makes this time of year so tempting for fraudsters, says Darius Kingsley, head of Chase’s consumer banking practice.
“A lot of us are kind of alert year-round, at least to some extent,” Kingsley said. “Then it’s late November and you’ve just started your holiday shopping, so the panic sets in.” It’s kind of all those typical emotions, but it kind of clouds your judgment.”
This year’s online holiday sales are expected to set records. Adobe projects that online sales in the US will reach $240.8 billion this holiday shopping season, representing growth of 8.4% over the same period last year.
They started the holiday weekend well. Adobe says online sales for this year’s Cyber Week, the five-day period that includes Thanksgiving, Black Friday and Cyber Monday, reached $41.1 billion, an 8.2% increase over the same period last year.
Like some shoppers, many scammers got an early start on holiday activities this year. In its Holiday Threat Report, released in November, Visa noted that the number of fake and fraudulent merchant websites spotted by its researchers in the last four months was nearly three times higher than in the four months prior.
James Mirfin, the company’s senior vice president and global head of risk and identity solutions, said Visa has also seen an increase in other types of malicious activity, including identity theft and social engineering scams, along with holiday travel and seasonal business scams. .
Meanwhile, generative AI tools are making it faster and easier for cybercriminals to craft customized scams, allowing them to spoof voices and create deep fake videos that make their scams much more convincing, he said. And, needless to say, gone are the days of poorly written phishing emails that would make even the least tech-savvy consumer suspicious.
“These things are starting to look and feel more like they’re coming from your bank or someone you trust,” Mirfin said.
Mike Price, Chief Technology Officer at ZeroFok, also pointed to the rise of tools like ChatGPT and other big-language models as the latest game changer in the world of online fraud. He noted that in addition to deeply faked voices and videos, these types of tools allow criminals to create photorealistic images of almost anything you can imagine, simply by entering a text prompt.
“And this wasn’t really possible until the last few years and it didn’t really mature until this year,” Price said. “Platforms have come a long way in the past few months.”
It can seem scary. But a few basic precautions will help protect you from the Krampus of the online world. Here are some expert recommendations on how to shop safely for the holidays.
Check your list (and credit card and bank statements) more than twice
Keep an eye on your bank and credit card accounts. It’s good not only for security, but also for tracking your spending.
Mirfin said customers should set purchase alerts on their accounts and monitor their statements carefully, especially this time of year.
You can make this task easier by limiting your holiday shopping to one credit card and one email address. Doing so will also reduce the risk of a phishing attack if it lands on your other email accounts.
If you notice something is wrong, log into your account directly through your bank’s app or website, or call the number on the back of your card. Do not click on links in emails.
Do not pay for purchases with cryptocurrency. By design, crypto is meant to be anonymous and extremely difficult to trace. If someone steals it, it’s probably gone.
Payment requests with retailers gift cards should also be viewed with suspicion. They are also untraceable and can easily be turned into cash or goods by cybercriminals.
Don’t be a feast for phishers
Spam and emails, texts, and other types of messages are a year-round thing, but they really pile up this time of year. They can look like a fraud alert from your bank or a lot about that must-have item.
The risk is that customers could click on a link in a malicious email that would take them to a fraudulent website that would then collect their personal or financial information, putting them at risk of financial fraud or identity theft.
Major email providers do their best to keep fraudulent emails out of your inbox, but some inevitably get past their defenses, ZeroFox’s Price said. And it can’t do much to stop people from clicking on things they believe are legitimate.
Scott Knapp, Amazon’s vice president of worldwide customer risk prevention, said fake order scams, where a customer receives a text or email claiming they bought some kind of expensive item they didn’t, have been on the rise this year. Some are claiming a delivery problem, while others are now advertising fake “private” deals for Amazon Prime members.
When it comes to potentially fraudulent emails that mention Amazon, Knapp says the best thing people can do is go back to the company’s website or app. If there is a problem with the order or the company otherwise needs to get a hold of you, that information will be in your message center.
Read more: The Best Identity Theft Protection Services for 2024
Is that Santa Claus? Or just the Grinch in disguise?
Of course, you can google if the major retailers don’t have what you want in stock, but make sure you’re dealing with a legitimate business. Be especially skeptical of ads that appear in your social media feeds that promote incredible limited-time offers.
When in doubt about the authenticity of any offer, message or seller, the advice is the same.
“Buyers need to be suspicious,” Knapp said. “It’s the old adage, ‘If it seems too good to be true, it probably is.’ Get away from it.”
You’re almost always better off buying from reputable retailers, but if you’re going to do business with a site that looks like a discount site or even a small business, you need to check it out first. Look for reviews online and check for complaints with groups like the Better Business Bureau, Price said.
Even if you do your homework, you have to be prepared for the possibility of losing money to scammers, he said. If you’re not okay with that, you’re probably better off paying a little more elsewhere.
Be picky when it comes to gift cards
Some people are really hard to shop for, especially if you’re short on time, which might tempt you to just buy them a gift card. But experts say cybercriminals also want to cash those cards before their recipients ever get a chance to use them.
While digital gift cards are the ideal way to go, never buy them from a third-party site, even if they offer them at a generous discount, advised Chase Kingsley. There is no guarantee that it will actually arrive. Even if they show up in the mail, they may turn out to be expired or used.
Although they are difficult to wrap and put under the tree, it is best to buy digital gift cards directly from the company that issued them or from a large retailer. If you really want a physical card, look for it with its packaging intact, preferably behind the store counter.
The Elf on the Shelf may not be the only one watching
Basic cyber security precautions, which you should take all year round, are essential if you want to prevent a visit from the cyber Grinch.
Make sure your devices and online accounts – bank and credit cards, email, social media, logins to shopping websites and so on – are locked before you start shopping. Update your operating systems, antivirus software and all your applications.
All your online accounts are required strong, unique passwords. If you need help, use a password manager. Passkeis are becoming increasingly available and can also make things easier. Two-factor authenticationthat requires another identifier such as a biometric or a push notification sent to your phone should always be enabled when available.
If you’re concerned about the safety of free internet at your local store, consider signing up for a virtual private network. Good ones will both mask your location and encrypt the data you send and receive over that Wi-Fi network.
You can also just use the mobile connection on your smartphone. It is much more secure than any Wi-Fi connection.
