The holiday shopping season is well underway, and like many people, you're probably on the hunt for great deals online for those can't-miss Christmas gifts.
The rush to cross everyone off your list can leave you ready to accept any offer. But security experts say you need to think before pulling out your credit card, because scammers and other online Grinches want to take advantage of your haste.
This holiday season is already breaking shopping records. According to Adobe AnalyticsAmerican consumers spent $109.3 billion online between November 1 and Cyber Monday, a 7.3% increase from the same period a year ago.
This isn't entirely surprising given the continued rise in online shopping. According to a survey conducted by cybersecurity firm McAfee, 76% of Americans planned to shop online this holiday season, and 30% said they planned to shop more online than in previous years.
Meanwhile, now that Black Friday and Cyber Monday are over, shoppers are well aware that with each passing day, there is less time to cross them all off their holiday lists. Couple this with difficult economic conditions, including high inflation, and buyers are ready to buy anything that looks like a good deal.
Michael Jabbara, vice president and global head of anti-fraud services at Visa, says cybercriminals want to capitalize on this behavior as they try to steal credit card numbers, login credentials and other personally identifiable information.
“There is this perfect confluence of events that makes the holiday season a perfect time for fraudsters to strike,” he said.
This can have dire consequences. Thirty-six percent of Americans surveyed in the McAfee survey reported being victims of an online scam during a previous vacation, and as a result, three-quarters of those victims lost money.
This may seem scary. But just as Rudolph's bright red nose lights the way to Santa Claus, a few basic precautions will help keep you safe from fraud. Here are some expert recommendations on how to shop safely for the holidays.
Check your list (and bank and credit card statements) more than twice
Keep an eye on your bank and credit card accounts. It's good not only for security but also for controlling your spending.
You can make this task easier by limiting your holiday purchases to a single credit card and email address. Doing this will also reduce the risk of falling for a phishing scam if it reaches your other email accounts.
Don't use your debit card for purchases. Your bank will help you recover money if your account is compromised, but it's much easier to quickly reverse charges when a credit card number is stolen.
Do not pay for your purchase with cryptocurrency. By definition, encryption is designed to be anonymous and extremely difficult to track. If someone steals it, it's probably gone.
Requests to pay with retail gift cards should also be viewed with suspicion. They also cannot be tracked and can be easily converted into money or goods by cybercriminals.
Don't be a feast for phishers
Just like in recent years, spam and scam emails are on the rise. Cybersecurity company experts Bitdefender said they have seen steady increases since early November and said they expect rates to continue to rise through Black Friday.
While most of the Black Friday-themed junk emails collected by the company's filters between Oct. 26 and Nov. 13 were classified as spam from legitimate companies, 46% were related to scams, Bitdefender researchers said.
The fear is that buyers could click a link in a malicious email that would take them to a fake website that would then collect their personal or financial information, putting them at risk of financial fraud or identity theft.
Big jumps in phishing emails during the holiday shopping season are nothing new. What worries experts most is that they have become more sophisticated and customized in recent years. As consumers moved to online shopping, they became aware of the risks, which forced fraudsters to up their game, Jabbara said.
Low-cost automated technology can make phishing emails more natural and contextually relevant. Furthermore, experts fear that the emergence of increasingly powerful and available generative artificial intelligence tools will overwhelm the scale and perceived legitimacy of these emails.
However, although security technology has also improved, it can't do much to stop people from clicking on things they are convinced are legitimate.
As in previous years, many of the fraudulent email campaigns detected by Bitdefender so far this year have posed as major retail players, including Amazon, Walmart, Target, Kohl's and Lowe's. Bitdefender researchers and cybersecurity company Checkpoint also pointed to a rise in fraudulent emails promising shoppers incredible deals on luxury handbags and accessories from brands such as Louis Vuitton, Ray-Ban and Rolex.
Others took the form of shipping notifications complete with barcodes that appear to be from FedEx or UPS, something online shoppers are accustomed to receiving this time of year. recently issued a warning about these types of scams. He says consumers could put themselves at risk of identity theft or other cybercrimes if they click on a link in one of these emails and then enter their personal information on the fraudulent website the link takes them to.
If you have any doubts about the authenticity of an email, go directly to the sender's website and copy and paste the tracking number into it. Don't click on links or open attachments, no matter how tempting or urgent they may seem.
Just a warning: Phishing isn't limited to emails these days. It also increasingly comes in the form of text messages, social media posts, phone calls and even QR codes. If they are unsolicited, ignore them as well.
Is that Santa Claus? Or just the Grinch in disguise?
Of course, you can Google it if major retailers don't have what you want in stock, but make sure you're dealing with a legitimate business. Be especially skeptical of ads that appear on your social media feeds touting incredible limited-time offers.
As the saying goes: if something seems too good to be true, it probably is.
“It's a little cliché, but I think a lot of these crimes would be prevented if people kept this in mind,” said Iskander Sanchez-Rola, director of privacy innovation at Gen, the company behind consumer security software Norton.
An offer for a $200 iPhone, for example, may seem attractive, but buyers need to stop and consider the legitimacy of this type of deal before handing over their personal information or credit card number, he said.
Be Choosy When It Comes to Gift Cards
Some people are really hard to shop for, especially if you're short on time, which might lead you to buy a gift card from your local pharmacy. But experts say cybercriminals also seek to profit from these cards before recipients have a chance to use them.
Dan Woods, global head of intelligence at F5, which specializes in botnet protection, says thieves take photos of the numbers and barcodes on the back of gift cards and then access the retailer's “check balance” website, where they will use botnets. to repeatedly bombard the site with PIN code guesses until they manage to log into your card account and steal your cash balance.
Retailers and other online businesses are under constant attack from botnets, says Woods, to the point where bots make up the vast majority of their website traffic. One F5 client recorded more than 6 billion botnet attacks in just a few weeks, he says, while another was forced to shut down its “balance check” website and replace it with a human-powered call center because the bots they kept stopping him.
There's usually no way to tell if a gift card number has been stolen unless the criminal is brazen enough to have scraped off the PIN code cover, but Woods recommends picking gift cards from the back of the shelf or, better yet, , buy packaged cards where the number is covered.
Elf on the Shelf isn't the only one watching, but does it really matter?
The internet has changed a lot in recent years. Any website worth its salt is now encrypted, meaning that if someone were to intercept your web traffic, for example logging onto the same Wi-Fi as you at the neighborhood coffee shop, it would be scrambled and useless.
For this reason, many security experts say that a virtual private network, or VPN, which masks people's locations as well as encrypts their data, is overkill for most people.
But both Jabbara and Sanchez-Rola say that while the chance of an average person being attacked online by a cybercriminal is remote, there is always the chance that they could accidentally connect to a malicious Wi-Fi network, especially in busy places like a shopping mall or airport. This could put your data at risk of being captured, but a VPN would prevent this.
Regardless, basic cybersecurity precautions you should take year-round are essential if you want to avoid a visit from a cyber Krampus.
Make sure your devices and online accounts – bank and credit cards, email, social media, shopping site logins, and so on – are locked before you start shopping. Update your operating systems, antivirus software and all your applications.
All of your online accounts need strong and unique passwords. If you need help, use a password manager. Two-factor authentication, which requires a second identifier such as a biometric or push notification sent to your phone, should always be enabled when available.
If you're still worried about the security of free internet at your local store, use your smartphone's cellular connection. It's much more secure than any existing Wi-Fi connection.