There are only a few days left until Santa Claus sets off on his annual journey. If you haven’t started shopping yet, now is the time.
But try not to panic and don’t click before thinking. Scammers and other online Scroogs want to take advantage of your haste and trick you into falling for fake deals and other shopping-related scams.
It’s the big jump in online shopping combined with countless busy and distracted shoppers that makes this time of year so attractive to fraudsters, says Darius Kingsley, head of Chase’s consumer banking practice.
“Many of us have our care year-round, at least to some extent,” Kingsley said. “Then it’s the end of November and you’ve just started holiday shopping, so the panic sets in. It’s kind of all those typical emotions, but it clouds your judgment a little bit.”
This year’s online holiday sales are expected to set records. Adobe projects that US online sales will reach $240.8 billion this holiday shopping season, representing 8.4% growth over the same period last year.
They got off to a good start over the holiday weekend. Adobe says online sales for this year’s Cyber ​​Week, the five-day period that includes Thanksgiving, Black Friday and Cyber ​​Monday, totaled $41.1 billion, representing an 8.2% year-over-year increase. past.
Like some shoppers, many scammers got an early start on their holiday activities this year. In its Holiday Threat Report, published in November, Visa noted that the number of fake and fraudulent merchant websites spotted by its researchers over the past four months was nearly triple what it was in the previous four months.
James Mirfin, the company’s senior vice president and global head of risk and identity solutions, said Visa has also seen increases in other types of malicious activity, including phishing and social engineering scams, along with scams that related to holiday travel and seasonal work.
Meanwhile, generating AI tools are making it faster and easier for cybercriminals to create personalized scams, letting them spoof voices and create deep fake videos that make their scams much more compelling, he said. And, needless to say, gone are the days of poorly written phishing emails that would raise the suspicions of even the least tech-savvy consumers.
“These things are starting to look and feel more like they’re coming from your bank or someone you trust,” Mirfin said.
Mike Price, chief technology officer at ZeroFox, also pointed to the rise of tools like ChatGPT and other models in major languages ​​as the latest game changer in the world of online scams. He noted that in addition to deep fake voices and videos, these types of tools allow criminals to create photorealistic images of almost anything you can imagine, just by entering a text message.
“And that hadn’t really been possible until the last couple of years and it hasn’t matured until this year,” Price said. “Platforms have come a long way in the last couple of months.”
This may seem scary. But some basic precautions will help keep you safe from the Krampuses of the online world. Here are some expert recommendations on how to shop safely for the holidays.
Check your list (and credit card and bank statements) more than twice
Keep an eye on your bank and credit card accounts. It is good not only for security but also for keeping track of your expenses.
Mirfin said shoppers should set purchase alerts on their accounts and keep a close eye on their statements, especially this time of year.
You can make this task easier by limiting your holiday shopping to one credit card and one email address. Doing this will also reduce the risk of falling for a phishing scam if it lands on other email accounts.
If you notice something wrong, access your account directly through your bank’s app or website, or call the number on the back of the card. Do not click on links in emails.
Don’t pay for your purchase with cryptocurrency. By design, crypto is intended to be anonymous and extremely difficult to trace. If someone steals it, it’s probably gone.
Requests for payment with retail gift cards should also be viewed with suspicion. They are also untraceable and can easily be converted into cash or goods by cybercriminals.
Don’t be a party for phishers
Spam emails and scams, texts and other types of messages are a year-round thing, but they really pile up this time of year. They might look like a fraud alert from your bank or a great deal on that must-have item.
The risk is that buyers could click on a link in a malicious email that would take them to a fake website that would then collect their personal or financial information, putting them at risk of financial fraud or identity theft.
Major email providers do their best to keep fraudulent emails out of your inbox, but some inevitably get past their defenses, ZeroFox’s Price said. And it can’t do much to stop people from clicking on things they believe are legitimate.
Scott Knapp, Amazon’s vice president of worldwide buyer risk prevention, said fake order scams, where a customer receives a text or email claiming to have purchased some type of high-priced item that they actually haven’t done, have been on the rise this year. . Some claim there’s a problem with a delivery, while others are now advertising fake “private” Amazon Prime member deals.
When it comes to potentially fraudulent emails that mention Amazon, Knapp says the best thing people can do is simply go back to the company’s website or app. If there’s a problem with an order, or the company needs to put you on hold, that information will be in your message center.
Read more: The Best Identity Theft Protection Services for 2024
Is he Santa? Or just the Grinch in disguise?
Of course, you can Google around if major retailers don’t have what you want in stock, but make sure you’re dealing with a legitimate business. Be especially skeptical of ads that appear on your social media feeds advertising amazing limited-time offers.
When in doubt about the authenticity of any offer, message or retailer, the advice is the same.
“Customers should be suspicious,” Knapp said. “It’s the old saying, ‘If it seems too good to be true, it probably is.’ Walk away from it.”
It’s almost always best to shop at reputable seller sites, but if you’re going to do business with what appears to be a discount site or even a small business, you should verify first. Look for reviews online and check for complaints with groups like the Better Business Bureau, Price said.
Even if you do your homework, you should be prepared for the possibility that you will lose your money to a scammer, he said. If you’re not okay with that, you’re probably better off paying a little more elsewhere.
Be careful when it comes to gift cards
Some people are really hard to buy for, especially if you’re short on time, which can tempt you to just buy them a gift card. But experts say cybercriminals are also looking to cash in on those cards before their recipients have a chance to use them.
While digital gift cards are the ideal way to go, never buy them from a third-party site, even if it offers them at a generous discount, Chase’s Kingsley advised. There is no guarantee that they will actually succeed. And even if they appear in the mail, they may turn out to be expired or used.
Although it’s difficult to wrap and place under a tree, it’s best to buy digital gift cards directly from the company that issued them or from a major retailer. If you really want a physical card, look for one with intact packaging, preferably behind the counter of a store.
Elf on the Shelf may not be the only one watching
Basic cyber security precautions, which you should take all year round, are essential if you want to avoid a visit from the cyber Grinch.
Make sure your online devices and accounts — bank and credit cards, email, social media, shopping website logins, and so on — are blocked before you start shopping. Update your operating systems, antivirus software and all your applications.
All your online accounts need strong and unique passwords. If you need help, use a password manager. Passkeys are becoming more and more available and can make things easier too. Two-factor authentication, which requires a second identifier such as a biometric or push notification sent to your phone, should always be enabled when available.
If you’re concerned about the safety of free internet at your local store, consider signing up for a virtual private network. Good ones will mask your location as well as encrypt the data you send and receive over that Wi-Fi.
You can also use the cellular connection on your smartphone. It is much more secure than any Wi-Fi connection out there.