Be Cyber Monday savvy: Holiday shopping tips
The holiday shopping season is upon us! As Black Friday and Cyber Monday stretch further and further beyond the 24-hour confines and with holiday decking the halls even before the Trick-O-Treaters hit the streets this year, Americans are turning out for a record spending haul. And, where there’s money moving online, cybercriminals appear to the not-so-cheery tune of over $1 trillion stolen in 2024. Website credentials, secure payment options, and other strategies should be just as big a consideration as the markdowns this season.
Fraudulent Websites
Fake, lookalike or otherwise deceptive websites are a common scam, but they remain prevalent because they continue to work. Social media is rife with fake or deceptive stores ranging selling you knock-off goods to identity theft. Stick with websites you’ve already purchased from and/or that start with “https,” not simply “http", denoting their secure encryption of your data. If purchasing from a new website, conduct reasonable due diligence – have you never heard of the company before, are there typos or typical information missing, or are prices and promises too good to be true? If any of these are the case, the odds increase that something is amiss and that your money may disappear into a scammer’s wallet. Unfortunately, reviews are easy to fake, so it’s advisable to look beyond a website’s self-reported ratings to verify their products. The Better Business Bureau can be a good resource.
Delivery Scams
Once an online transaction has been executed, it’s easy to relax your guard. Unfortunately, scammers may still try to deceive you through various ways including non-delivery, non-payment, auction fraud and gift card fraud. Only pay for products through methods you know are safe, such as with a credit card or a verified vendor who offers fraud protection. If you receive an unexpected text, email or other communication allegedly from a vendor, perhaps related to a supposed delay or additional fees, it’s often safer to ignore them; or, if you think they are real, independently find the entity’s contact information online or via prior transaction and then use that to contact them.
If someone is asking for a gift card, be very careful in cooperating, as once purchased the funds on a gift cards are generally untraceable and unrecoverable. In particular, any person or entity asking you to pay for something via gift card and/or buy gift cards and send them the information directly is a red flag. We can promise you that the CEO of your company is not going to text you urgently to purchase gift cards. A more recent fraud, gift card draining, presents a new risk for any unused gift card where scammers can record a card’s information and then automatically drain funds once someone legitimately activates it.
Embedded Website Links
Surprise! You’ve just received a festive e-card from a co-worker! Or, did you? Do not fall for unexpected holiday emails that may be a disguise for scams. Behind a twinkling tree or brightly animated characters can be an embedded link designed to send people to fake shopping sites, credential harvesting pages or bogus fundraising pages. Even if not holiday-related, at the end of the year cyber criminals may try to impersonate your bank or other institution, and it’s never a better time than today to get more vigilant about your finances.
Charity Scams
Many people use the holidays to give back to worthy causes and people in need, such as during Giving Tuesday. Unfortunately, cyber criminals are adept at charity scams, especially with the now-common practice of real people turning to crowdfunding for medical bills and other emergencies. Before making a donation, look at your options and do some research, which may include checking a charity review site, such as https://www.charitynavigator.org/ or https://www.charitywatch.org/. If you do decide to donate, consider doing so through an entity’s verified website and not through an unsolicited email link, unexpected phone call or other method where you may not have all the information available to you.
Cybercrime continues to evolve and, unfortunately, does not take holidays off. If you have questions about your business’s cybersecurity preparedness or think you might have experienced a cybersecurity incident, contact a member of McDonald Hopkins’ national cybersecurity and data privacy team.