Yes, my friends, it’s that time of year again. Time to start making our lists and checking them twice. Time to start looking for those hot deals on everything from toasters to televisions. And time for me to be the Debbie Downer who gets to warn you that all that glitters is not gold. Yes, I’m back with another round of everyone’s least favorite holiday game:
Because no one I know wants to be a winner at the Wheel of Misfortune. So pay close attention while I tell you all about this year’s online holiday scams. And then pass on the information to family and friends (particularly those less internet-savvy and most vulnerable, like Grandma and Grandpa).
Welcome to sale “season”
The Grinch is busier – and starting earlier – than ever. As with recent years past, the infamous “Christmas Creep” has had holiday deals springing up well in advance of the traditional Black Friday shopping bonanza. (I saw “Early Black Friday” sales advertised before Halloween this year. And like seeing Christmas trees in Home Depot in mid-October, I rolled my eyes in disgust) Then comes actual Black Friday, followed by Cyber Monday which morphed into a non-stop Cyber Weekend. And today? Retailers now think of the week that follows Black Friday as Cyber Week. Throw in a pandemic and inflation, with economy-stimulating sales everywhere, all season long, and the landscape for both shopping – and scamming – has increased exponentially. I can just see the Grinch rubbing his greedy little green paws together in glee at all the opportunity that awaits him this year…
Online holiday scams to look out for
Online shopping scams were the riskiest type of scam in 2021 and are still so far in 2022, according to the most recent Better Business Bureau Online Scams Report. Not only are they the most common, but they were the most likely to lead to financial loss for their victims. (In a rather heartbreaking twist, the online sale of puppies was the most-reported scam of all. As puppies are a popular holiday gift, take heed if you are in the market for one!)
So let’s get to it. Here are the most common types of scams that pop up this time of year:
Fraudulent online retailers
One of the best ways to avoid online shopping scams is to shop directly through the websites of retailers you already know and trust. There are plenty of fake websites out there, just waiting for you to give them your money for something that doesn’t exist. But sometimes the only place you can find a specific, hard-to-find item is through a site you aren’t familiar with. The solution: Take time to do a bit of research: If the retailer is based in North America, you can check out the Better Business Bureau website for prior complaints. Sometimes even a quick Google search can reveal the reputation – stellar or suspicious – of an online retailer. Study the URL to make sure it seems legit. Check for a physical address, a customer service phone number, and a professional-looking site. Look for the warning signs of sketchy sites including poor spelling, odd design, and slow loading. Only buy from secure sites with SSL encryption, with URLs starting with https: (rather than just http:) and a lock icon.
Spoofed websites of legitimate businesses
You think you are on the website of your favorite department retailer to score a deal, but in fact, you are on a cloned website set up by a scam artist. You make a purchase (or so you think!) and the scammer steals your credit card information. Perhaps you got there from clicking on an online ad. But there is also a chance you ended up there simply by making a typo in a Google search. Criminals are savvier than ever, and there are now spoofed websites with addresses based on common misspellings and typos. The solution: Whether you got there by clicking an ad or by typing the retailer’s website name yourself, take a minute to make sure you’re on the real online site by carefully inspecting the URL at the top of the page. Better yet: Bookmark the legitimate versions of your favorite shopping sites ahead of time to avoid rushed typing mistakes. And use online ads online as a reference tool for a sale, not as a means to get to the site. (If the sale in the online ad was legit, you should be able to find it on the retailer’s website by going there directly.)
Fake shipping notifications
You may have already gotten one of these over the past couple of years, as this has become a rather commonplace smishing scam. But you may see them more frequently around the holidays. These notifications look like they’re coming from the USPS, FedEx or UPS, but (you guessed it) they’re not. They may mention a problem with delivery and provide a link you can click to “fix the problem.” You may be asked to enter personal information or a credit card number. The solution: Track your purchases and shipments on your own, using the delivery company’s website.
Message about a charge you don’t remember making
Another popular Black Friday phishing scam comes in the form of an email telling you there’s an issue with an item you ordered. But you don’t recognize the item mentioned, and you know you never ordered it. You worry because the charge is significant, so you immediately respond by clicking on a link they’ve provided. Odds are the message is a phishing email meant to trick you into providing your bank login or other private information. The solution: Your safest course of action is to simply delete the message without responding in any way. But if you are concerned that someone is ordering things under your name without your permission, go directly to the retailer’s website using your browser, and check your purchase history for yourself. Or contact customer service using the phone number provided on their website. Most likely, you will find that everything is just fine.
Some general cyber-safety advice for online shopping
Beyond looking out for the scams I’ve described above (and because there are always going to be new ones showing up), here are some general guidelines to keep you safe this season.
Storing credit card information with online retailers
Keep in mind that no one is completely immune to a data breach. Be aware that any financial information you have stored for your own convenience with an online retailer comes with some degree of risk. Fortunately, most major retailers have taken great cybersecurity measures to protect your data (particularly after some large – and embarrassing – data breaches in the past), so this slims down (to some degree) the chances of there being an issue with the largest online stores. However, smaller retailers may not have the same information security resources in place, so it is best to only provide your information one time, at the point of sale, and not save it on their website. Better yet, use a secure, well-established service like PayPal or your Apple/Google Wallet to make your online purchases with smaller online stores.
Use credit, not debit
There are laws that limit an individual’s liability for fraudulent credit card charges. Your debit card may not have the same level of protection. Also, because a debit card draws money directly from a bank account, unauthorized charges could immediately leave you without funds to pay bills or other necessities.
Buying gift cards online
The Retail Gift Card Association recommends purchasing gift cards only from trusted online sources. Store it in an online account or mobile wallet that requires a password until you give it to the recipient. If it’s being sent to them online, use a means that is password protected. And if you receive a gift card this holiday season, use it as soon as possible to avoid loss or theft, or register it and change the PIN.
If you receive an E-card
According to the Better Business Bureau, if you get a message saying you have received an e-card, make sure that the sender’s name is visible on the e-card. And be wary if you are required to enter personal information in order to access it. Also, avoid opening e-cards with an attachment that ends in “.exe”, which could download a virus.
Use multiple – and strong – passwords
Vary the passwords you use for your email, online banking, credit card and other financial accounts and, ideally, change them every so often. If you use the same password for everything, a criminal who gains access to one account via a stolen password now has access to ALL of your accounts. So create strong passwords by using complex combinations of letters, numbers and characters, or come up with passphrases that are memorable to you but would be non-sensical (impossible to guess) to another. And make a different one for each account. Even better, use a password manager to generate super complex passwords and save them for you. (Then you only need to remember the single password to access that password manager.) And even better still? Try this virtually foolproof method I discovered that utilizes both a password manager AND a single, small contribution from you.
If it seems too good to be true…
You know how that saying ends: It probably is. The holidays are prime time for cybercrooks to set up their fake websites with amazing deals on whatever is the most in-demand gift that year. Seems like an unbelievable offer? Don’t believe it.
This is really the most important tip of all. The Grinches of the world want you to react quickly and rashly so they can get their hands on your data. They may use language designed to scare you so you will immediately respond. Or they may dangle a carrot – that hard-to-find item that you can only get from them, and their “stock is running low!” – to get you to bite. In both scenarios, resist the urge! Take a deep breath, don’t let your impulses dictate your reaction, and then follow all of the advice above.
I would now like to propose a toast: To happy – and SAFE – holiday shopping for us all! Cheers!