Global e-commerce is on fire. The market is projected to grow at a compound annual growth rate (CAGR) of 12% during 2021-25 and surpass $8.5 trillion by 2025. With so much money, it’s no surprise that fraudsters and the astute are ready for action. And they are even more ready during festive seasons, such as the Christmas season, when it is easier to hide fraud in the rush of purchases and when shoppers can be abstracted.
So what do fraudsters crave? Your money and/or personal information, such as login codes to related accounts, which can then be sold to other criminals engaged in identity fraud. The most common threats to watch out for during the holiday season are:
1. Fake sellers:
They operate on legitimate websites like Facebook Marketplace and attract buyers by listing high-demand products at outrageously low prices. They can also create fake reviews for their “store” in order to give it legitimacy. Users are asked to pay through instant payment apps like Zelle, Venmo or Cash App. But they never receive their order because it was all a scam.
2. Account takeover (ATO):
Cybercriminals are always looking for ways to compromise customer accounts. This is because they can use the stored cards to make purchases, or otherwise find personal information on the accounts that can be sold to others. The most common way to take over an account is through stolen logins. Sometimes scammers use login codes obtained from other websites (via a data breach), which victims use on several different accounts. This method is known as credential stuffing.
3. Fake online stores:
This threat is similar to the threat of fake sellers. But here the criminals go a step further to make the shop look more legitimate. Fraudsters will falsify the website of a merchant or a well-known product company. Not only will victims not receive their item or possibly be sent a counterfeit version, but fraudsters will also record the card details for future fraud.
4. Fake sales apps:
These apps are often trafficked to unofficial third-party app stores or phishing websites. Users may end up there after clicking on a fake link on social media or via email.
5. Phishing:
It’s still one of the most popular ways for fraudsters to obtain personal and financial information, which can then be used in identity fraud, such as buying things or applying for loans in your name. Fake emails, social media messages or text messages are designed to appear to be sent by a known company.
6. Fake Gift Cards:
Bait is an enticing offer of a gift card that you will receive for free or at a significantly reduced price compared to its face value. However, clicking on the link included in the email or text message to claim your gift card may result in malware being installed on your device, your personal data compromised, or a stolen gift card being sent.
7. Receiving fake messages from courier companies:
They ask you for information or to pay money for “taxes” or “customs” charges. You may have ordered so much online that it’s hard to keep track of your actual orders. Sometimes, by clicking a link, you install malware designed to flood your screen with ads or steal personal/financial information.
Twelve ways to stay safe when shopping online
1. Make sure your computer and mobile phone are protected with security software from a trusted provider. This will go a long way in preventing the damage that information theft and other malware can cause.
2. Always use strong and unique passwords on all accounts (via a password manager) and enable two-factor authentication (2FA). This will help mitigate the risk of password theft and account hijacking.
3. Beware of too good deals. If an offer seems too good to be true, it probably isn’t.
4. Always use secure websites for any purchases. Look for the padlock in the browser bar and the HTTPS address. This will limit the opportunity for hackers to intercept your communications and steal your card information.
5. Check your bank and credit card accounts regularly during the shopping period and contact your bank immediately if any transaction looks suspicious.
6. Try to only shop from companies you trust. If you haven’t heard of one before, do some research on it first – try Googling the name plus “scam” or “fraud” and check customer reviews to gauge the her reputation.
7. If you’re buying from an online marketplace, always pay by credit card (as there’s more buyer protection this way) or consider using a single-use virtual card for purchases.
8. Download mobile apps only from trusted sources i.e. App Store and Google Play.
9. Never buy items or log into accounts (especially your bank account) when connected to public Wi-Fi. Use a virtual private network (VPN) in these situations if you absolutely must grab an opportunity while not using your home network or mobile data plan.
10. If you receive an unexpected email or text message, think twice before clicking on it. Contact the sender if possible (but not by replying to the message).
11. Consider shopping as a guest when shopping online. If you store your information, there is always a chance that it could end up in the hands of a cybercriminal if the company’s systems are breached.
12. Do not click on pop-up ads, even if they offer great shopping opportunities, as the ads may be malicious.
Follow these simple steps to have more peace of mind. Now the biggest risk you will face will be…spending more than you intended this holiday season.
