Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that offered them at an unusually low price.
Leesburg paid about $250 for everything, using a few gift cards she had received in recognition of her academic and job-hunting success, and waited patiently for a truck to deliver the goods. But they never arrived. Leesburg emailed the store several times regarding the whereabouts of the order, to no avail.
After a while, she looked at the email she had received from the store and noticed that the domain of the email address was a bit different from the name of the store. Then, she did a more thorough search and unearthed the bad news: Several other customers said the store was a flat-out scam.
This story is apocryphal, but tens of millions of Americans suffer the consequences of real scams similar to this every year, and they typically hit a peak during the Christmas holiday season. This is because people are more preoccupied with shopping and buy more gifts than usual, including many online. Conversely, cybercriminals typically view holiday online shopping as a license to steal.
A few statistics underscore the issue. Recent research by NortonLifeLLock, found that 36 percent of adults in the U.S. have previously fallen victim to online shopping scams during the holidays. Perhaps worse, another survey by AARP found that 75 percent of 2,000-plus respondents had already experienced at least an attempt at online fraud.
Making matters worse, this holiday season, which extends into the first half of January, may wind up being the most fraud-ridden yet. A recent TransUnion report – the 2022 Consumer Holiday Shopping Report – says more than half of American consumers worry about being victimized by fraud this holiday season – a 17 percent increase over last year.
If you are scammed, don’t take it personally. Scams are usually designed to work across a wide range of people in the hope that at least a few will get caught. It’s also true that some people are more vulnerable than others, however, and seniors may be the most vulnerable of all because they tend to be less technologically sophisticated.
Among all the scams is one that hypothetically impacted Linda Leesburg, i.e., a visit to an unproven website promoting extremely generous deals. People may also be victimized by internet-hosted mailing lists. Among other things, these may find a way to extract Personally Identifiable Information (PII), which can potentially lead to a far greater heist than a few hundred dollars. People’s PII, sellable on the black market, can also be compromised by poor password protection.
In fact, among the most common types of cybercrime are brute-force attacks – attacks in which the criminal tries to break into user accounts by guessing identification and password combinations. Among other things, successful cybercriminals may lock your device and require a ransom for it to be unlocked.
Here are some of the biggest online scams during the holidays:
The shipping scam
Cybercriminals send you an email informing you that your package has been delayed but can be expedited for a fee if you click on a link. If successful, they may steal your PII, and perhaps your credit card as well.
The temporary holiday job scam
Many retailers and gift distributors hire extra people to help them during the busy holiday season. Scammers pose as employees of major retailers and post help-wanted ads on social media platforms and popular websites. When a job seeker follows the links in these ads, they’re directed to a bogus site that looks just like the genuine one. They’re typically asked to share valuable personal information. Predictably, the promised job never materializes.
Travel phishing scams
An email states that a booking has been canceled and sends you to an illicit site – one in which you’re asked to enter your credit card number to establish a new reservation. It may also direct you to another clone site that offers unusually generous deals on a flight or a hotel room as long as you make a reservation with a deposit.
A discount scam
This is roughly similar to the hypothetical Linda Leesburg scam but more proactive. These scams lure victims through advertising. They target appropriate individuals by offering a hot deal or a discount coupon. Victims land on a spoof site that looks like the legitimate site and are asked for a credit card to make their purchase. The item, of course, never arrives.
Given these and other types of scams, a near universal question inevitably pops up: How do you protect yourself?
One thing all computer and smartphone users should do is master the basics of cybersecurity. For one thing, be wary of phishing scams, probably the biggest type of online fraud. This means, avoiding clicking on unsolicited links in emails, text messages, websites, and social media. You should also avoid using insecure public Wi-Fi to shop, and never provide personal information in response to an unsolicited request.
Here are a few additional tips:
Use traceable payment methods.A request to pay for common services using unconventional payment methods, such as gift cards, cryptocurrency, or a bank transfer app, is a red flag that the transaction could be a scam. It’s much better to use a credit card, since the issuing bank has strong protection mechanisms in place, enabling you to dispute a fraudulent charge.
If you see an attractive hot deal, don’t click on a link from an email or text. Instead, go to your web browser and type in the known web address of the company that is presumably offering the great deal. If the deal is legitimate, it can be found on a company’s legitimate web site.
If you’re prompted to go to a web site to buy something, make sure the website address begins with https, not just http. The “s” means there is a secure protocol for transmitting sensitive information. It doesn’t guarantee trust all the time, but the lack of an “s” is clearly a red flag.
The bottom line is this: Holiday shopping can be a lot of fun and fulfilling amid a beautiful holiday. Follow the basics, and you’ll substantially boost the odds of avoiding a scam that otherwise undermines your holiday.
About the Author:
Robert Ackerman Jr. is the founder and managing director of AllegisCyber Capital, an early-stage cybersecurity venture capital firm based in Silicon Valley. He is also co-founder and a board director of DataTribe, a seed and early-stage foundry, based in Fulton, Md., that invests in young cybersecurity and data science companies.
Bob has been recognized as a Fortune 100 cybersecurity executive and also as one of “Cybersecurity’s Money Men.” Previously, as an entrepreneur, Bob was the president and CEO of UniSoft Systems, a leading UNIX systems house, and founder and chairman of InfoGear Technology Corp, a pioneer in the original integration of web and telephony technology.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
