Tips to Avoid Holiday Shopping Scams

With the holidays quickly approaching, you may be preparing to take advantage of the season’s online shopping deals. Unfortunately, while you’re on the lookout for those perfect Black Friday and Cyber Monday sales, cybercriminals are on the lookout for their next victim. With the uptick in online shopping, it’s important to remain vigilant and proactive about cybersecurity. Read on to review the most common holiday shopping scams and refresh your knowledge of safe online shopping practices.

Earlier this year, the Federal Trade Commission listed shopping scams as the second most common type of scam in the United States. Building a working knowledge of how scams work and how to spot them is an important first step toward outsmarting scammers. If you’re planning to score Black Friday or Cyber Monday deals, refresh your knowledge of the most common types of online shopping scams and how to recognize them, courtesy of Norton Antivirus:

You’re searching online and come across the perfect gift at a good price. You go to the site, put the item in your cart, and click “Buy.” But then, you don’t get a tracking number, the package never arrives, and the seller disappears. You’re experiencing what the FBI calls a non-delivery scam.

You can avoid this by sticking to reputable retailers. If you’re shopping with a new-to-you merchant, do your due diligence. Check for a physical address, a customer service phone number, and a professional-looking site. Warning signs of malicious websites include poor spelling, odd design, and slow loading times.

Document your unsuccessful attempts to contact the seller, collect screenshots or other evidence of the problems, and ask your credit card company to reverse the charges due to fraud. Consider asking your credit card issuer to deactivate your old card and issue you a new one.

You plan to use your favorite credit card to make your Black Friday or Cyber Monday purchases, but a seller asks you to pay with a gift card. This may happen on auction sites and should raise big red flags. Cybercriminals often use gift cards because it’s an easy way for them to steal money from you.

Instead, use a credit card for your online holiday shopping. Treat gift cards like cash, never give out your gift card number or PIN, and use them only with the issuing merchant. For example, use a Starbucks gift card only at physical Starbucks stores or starbucks.com. Use general gift cards, such as a Mastercard or Visa gift card, only at trusted retailers.

Contact the gift card issuer immediately to let them know somebody used your gift card in a scam. If you act quickly, they may refund any money left on the gift card. Each major retailer has their own way to report gift card scams.

Scammers may take advantage of the holiday spirit by using heartwarming stories to get donations for fake charities. These scammers know that with the rise of Giving Tuesday, charitable donations as holiday gifts have become especially popular in recent years.

To avoid this, never make an impulse donation in response to an ad or plea on social media. Take time to research charities using resources that track and rate nonprofits.

If a fake charity scammed you, report them. The FBI recommends contacting your state consumer protection division, the FBI’s Internet Crime Complaint Center (IC3), and the Federal Trade Commission. You may not be able to get your money back, but you may help law enforcement catch the scammer.

Criminals may use Black Friday shopping to put a holiday twist on phishing scams. In these Black Friday fake order scams, you may get an email or other message telling you there’s an issue with an item you ordered, but you don’t recognize the item and know you never ordered it. The message may be a phishing email meant to trick you into clicking a malicious link, providing your bank login credentials, or exposing other personal information.

Stop and think if you get a message about an item you didn’t order. The fraudster is trying to confuse you, hoping you’ll act quickly because you want to get to the bottom of the situation. If you’re unsure if a message is legitimate, contact the business through other channels you find on your own, such as a customer service phone number listed on their website.

If you click on a phishing link, act immediately. If you provided login credentials for any site, immediately change your username and password. Choose a secure password using at least 12 characters, with a mix of letters, numbers, and symbols. Check out our What to Do if You’ve Been Hacked guide if you’re concerned an account may be compromised.

Also, change your phone or bank card PIN if necessary. Update your device’s software and run a security scan on your devices to check for malware. Finally, report the scam, including any legitimate business the scammers were impersonating, to the authorities and the FBI’s IC3.

You think you’re going to the website of your favorite department store to score some Black Friday deals, but you accidentally misspell the name when typing it into your browser. When you then land on a site, it looks real and you proceed to make a purchase.

However, the website you’re on is a spoofed website, which scammers use to defraud you by advertising fake Black Friday deals, steal your credit card information, and possibly grab other personal information such as your name and address.

The easiest way to avoid scam sites and fake e-shops is to make sure you’re going to the real site when you want to browse or shop. For example, you could bookmark your favorite shopping sites for easy access, or download the brand’s official app from the App Store. Be careful when visiting retailers by clicking links in emails or social media posts—only click if you trust the source and can verify that the message is authentic.

Immediately change your username and password for the real shopping site, since the scammers may now have your login information. If you’ve saved your credit card information on the real site, delete it as a precaution. If you used a credit card to purchase on the sham site, report the fraud to your card issuer immediately. They will block the scammer from using your old card number and will issue you a new card with a new number and expiration date.

Cybercriminals can take advantage of many consumers doing their holiday shopping online by sending false delivery notifications via email or text message. These notifications may look like they’re coming from the U.S. Postal Service, FedEx, or UPS.

The scammers are hoping you recently bought something online, and Black Friday and Cyber Monday improve their odds. They may mention a problem with delivery and provide a link you can click to “fix the problem.” You may be asked to enter personal information or a credit card number.

Being aware of this Black Friday scam is a good start. If you ever get an email or text about a delivery problem, don’t click links or call any number provided. If you think it may be a legitimate message, look up the company information and contact them directly. If the message was not legitimate, let them know about the scam.

What to do in this scenario depends on what information, if any, you provided to the scammer. In general, it’s a good idea to follow the same steps you would for a fake order scam, which is also a phishing scam. You may also want to keep a close eye on your accounts and consider identity theft monitoring.

Similar to a fake order scam, an account verification scam is when you receive a text or email from a company you shopped at that tells you your account has potentially been compromised and you need to secure it. The message will have a clickable link or a phone number to supposedly help you speed up the process of verifying and securing your account.

But if you click the link in the text or email, it may trigger malware to be installed on your device. And if you call the number they’ve provided, they will try to get you to navigate to a compromised website or launch a type of phishing scam designed to steal your identity.

If you accidentally click one of these links, close your browser and then delete your cookies and cache as soon as possible. If you have antivirus software that finds and destroys malware, run it to remove anything you downloaded. If you think you’ve exposed personal information, change your passwords immediately (as well as your security questions and answers), then watch your accounts closely for the next few months.

Now that you know how to spot many common holiday shopping scams, utilize the following best practices to safely shop online year-round:

A strong password is your first line of defense against cybercriminals. Avoid reusing passwords across sites—if one account is compromised, it can put your other accounts at risk. Try a mix of uppercase and lowercase letters, numbers, and special characters. Password managers can be a great tool for safely storing all your login details. Check out our list of the 25 Most Commonly Stolen Passwords of 2023 here.

Before you buy, ensure the website’s URL starts with “https” (the “s” stands for secure). Also, check for a small padlock icon next to the URL, which signals that your connection is encrypted.

The holidays bring a flood of promotional emails and texts, making it easier for scammers to sneak into your inbox. If you receive an email with an amazing deal or one asking for your personal information, don’t click any links before verifying the sender. Avoid visiting any unfamiliar or misspelled addresses.

Enable two-factor authentication on your accounts for an extra layer of protection. Two-factor authentication typically involves entering a code sent to your phone or email after entering your username and password, ensuring only you can access your account even if someone else knows your password.

Credit cards and secure digital wallets (like Apple Pay or Google Pay) offer more protection against fraudulent transactions than debit cards. Many credit card providers also offer zero-liability policies for unauthorized charges. Avoid paying with wire transfers or prepaid gift cards, as these are often untraceable if you’re scammed.

If you’re shopping on the go, resist the urge to use public Wi-Fi to make purchases or log into sensitive accounts. Public networks are more vulnerable to hackers who can intercept your information. If you must use public Wi-Fi, consider setting up a VPN for a secure connection.

Many scammers use fake reviews to lure in shoppers. If a product has overwhelmingly positive reviews with little detail, it could be a red flag. Similarly, deals that seem unrealistically low often are—do some research on price trends to avoid falling for phony promotions.

Check your bank and credit card statements frequently during the holidays to spot any suspicious transactions. Quick detection can help minimize damage and potentially stop a scammer in their tracks.

If you suspect a scam or find an unauthorized charge, report it right away to your bank, the Federal Trade Commission (FTC), and the FBI’s Internet Crime Complaint Center. Reporting incidents can help others avoid similar issues and enables law enforcement to crack down on holiday scams.

Van Wyk exists so you have peace of mind when it comes to your business, employees, and family. For further risk management resources or to learn more about the services we offer to families like yours, contact us via the form below. And be sure to like us on Facebook and follow us on LinkedIn for more industry news and tips!

Related Links:

• What to Do if You’ve Been Hacked?
• Email Security Best Practices
• 6 Phishing Scams to Watch For