We are less than two weeks away from Christmas and its that the time of the year when we plan to make a shopping list to buy things and gift our loved ones this holiday season. To cash in on festive fervour, several e-commerce firms and retail chains offer discounts on product categories making difficult to make the right buy.
However, there are also cybercriminals who have a sinister plan to scam you by offering lucrative but fake deals and leave a deep cut in your pocket. They do it by sending mass e-mails and also shoot messages with hyperlinks to mobile phones. Some unsuspecting victims unknowingly click those website URLs and get scammed by fraudsters. These phishing attacks happen all around the year, but peaks during the Christmas holidays.
To help consumers during busy shopping season, government-run United States Computer Emergency Readiness Team (US-CERT) has a list of tips that will help them distinguish between authentic and fraud websites.
- Buy products from well-established vendors – Before providing any personal or financial information, make sure that you are interacting with a prominent vendor. Yes, some criminals with cyber knowledge can create similar looking website template with certification and try to trick you. So, you should always be vigilant and verify the legitimacy before disclosing any information. Double check the certificate information, particularly the "issued to" information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
- Make sure your information is being encrypted – Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by the browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
- Be wary of emails requesting information – Cybercriminals use phishing tactics to fool you to give away the bank account details. They send emails requesting that you confirm purchase or account information that your bank account will deactivate soon and coerce you to divulge account number and password. Legitimate businesses will not solicit this type of information through email. NEVER provide sensitive information through email or messages on phone. Also, if you happen to receive an unsolicited email with hyperlinks from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
- Use a credit card – US-CERT believes that there are laws to limit the liability of the customer for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. Consumers can mitigate the potential damage by using a single, low-limit credit card to making all the online purchases. Also use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
- Check your shopping app settings – Having read the reports of Facebook's Cambridge Analytica scandal and how they misused personal information, it is very important for consumers to be vigilant about the apps they install in their phone. Make it a point to see app's official website to know what they do with your data and how they keep it secure. It can be noted that there is no legal limit on your liability with money stored in a shopping app (or on a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through your shopping app, US-CERT says.
- Check your statements – Customers are requested to keep a record of their purchases and copies of confirmation pages, and compare them to the bank statements. If there is a discrepancy, report it immediately to bank officials.
- Check privacy policies – Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be stored and used.