Cyber Monday is here, marking the busiest online shopping event of the year. As millions of people from around the world take to their computers and mobile devices to spend billions on flash deals online, so do opportunistic cybercriminals looking to scam unsuspecting shoppers. In order to take advantage of the holiday savings, buyers must have a good understanding of common Cyber Monday threats as well as precautions to follow to keep their personal and financial information out of the wrong hands. What’s more, knowing and avoiding these threats will go a long way in keeping your online activity safe year-round.
Here are some of the most common Cyber Monday scams and how to keep your information protected from them.
Common Types of Cyber Monday Threats
- Spoofed websites: These are fake websites that masquerade as shopping, travel, or charity sites but are set up to steal visitors’ payment information and personal details.
- Shopping phishing emails: A similar technique to spoofed websites, these are malicious emails that claim to be from well known, legitimate brands and are sent to consumers offering the best shopping or travel deals. However, the links or attachments these emails contain only serve to steal recipients’ information (most commonly account credentials or payment information) or infect devices with malware.
- Clickbait: In this technique, attackers post links with enticing headlines on social media to lead shoppers to malicious websites set up to spread malware or trick users into entering sensitive information.
- Social media scams: These are attacks that use popular trending hashtags like #CyberMonday and #cyberdeals to spread links to scams, fake deals or giveaways, and sites that spread malware.
- Malicious banners and pop-up ads: Cleverly designed web banners and pop-up ads can appear legitimate but use redirects that send users to spoofed websites intended to fool them into giving away banking/credit card info and other personal information.
- Fake gift cards: Third party sites that advertise discounted gift cards from well-known brands are often scams that sell fake gift cards and even steal payment information for further fraud.
- Fake shipping notifications: The high volume of online ordering and shipping gives cybercriminals an opportunity for this especially tailored form of phishing. In these attacks, phishing emails will be disguised as shipping or delivery notifications but can contain malicious links and attachments or solicit personal information.
- Job scams: The start of the holiday season is a time when many are looking for part-time jobs and other supplementary income to help fund their own holiday shopping. Some of the trickiest cybercriminals will pose as companies or recruiters to post fake job positions and harvest applicants’ personal information such as social security numbers, names, and addresses.
Tips for Protecting Your Personal Data While Shopping Online
Today’s online shopper must take a few preventative measures to avoid having sensitive data – like credit card information, social security numbers and other personal information – stolen and used against them. These measures are especially important during the holiday season, but should be followed year-round to better protect your identity and other information. Tips for secure online shopping include:
- Approach all holiday-themed promotions with a healthy dose of skepticism. If it reads too good to be true, it usually means it’s a scam!
- Be on the lookout for fake, malicious websites. Read URLs carefully to make sure you are on the exact site you intend to be and not a well-done imitation.
- Avoid clicking on banner ads or pop-ups – if you see an advertisement from a reputable brand for a deal or promotion that you are interested in, go to the company’s website directly for more information.
- Similarly, don’t click on any links or download attachments sent via social media or email – particularly if they come from an unknown sender or reference unfamiliar transaction (such as a purchase or shipment you didn’t make). Be wary of unsolicited emails and messages or posts on social media and review senders carefully to ensure that they are who they claim to be. In emails, make sure the sender and domain name match exactly with the company they claim to represent and are not lookalikes.
- Limit your shopping (and surfing in general) to websites that begin with HTTPS (as opposed to HTTP) to ensure a secure shopping experience. This ensures your information is encrypted when giving sensitive info such as credit card numbers.
- Before clicking a link, double check the website URL. Often times, malicious sites are misspelled by just one letter. Mouse over a link and carefully review its destination, as anchor text can also be spoofed to appear as though you are going to a legitimate site. Watch for typos and clever misspellings in URLs or email addresses, as well as unofficial/unverified accounts on social media. Typos in URLs are often indicative of “cyber-squatting,” where cybercriminals intentionally buy bogus domains to abuse/fraudulate.
- When in doubt, contact a company directly to verify the legitimacy of a message or offer you have received. In the event that the message is illegitimate, the company is now aware and can take action to warn others of a potential scam or compromise.
- Use a dedicated credit card for online shopping and only use it for this purpose. This will make it easier to monitor for suspicious activity. Avoid debit cards that have direct access to your banking accounts.
- Similarly, create a dedicated email account and only use it for your holiday shopping – this makes monitoring for suspicious activities/alerts and tracking your orders much easier and safer. It is also a best practice to create a dedicated email address to use for sensitive accounts like banking and bills and keep that address private/separate from non-sensitive activity.
- Limit your holiday shopping to legitimate and reputable sites. If you are seeing a great deal from a site that you have never heard of before, there’s a strong chance that website may be fake and malicious.
Make these tips into habits and encourage your friends to do the same – for the holiday season and beyond. For even more tips on protecting your identity and personal data, read our 101 Data Protection Tips.
Dan Geer: The 5 Myths Holding Your Security Program Back
Use this eBook to find out if any of these myths are hurting your security program.
Related ArticlesBiometrics Finally Ready for Prime Time
There are relatively few things we know for certain in the security industry, but one of them is that the password has become nearly useless as an authentication mechanism. Users are bad at creating them and modern computing resources have advanced to the point that attackers have little trouble cracking even complex passwords.How to Build a Security Operations Center (SOC): Peoples, Processes, and Technologies
18 security pros reveal the people, processes, and technologies required for building out a Security Operations Center (SOC).Podcast: The Ransomware Problem
Thomas Fischer and Paul Roberts discuss the ransomware problem that is currently impacting businesses around the globe.