As shoppers scramble to get their last-minute gifts and make donations online, hackers will be ramping up to use the holiday season to their advantage. Online shopping fraud is expected to reach 14% this holiday season, which means consumers can expect to be targeted with fake websites out to steal their information. However, not many people are concerned about cybersecurity, with 31% admitting to clicking on suspicious links in emails to get a good deals. It’s easy to get wrapped up in this busy season, but everyone must navigate their e-commerce spending safely in order to protect themselves from hackers.


Source: Experian 

How am I at Risk?

Phishing/Social Engineering

An influx of people looking for good deals can be easily fooled by phishing emails sent by hackers. Additionally, fake targeted ads could pop up on your browser displaying what seems to be a really good deal. When you click on the ad, it could lead you to a fake website or send malware to your computer.

With people in the giving mood this season, hackers will be looking to solicit fake donations. Back in the summer, the Harry and Jeanette Weinberg Foundation was the victim of a phishing scheme. Hackers posed as the charity and sent emails asking people to help support a medical treatment for a young boy. Be aware of people setting up fake charities or posing as legitimate ones. Do your research to make sure that the charity you want to support is registered. If you receive a suspicious looking email from a charity you often support, contact them directly to verify if it’s real.

Fake Websites

Users can often mistype website URLs when they are in a rush to purchase gifts. Misspelling a website doesn’t seem like a big deal but it can lead users to a malicious website. Hackers will often use misspelled domain names to fool people into thinking they are shopping on the correct page. These websites will often look exactly like the retailer web page hackers are trying to imitate. Unsuspecting users who think they are using a legitimate website can end up revealing personal information to hackers.

Fake Apps

Mobile app stores are full of millions of apps but not all are legitimate. Last year, Google took down 700,000 apps that violated their policy and continue to remove malicious apps today.

Repackaged apps look identical to the official ones – they have the same interface, icons and labels. However, these apps contain malicious code that could be stealing personal information. Since they look and act the same as legitimate apps, it can be hard to realize they’re fake. Several popular retailers, such as Starbucks and Nordstrom, have been victims of repackaged apps in the past.

How to Protect Yourself

Pay Attention to URLs: The URL of a website is an important indicator of whether or not a website is fake. Simply looking at what the web page looks like, or checking for the green padlock next to the URL, is not good enough. The content of a fake website will often look legitimate because hackers can convincingly imitate a website’s layout, images and font. As for the green padlock, research shows that almost of all fraudulent pages have a padlock too. The padlock only indicates a website is encrypted, not that a website is authentic.

Look at the App Developers: When considering which apps to download, take a look at the developer of the app instead of reading reviews and ratings. Ratings and reviews can often be faked, or mean that many other people also fell victim to downloading a malicious app. Retailers or their parent companies will often be listed as the developer for their own apps.

Use a Secure Network: Using public WiFi to shop is not safe because the networks are not secure. Furthermore, hackers will often create fake hotspots to lure unsuspecting users and spy on their data. If you are shopping online, use a network that is secured with a password or other technologies like next generation firewalls. If you are in a public area, use your data to make your online purchases instead of the public WiFi offered by malls or coffee shops.

Monitor your statements: If you think you used a malicious website by accident, monitor your credit card statements for any unauthorized transactions. Report any suspicious activity to your credit reporting company and if necessary, ask for a security freeze or fraud alert on your credit report. Your credit card provider will usually alert you if they detect suspicious transactions but it’s better to consistently monitor your accounts for your own safety.