With Christmas fast approaching and Boxing day and January sales still to come, cybercriminals will be preparing to cash in on this busy period with targeted online scams which could ruin the festive fun.
These scams could include anything from impersonating parcel delivery services to running ‘too good to be true’ online offers leading to malicious websites, as well as fake refunds and text phishing.
According to the new Norton Cybersecurity Insights Report, among those who experienced cybercrime in the past year, 1 in 7 UK victims have had their financial information stolen as a result of shopping online and over 1 in 10 UK victims indicate their identity was stolen.
So what are the scams that could steal Christmas?
Click and Receive
Beware of emails on your computers and mobile devices exclaiming that you have just received a package you are not expecting from the post office or a well-known shipping vendor, especially if you did not order directly. Be wary of any message that asks you to fill out a form or provide any personal information.
Online vouchers or codes are very popular, but watch out for the too-good-to-be-true offers that will lead you to a malicious website asking you for your credit card information and other personal data. A lot of these fake offers will try to lure you in with promises of winning free gifts. If you’ve never heard of the company, or if the known company’s logo looks slightly different in some way, get out of there. You might also receive emails or texts about this year’s hot or hard-to-get gift items that will lead you to rogue websites. These scams can also show up on social networking sites like Facebook too.
Some scammers send texts, pretending to warn people of suspicious activity in their financial account and asking for them to call a bogus number — where they'll be asked to share sensitive information. If you receive one of these, contact your financial institution directly rather than using the number the text provides. That way, you know you’re really talking to your bank or credit card company, not a scammer. Similarly, keep an eye out for vishing. It's just like phishing, except it occurs over the phone. When unsolicited callers contact you, always ask what business they're calling from, then hang up and call that institution's actual phone number listed on its website.
If you’re doing a lot of online shopping watch out for spam phishing emails for fake refunds. It could look like it’s from a legitimate retailer and say something like “wrong transaction” or “click for refund” but the culprits just want you to click through, surrender your details or open your device up to malware.
Phony shopping sites can be hard to tell apart from the genuine ones, and even legitimate sites can be hijacked. These fake sites often rely on shoppers mistyping the genuine web addresses of popular websites or clicking on messages from phony vendors who have a similar address, so slow down and check what you’ve clicked or typed. Otherwise you could end up viewing unsavoury content or infecting your device with malware.
Top Tips to stay safe whilst shopping online from Norton by Symantec:
- If it’s too good to be true, it probably is – We all love a bargain and cybercriminals know this as well. Don’t fall for the cheap price tag - as free or discounted goods could end up being really costly. So if you’ve found the latest hot designer shoes, but for a tenth of the price, regardless of how nice they may be for your office Christmas party, they’re probably not real. Cybercriminals are experts at creating websites and making them look identical to your favourite brand sites. Only shop at reputable online sites and avoid getting your credit card scammed.
- Beware of fake website links – Don’t try and save time gift shopping by clicking on links in an email which appear to take you to your favourite online store. Instead make sure you type the store’s address straight into your browser
- Be smart with your passwords – Use a complex password for each online account you have and update your passwords regularly. Strong passwords use a mixture of numbers, symbols, and letters in upper and lower case, such as “Ru1)oLp1-1”
- Organise your online shopping – Set up an email account specifically to deal with online shopping. Provide as little information as possible to get the account set-up and don’t use it for anything else such as online banking, business correspondence or family matters
- Protect your bank details – Always look out for the ‘padlock’ icon at the bottom of the browser frame when making a payment online. This symbol indicates that the website you are visiting uses encryption to protect you, so cybercriminals cannot capture your personal information. Never let a website ‘remember’ your credit card details, always retype them if you want to shop there again.
- Online payments – Even though it is the season of goodwill, avoid using public or shared computers, or even a wireless network to make a payment online. Hackers can easily capture your account information, log-in details and steal your money. Use a separate credit card with a small credit limit for online purchases as using your debit card.
- Is your internet security software up-to-date? – Add a security software update to your Christmas list. Cybercriminals are more sophisticated than ever before and they’ll jump on any social trend to spread malware and steal your personal details
- Check your statements – Always check your credit card statements as often as possible to look out for unexpected transactions
Nick Shaw, EMEA General Manager, Norton Business Unit said,
“We no longer need convincing of the risks – breaches and cybercrime have unfortunately become a fact of life. Our findings demonstrate that recent headlines have rattled people’s trust in online activity, but the threat of cybercrime still hasn’t led to widespread adoption of simple protection measures that people should take to safeguard their information online.”