The holidays mean big business for retailers—and a peak opportunity for scammers.
As online shopping surges, the criminals go where the money is. Fraud stemming from online shopping increased 31% during last year’s holiday season—roughly double the growth in overall purchases, which rose 16%, according to ACI Worldwide.
The busy holiday season offers cover for cyber thieves in a couple of ways: Consumers are often more distracted than at other times of the year, security experts say, while busy banks and credit cards can find it harder to flag purchases as unusual.
And there's an extra worry this year, experts say, with consumers especially vulnerable following the Equifax breach. It’s likely fraudsters will start to use the personal information gained during this summer’s breach, according to call verification software provider Next Caller. The company has found that only about 16% of Americans have placed a freeze on their credit—and one in three have admitted they’re not taking any precautions to protect against fraud and identity theft during the holidays.
Here are a few common year-round scams that can be a greater threat during the holiday season—and the simple steps you can take to fend off the world's Grinches and fraudsters.
1. Fake Emails and Sites
While consumers are barraged by these types of emails and advertisements, it’s easier for fraudsters to slip fake notices peppered with malware into the mix—or to include links to look-alike fake sites, which then prompt consumers to enter their personal information. “This time of year is a really big time for phishing attacks,” says Mike Tanenbaum, who works on cybersecurity issues for insurance company Chubb. Use these tips to stay safe.
Open sites directly: When your favorite retailer sends you an email with a great discount code, don’t simply click on it, says Tanenbaum. A much safer bet is go directly to the site, do your shopping, and then enter in any discount codes at the checkout. The same applies to tempting discounts advertised online. “Any discount that would apply through an email or web link would still apply if you were to go directly to their webpage,” he adds.
Watch the URL: When shopping online, check the website’s URL carefully. Legitimate sites are generally secure, and will display the "https:" instead of just "http." (The added “s” signals the site is secure, Tanenbaum notes.) He also recommends that consumers look for the lock symbol at the left-hand side of the search/URL bar—another indication that a site is secure. If there's a website that does not have the locked symbol or the 's' in the http portion of web address, do not do business there. "I'd never put secure credentials into it," Tanenbaum says. That means no credit card information, no password, and no form of personal identification.
Check their grammar: Avoid emails with subject lines that have misspelled words, or if the message is in all caps. “Screaming at their customers is something that legitimate retailers don't take part in,” Tanenbaum says.
2. Hackers Using Your Data
It’s not just about one-time scams. In cases of identity theft, fraudsters will go after your personal information, as well as your credit card and bank accounts. That way they have more tools at their disposal to perpetrate a number of frauds. Stay alert this season by using a few smart tools of your own.
Set up alerts: Particularly in the busy shopping season, you've got to be your own first line of defense. While your bank may flag the purchase of a $2,000 surfboard by someone from Indiana in February, that's a harder call to make when you're in the midst of holiday gift giving. Take the time to set up a few spending alerts on your bank and credit card accounts, noting specific dollar thresholds if possible, says Kevin Watson, a cyber expert and CEO of security service provider Netsurion. That way, you'll know about any big purchases that take place.
Sign up for a password manager: Although it’s common advice to use a different password for every account, 81% of people surveyed in July said they use the same password for more than one account. That becomes a particular problem when data breaches occur, because the thieves can use stolen passwords to break into other sites that may expose your personal data. “If any one of the retailers were to have a breach, then you’d be exponentially more vulnerable,” Tanenbaum says. The easy solution: Get a password manager. (Chubb recommends Dashlane.) Rather than have to worry and remember dozens of different passwords for all your various online accounts—banks, retailers, email, whatever—you just have to remember one. The password manager, often an app or browser plugin, will then provide access for all the places you go online, so you’re not using the same password over and over again.
3. Eager Data Stealers
Most fraudsters go after the easiest target. Don’t be the low-hanging fruit—making it even a fraction more difficult for thieves to steal your data can be the difference between whether you end up a victim or not.
Don't shop over free Wi-Fi: One in five adults indicate they are not sure whether public Wi-Fi is safe for sensitive activities, according to a March survey of over 1,000 people by Pew. Spoiler alert: It’s not. While it can be tempting to do your shopping while waiting in line for a peppermint mocha at Starbucks, you may end up paying big time in the end. Hackers use public Wi-Fi networks to snoop, Watson says. Even worse, some will set up fake hotspots in an attempt to capture login information for the accounts you access and any credit card numbers you may input.
Shop in a real store: Online shopping may be more convenient, but you're forfeiting the extra security that's provided when a store uses the card's chip technology to run your purchase, Tanenbaum says. (Chips are more secure than magnetic strips, so you're best off favoring stores that use chip readers rather than letting you swipe.)