CyberScout

How to Protect Against Malware and Scams While Shopping Online During the Holiday Season

Online shopping scams
Getty Images

Pre-Covid online shopping was already expected to continue its increase in 2020, but with more customers avoiding the typical Black Friday crowds, this holiday season is set to break online sales records.

A recent survey, commissioned by Cyberscout and conducted online by The Harris Poll among over 2,000 U.S. adults, found that 84 percent of consumers plan to shop online for the holidays this year, with 23 percent of them reporting that they are likely to shop through a social media platform.

With the projected increase of online holiday shopping comes an increase in threats, be it via phishing, shady mobile apps, or e-skimming attacks.

“An enormous number of people are footloose and fancy free when it comes to their interactions with retailers over the holiday season,” says Cyberscout founder and chairman Adam Levin.

Follow these tips to keep your online holiday shopping secure:

Avoid clicking on links in marketing emails and social media posts.

Many online retailers depend heavily on outreach and advertising via email and social media networks to bolster their sales through the holiday season. Unfortunately, it’s also extremely easy for scammers to create convincing-looking phishing emails and ads to redirect their targets to pixel-perfect replicas of familiar e-commerce sites, or to download malicious files to their computers.

“Keep in mind that links in emails, social media posts and text messages are often how cybercriminals try to steal your information or infect your devices,” says Levin.

If you get an email or see an ad from an online store that you’ve visited in the past, go to the site directly, rather than clicking on a promotional email. If you don’t recognize the sender of an email, don’t open it.

Don’t shop at unfamiliar sites offering unrealistically low prices.

While some holiday sales offer steep discounts, online shoppers should be on high alert for phony e-commerce sites selling popular items at unrealistically cheap prices. Cyberscout’s recent survey found that roughly one third, or 32 percent, of online holiday shoppers are likely to purchase through new or unfamiliar retailers/small businesses when buying gifts online this holiday season, and another 14 percent state they are likely to buy from a seller in a foreign country. 

Scammers have taken advantage of this potentially risky behavior on the part of buyers looking for a bargain. In one common scheme, consumers are served an ad promoting extreme discounts on popular items. The ads link to phony stores, typically hosted on content management systems such as Shopify, Wix, or Squarespace, platforms that make it relatively easy to build convincing e-commerce sites.

“The majority of ads are automatically approved and run until they are detected or flagged by multiple members of the Facebook (or Instagram) community,” said tech CEO Larissa Lowthorp in an interview with Forbes. “Shopify offers a quick and easy way for legitimate vendors and scammers alike to create beautiful, sophisticated online shopping platforms in a relatively short period of time.”

“Amazing prices on things that should cost a lot more than they are asking on a fake online shop is alluring, which is why people fall for them all the time,” says Levin. “Look at the About Us page and call the designated contact number. If there is no number, think twice before making a purchase. Also pay attention to detail. Are there spelling errors in the copy? Bad-looking stock photos? Look for trouble.”

Once a scammer has their victim’s payment and personal information, they can charge them for products that never arrive, ask a visitor to set up an account and use the login and password for credential stuffing attacks, or send a malware-laden file as a “receipt.”

Beware of fake or misleading shopping apps.

As mobile devices have become more ubiquitous, retailers and customers alike have come to rely on apps rather than websites for holiday and day-to-day shopping. While this may offer greater convenience for customers and better insights for businesses into their behavior, it also opens the door for hackers and scammers to compromise devices with malware, exfiltrate data, and make unauthorized or misleading charges.

“Watch out for clone apps that may look like they are from your favorite retailer, but are really infected with malware and designed to steal your personal and financial data,” says Levin. “Avoid third party apps, read reviews, and download apps from the official app store.”