The highest recording of U.S. online sales on Cyber Monday, which was November 28, 2022, reached $11.3 billion according to release by Adobe Analytics. With virtually any item only a few quicks away, consumers have embraced shopping online as a convenient and time-saving measure, especially for the upcoming holidays.
But as Langley & Banack’s Cybersecurity, Data Protection Law and Privacy Practice Group warns, it is also a time when agents with vicious intent lurk to steal your data and identity. “Unfortunately, online fraud and scams have increased with the rise of online shopping,” said Natalie Wilson, Chair of the Practice Group.
So how are online thieves targeting you?
Fake Websites—it used to be that a website that had a padlock icon next to the name was an easy way to identify a secure site, however, scammers have become more sophisticated and now nearly 80 percent of fake websites have the icon. That said, here are a few tips to identify a fake website:
- Look for a domain address that starts with “https”, not just “http,” as the “s” stands for “secure.”
- Look for sloppy or slight variations of names or details of brands. For example, one site might use Amaz0n.com, using a zero instead of an o, trying to trick consumers. Many times, scammers use the name of the legitimate site as part of their domain name, so review the name and the general way in which information is displayed. Also, a deal that seems too good to be true probably is.
- Too many pop-ups, low quality images, poor use of grammar and spelling, discount timers, redirects and pop-ups are all red flags of a fake site.
You can also use a fake website checker if you’re shopping at an online site that you’re not familiar with. There are dozens of fake website checkers; popular ones include: —WHOIS (ICANN’s domain lookup) and Virus Total or Google’s Transparency Report.
Social Media—We connect, learn and shop via social media channels, but increasingly, people are also getting scammed. The Federal Trade Commission (FTC) reported that more than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. Unlike websites, social media channels are loosely regulated, and scammers take advantage of lax oversight to run schemes related to gathering personal and financial information.
Social media advertising is inexpensive and allows scammers to pose as “friends” and approach consumers on a personal level by targeting them with fake ads that are targeted based on personal details such as their age, activities, or past purchases. It also is a favorite platform for scammers in the investment arena, especially cryptocurrency. The FTC noted that more than half of people who reported losses to investment scams in 2021 said the scam started on social media. So how do you protect yourself when you are on social media channels?
- Think about the information you are sharing online. Too much information could empower someone to impersonate you.
- Check your privacy settings and set restrictions that limit who can see your posts and information on each social media site you are on. All platforms collect information about you from your activities on social media, but you can set some restrictions based on your privacy settings.
- Do not succumb to urgent requests for money from someone you do not know whether they are asking for a check, wire, or credit card. Sounds simple, but many phishing scams pose as disadvantaged people in desperate situations. Many of these scams begin with unsolicited messages on social media claiming to give out gift cards for popular brands. Don’t take the bait or follow the trail.
Forbes shares these quick tips for social media users:
- Be wary of short links and research anything that purports to be a free app or service before you click.
- Monitor your personal and business social media pages and limit the information you share on all accounts. Keep information general.
- Do not click links that take you outside the domain. This is a common scam waiting to obtain your personal information.
- Before accepting any invitation to connect, check the person’s profile. See if you share any connections in common. Fake or scam profiles are often relatively new with many accounts they follow, but few followers, few pictures, and very little actual content. Unless you recognize the person (as someone you know or know of in real life), ignore or refuse the invitation.
These tips are important year-round, in addition to good security and privacy practices such as:
- Keeping your software updated. Apps and sites routinely update their software to patch identified security threats. Update and install patches routinely to minimize vulnerabilities. Up to 60 percent of computer breaches exploit a known vulnerability that already has a patch.
- Avoid any transactions that involve personal or sensitive information while on guest wi-fi networks or public computers, as they are most susceptible to compromise.
- Think before you click. Links can be dangerous. Viruses, ransomware and identify theft all start with a malicious link that looks legitimate. Examine it carefully before you click by hovering over the link to view the full URL.
- Think before you open. Word documents and pdfs can also contain malicious code. Do not open documents that you are not expecting or that come from an unknown sender. The transmission email will often try to trick you into thinking that the attachment involves your finances, such as an invoice that needs to be paid, a receipt, or a refund being sent to you.
- Use strong passwords and multi-factor authentication where appropriate.
Cybercriminals are getting increasingly sophisticated at stealing personal and financial data. While no defenses are foolproof, being vigilant online, especially during busy seasons, can help avoid breaches. If you have experienced a breach, reach out to the attorneys in the Cybersecurity, Data Protection Law and Privacy Practice Group, which can assist you with reporting and notification requirements. If you do not already have an information security and incident response plan, or it’s been a while since it was updated, we can provide guidance and counsel in that arena. Make it your New Year’s Resolution to be prepared for cybercriminals.