Before you pull out your credit card this season, stop and think about whether or not a holiday deal appears to be too good to be true.
From phishing emails to fake apps, scammers will try to find ways to prey on eager shoppers hoping to snag a good deal this week. And with the rise of online shopping, cyber threat intelligence company RiskIQ warns people are "increasingly" at risk, particularly mobile users.
"As a consumer, it's important to pay attention to detail while shopping online and pay attention to your surroundings," Yonathan Klijnsma, a researcher at RiskIQ, told Wired. "There are usually clues that can help you identify something potentially malicious."
Here are five scams you should be mindful of this year.
A lot of scammers will launch fake apps, prompting shoppers to essentially download malware. Many of those hoax apps mimic major retailers, using similar logos and brand names (typically they're only off by a letter or special character). They vow to offer a treasure trove of deals for Christmas.
“If it’s something you’re not familiar with, then you want to do your research before you put anything on your phone," Melanie McGovern with the BBB, told WHAM. She later added, “If they’re telling you to download it through Facebook or download it through another third party, that’s when you know it’s time to step back and say maybe I don’t want to do this."
Last year, Consumer Reports offered the following tips before downloading a new app:
- Check for any grammatical errors
- Don't allow access to your location or social media profiles
- Only download from a verified company or source you trust
- Search online to view reviews of the app
A coupon for a big brand store may appear legit at first glance, but if you take a closer look you'll probably notice several issues.
In November, for example, a $150 off coupon for Kohl's started circulating on social media. Fact-checking website Snopes.com quickly deemed the coupon a scam and said the fake offer required users to share a link to the post in order to continue its spread.
"Users who respond to those fake offers are required to share a website link or social media post in order to spread the scam more widely and lure in additional victims," Snopes.com explains. "Then those users are presented with a “survey” that extracts personal information such as email addresses, telephone numbers, dates of birth, and even sometimes credit card numbers."
Some users may also have to enter personal information to gain access to the coupon or deal — a ploy to gain access to a user's finances or other personal data.
To protect yourself from falling victim to fake offers, the Better Business Bureau (BBB) recommends checking the expiration date of the coupon, being skeptical of logos and verifying the source that's offering you the deal.
"If a coupon comes to you in an email, hover your mouse over the link (without clicking) and the URL destination address should appear," the BBB explains. "If that address looks like a random assortment of number and letters, don’t click on it. Remember that there should be an “s” after “http” in the URL to indicate it’s a secure site. No “s” may mean it’s a phishing attempt to get your information or to install malware on your computer."
Like fake coupons, hackers can also promise exclusive deals to prompt users to open phishing emails.
Once a user clicks on the email, then he or she will likely be directed to open a link that will be used to retrieve personal information.
“Consumers should remember that urgent requests for personal information or call for immediate action are almost always a scam,” a Bank of America spokesperson previously told Fox News.
Amazon urges customers to report any suspicious activity and to never respond to correspondence nor open attachments regarding any orders you know you didn't place.
"Amazon will never send you an unsolicited e-mail that asks you to provide sensitive personal information like your social security number, tax ID, bank account number, credit card information, ID questions like your mother's maiden name or your password," the company confirmed on its website.
If you're turning to E-commerce companies such as Amazon, eBay or even social media sites to skip the long lines at retail stores, then you may want to double check the company or site selling the item(s) you're interested in.
Amazon shoppers recently spotted a scam, which allegedly began to circulate Whatsapp, that promised customers cheap products and free delivery. Many scammers may attempt to sell high-end items and then deliver an item that's completely different or another brand.
"Please don't share your order/account/personal details in such websites," Amazon replied to a concerned customer on Twitter last week. "Kindly refer to https://amzn.to/2T8ZqRi for genuine discounts and offers."
"If you've never heard of the seller before, look into them online and study their terms and conditions carefully before purchasing," Nick FitzGerald, senior research fellow at security vendor ESET, told the Sydney Morning Herald. "There have been countless tales of Facebook sellers delivering counterfeit goods, poor quality items or even outright failing to deliver the products after taking payment, so as always 'buyer beware.'"
Fake Facebook pages
Scammers may promise gift cards, coupons or giveaways if users "like" or "share" their social media posts. This is known as "like farming," a strategy scammers use to gain access to Facebook user's personal information.
Some posts may prompt users to register in order to claim their fake offers, giving them the information they desire. There are also several other ways scammers can use fake posts or pages to dupe users.
"When the scammer collects enough likes and shares, they will edit the post and add something malicious. That’s often a link to a website that downloads malware to your machine. Other times, once scammers reach their target number of likes, they strip the page’s original content and use it to promote spammy products. They may also resell the page on the black market. These buyers can use it to spam followers or harvest the information Facebook provides," the BBB explains on its website.
The BBB warns people to always be cautious when entering their personal information and to never share posts from pages they don't know, especially if the post is claiming you could earn a reward for sharing it.
"Scammers are counting on getting as many mindless likes as possible, so be sure you only 'like' posts and articles that are legitimate. Don’t help scammers spread their con," the BBB adds.
Facebook told Fox News in August that it's constantly working to ensure protection and safety of its users by thwarting potential scams.
“We have made several recent improvements to combat impersonation and scams, including improved reporting abilities and the release of a new feature that provides people with more context on someone they may not have previously connected within Messenger,” a Facebook spokesperson said.