According to the Adobe Digital Economy Index, global online shopping is expected to hit $910 billion this year. That’s an increase of eleven percent from last year.
Every year, more and more consumers turn to their computers, tablets, and phones to shop instead of driving to brick-and-mortar retail stores. It’s a convenient way to shop for friends and loved ones, and it became even more popular when the pandemic made shopping in person less desirable for many people.
Online shoppers are always more likely to become victims of cybercrime, but the activity becomes even riskier during the final months of the year when online shopping is at its peak.
During October, November, and December, criminals step up their efforts, hoping to steal personal information from unsuspecting holiday shoppers.
In this article, we’ll help you understand what criminals love about the holiday shopping season, how to recognize common online shopping scams and threats, and the steps you can take to keep your information safe while shopping online.
Why Cybercriminals Love Holiday Shopping Season
When the holiday shopping season comes around, small business mom-and-pop shops and ecommerce giants enter a fierce competition for the attention and money of online shoppers.
This year, the number of online shoppers that will be buying from brands and businesses is larger than ever. Last year, the National Retail Federation estimated that the number of people who expected to shop online would increase by over 2 million from the year before. That number is expected to rise again this year.
Consumers love shopping during this time of year. It’s a time to celebrate hard work, show love and appreciation to friends and family, and support favorite brands and businesses.
Why do cybercriminals love the holiday shopping season? One of the main reasons is that consumer shopping behavior changes drastically during the final months of the year.
Consumers are still buying brands and products they know and trust, but they’re also looking for unique and memorable products from lesser-known brands and websites that they can gift to their loved ones.
This creates opportunities for cybercriminals because consumers are willing to take more chances and buy from brands and websites that could have more security vulnerabilities than the brands and websites they usually buy from.
Common Online Shopping Scams & Threats
Becoming more aware of the types of scams and threats you may encounter during the holiday shopping season will help you reduce the chances of becoming a victim of a cybercriminal.
Here are some of the most common scams and threats to watch out for when you’re shopping online over the next few months:
Fake Websites & Email Addresses
Cybercriminals will go to great lengths to create functional websites that look like legitimate ecommerce websites. They’ll do this in one of two ways: either they’ll create a new brand that sells popular products that people are searching for, or they’ll mimic an existing brand and build a site that looks almost identical to the real one.
They’ll even create fake email addresses using brand names to trick buyers into believing that they are supporting a legitimate, well-known brand. These sites make their way onto the screens of consumers through advertisements launched on social media sites like Facebook and Instagram.
Hackers and criminals will also attempt to install malware onto the device of a consumer by convincing them to link on an unsafe link found in an email or social media advertisement that looks like it’s coming from a legitimate brand.
Malware puts malicious code on your computer that creates vulnerabilities and allows criminals to gain access to your machine and your private information—information they can use to steal your money or access your online accounts.
Phishing & Social Engineering
Cybercriminals will also use social engineering tactics to learn personal information about consumers that they can use to access accounts and steal money. This is known as phishing.
Some examples of social engineering tactics include creating fake accounts of family members and sending emails asking an unsuspecting victim for money or information, or sending an urgent too-good-to-be-true offer through a Facebook message using a fake profile that looks like it’s coming from a trusted friend or family member.
Cybercriminals and hackers look for websites that lack secure checkout experiences. If the information you’re providing to a retailer is not encrypted, it could be scraped and taken by a cybercriminal and sold to another party. If that happens, you’re personal identity and financial accounts are at risk of being compromised.
You can recognize whether or not a website is secure by looking at the domain and making sure that the website you’re visiting is using SSL encryption. If the checkout page uses http:// and not https://, you should think twice before entering your personal information into any form fields.
Deals That Seem Too Good to be True
Social ads, website banners, pop-ups, and emails that contain special deals, discounts, and offers on products that feel too good to be true usually are.
During the holiday months, cybercriminals will launch campaigns like this to get consumers to click on unsafe links or provide information to buy products that aren’t actually real.
These ads usually communicate some sort of urgency in an attempt to get consumers to act on them before they’ve had time to really consider whether or not they are legitimate.
How to Protect Yourself When Shopping Online
Just because the risk is there doesn’t mean you shouldn’t shop online this holiday season.
There are steps you can take to protect yourself and your information from criminals and still buy the gifts you want to give to your closest friends and family members.
Here are eight tips to keep in mind:
1. Don’t click on pop-ups and offers that seem too good to be true.Avoid clicking on pop-ups that appear over websites, especially those that contain offers and discounts for products that seem too good to be true.
2. Don’t auto-save or auto-populate your credit card information.Although it may feel convenient, do not save your credit card information in your browser. Manually type in your card number each time you make a purchase. The extra time it takes to do so will give you more time to think critically about the website and brand you’re about to purchase products from.
3. Make sure your machine is running with the latest security updates.Never enter your personal information onto a website unless you’ve installed the latest security updates and software on your computer.
4. Inspect websites, emails, email addresses, and social profiles closely.Be hyper-critical of the emails and email addresses you receive from brands. Look for misspellings, fake addresses, or odd visual components as signs that an email could be fake. Always verify that the message you’re receiving from a family member or friend on social media is legitimate by reaching out to them using another form of communication, like a phone call.
5. Only buy from reputable brands that you can validate. Only buy products from brands and websites that you know and trust or can verify to be genuine.
6. Only provide your credit card information in secure environments. Never provide your credit card information if it appears that the checkout experience is not secure.
7. Slow down and evaluate every purchase before you enter and submit your information. Take time to think about every purchase you make. Don’t let yourself get too caught up in the season to recognize warning signs when they appear.
8. Use strong passwords and 2-factor authentication when possible. Keep your passwords secure. Don’t use common passwords or words that hackers can easily find on your social profiles, like your hometown, your mother’s name, the name of your pet, your birth month, or your favorite sports team. When possible, enable 2-factor authentication on your online accounts to add an extra layer of protection.
The holiday season is a fun time to shop for gifts for loved ones. Use the tips and information outlined in this article to keep your information and your money out of the hands of cybercriminals.