The holiday season is a bonanza for criminals who see multiple opportunities to catch unwary shoppers, particularly online. We’ve long been attracted to the convenience of online shopping, and the pandemic’s lockdowns have galvanised our enthusiasm.
Global digital commerce has grown by 71%, according to Salesforce’s Global Shopping Index, and in South Africa, the Consumer Pulse survey found that 30% of people shopped online in June.
Cybercriminals know this. So to prepare for the holidays, here are eight tips and tricks to look out for:
1. If it’s too good to be true: This is rule number one to avoid online scams. Criminals will try to lure you with something free, such as fake vouchers or discount offers, special offers on limited quantities of a sought-after product, or inducing you to panic because something seems wrong, such as an email claiming your order has failed.
They are hoping you’ll rush and make a mistake by punching your details into a fake site. Don’t fall for it. Take your time, and if it doesn’t feel legit, delete the message. Contact the provider independently (not using a link in the message) and use a search engine to research the deal.
2. Never trust the link: If you receive a suspicious message, you aren’t in trouble – yet. An attacker needs you to either click on a link or install an attachment.
If you get a notice from your bank, courier or anything claiming you have a problem with your account or a package that you know nothing about, contact the company directly through their call centre. You’ll soon know if it’s legitimate or not but never click on a link until you are 100% sure about it.
3. Think twice about fake messages: Criminals can send fake messages to panic you. For example, an SMS stating your credit card has been frozen, accompanied by a convenient link to unblock it.
Another tactic is to send fake shipping invoices. As you can imagine, it’s a great way to supply those dangerous links and attachments mentioned earlier.
4. Buy from reputable sources: Many fake sites and apps simply copy the look and feel of the real shops. Look carefully at the site’s address and certificate (the little padlock icon on the browser address bar).
A few big red flags include an expired or missing certificate or a convoluted address. Just because the company’s name is part of the address doesn’t mean it’s their site, especially if the name is a subdomain (so brand.site.com instead of brand.com).
The same goes for gift cards and shopping apps – these can often be fake and direct you to a bad site. There is also a trend of cybercriminals using fake charities to steal your banking details.
Always double-check the source. Check online reviews and only download from reputable app stores, don’t easily click on special adverts offered on social media.
5. Use third-party payments: Even reputable sites may be compromised, and criminals use an ‘e-skimmer’ to steal your details. To be safe, use a third-party wallet or virtual card for the transaction.
You can also open a bank account and card exclusively for online transactions, separate from your main bank account, and limit what funds you keep in there. And watch your statements closely!
6. Avoid public Wi-Fi: Free Wi-Fi is terrific, but it’s effortless for scammers to infiltrate these or even create their own Wi-Fi hotspots to snare people. If you do use public Wi-Fi, don’t make payments. Also, install VPN software to encrypt your data.
7. Activate multi-factor authentication: Multi-factor authentication (MFA) is combining your password with something that you own, like a one-time pin (OTP) app on your phone. This makes it a lot harder for criminals to use your login data. Try using shopping sites that offer MFA, and activate such features on your bank card.
8. Don’t use the same password everywhere: This is often how people get caught. If a criminal gets hold of your password and you’ve been using it on multiple sites, they can access those sites.
Use different passwords and, if you struggle to remember them, use a password manager service to keep them safe yet easy to access.
By Anna Collard, SVP Content Strategy at KnowBe4 AFRICA
Follow IT News Africa on Twitter