This blog was originally published in 2018. It has been updated to reflect current guidance.
It’s no secret that cybercriminals look for easy targets. With Black Friday, Cyber Monday and the e-commerce-heavy holiday season, there’s no shortage of opportunities for criminals to benefit when online shoppers let their guard down. In this blog, we share ADNET’s top safe online shopping tips for the 2022 holiday season.
In 2020, the COVID-19 pandemic had experts predicting huge numbers of people shopping online – and they were right. According to Adobe, Cyber Monday of 2020 broke records and took the title of being the biggest e-commerce shopping day EVER in the United States. That trend has only grown over the last few years. Black Friday of 2022 saw 72.9 million people shopping online and in-store, but Cyber Monday took top honors with a reported $11.3 billion dollars in sales. Between the Thanksgiving holiday and Cyber Monday, 196 million people shopped. That’s 196 million opportunities for cybercriminals – in one five-day span.
Why are holiday scams so popular?
This time of year can be stressful. Retailers create high-pressure situations and prey on emotions to drive holiday sales. We all know this, and so do cybercriminals. Attackers rely on it because they know that the fast-paced holiday sales and limited-time offers can persuade even the savviest shopper to be less cautious than normal. The lure of avoiding the crowds and snagging unprecedented deals is just too good to pass up. It’s an emotional trigger to throw caution to the wind.
Don’t worry, you don’t need to stop shopping! Read on for a list of ways you can enjoy the convenience of the Internet using safe online shopping habits this holiday season.
Top 5 safe online shopping tips for the 2022 holiday season
- Beware of phishing scams
- Avoid unknown retailers
- Protect your information
- Monitor your accounts
- Ship to a secure location
1. Beware of phishing
Phishing is a hugely popular tactic used by hackers and other cybercriminals to steal sensitive information, make fraudulent transactions, and hack accounts using stolen credentials. Over the past few years there has been an increase in shopping related phishing attacks. There’s also a new term, “smishing,” which refers to phishing scams sent via text. Examples of those types of messages can be found here. Here are the FTC’s tips for avoiding text scams.
These types of attacks will most likely appear to be from a recognizable retailer or one of your financial institutions, and they look more professional every year. Topics can include anything from a fake issue with a recent order to a billing problem that requires you to re-enter your financial information or shipping address.
Take a critical look at every email and text you receive. Look for issues with the address, such as numbers or letters that shouldn’t be there. Compare suspicious messages to previous legitimate communications from that company. Hover over links in emails to make sure they’re directing you to the real website. When in doubt, manually access the website by typing the main URL into your browser. Pause to ask yourself if you’ve actually made a recent purchase with that retailer, or whether it’s just a popular company that many people are likely to have shopped at in the past – hackers use that trick to get people to click on the email without thinking. If it seems suspicious or to have come out of the blue – don’t click on it.
The bottom line is you can’t be too careful. It’s a lot easier to prevent disaster before you click than after.
2. Avoid unknown retailers
This isn’t to say every new store is bad, but there are a lot of pop-up sites specifically designed to steal money and scam users during the holiday season. These sites try to trick shoppers by offering the latest technology, gadgets, or toys. Whether it’s a purchase of $5 or $500, don’t be misled.
Look for authorized retailers for items you want to purchase by visiting the brand or manufacturers website. Make sure that any site you’ll be shopping from is secure. Search the Better Business Bureau or other online reviews when in doubt.
Most of all, if it seems too good to be true, it probably is! The FBI seconds this logic.
3. Protect your information
This is a big one – but it’s also a broad topic. There are several different things you can do to protect your information for safe online shopping, but here are a few that make a big difference.
- Passwords: We’re always talking about the importance of good passwords – and online shopping is no exception. The best thing you can do is make sure you don’t reuse passwords. Each site or app should have a unique password. Make sure your credentials are complex and you have changed any passwords that could have been involved in any breaches. Use longer passwords, passphrases and complex characters to ensure your password is difficult to crack.
- MFA: Enable multi-factor authentication (MFA) on any shopping or financial sites that allow it. Requiring an attacker to take an extra step to authenticate can make the difference between a hacking attempt and a successful attack. Many credit cards, financial websites, social media, apps and shopping sites (thank you, Amazon!) have this option now, and more are added every day.
- WiFi: Don’t complete any transactions over public or free Wi-Fi. The deal can wait, trust me! It’s not worth exposing your information over an unsecured network. Use a VPN or wait until you’re on a secured network.
- Financial Information: If you get calls, texts or emails claiming to be from your bank or credit card, don’t automatically trust them. Call the number on the back of your card and ask to speak to the Fraud Department if you suspect a notification you received isn’t legitimate. P.S. I’ve done this before, and the representatives almost never get upset. If someone starts getting angry with you for wanting to verify a request, that’s a huge red flag that it might be fraud.
4. Monitor your accounts
Many transactions are completed electronically these days, so it’s easy to get a real-time view of your financial accounts. During the holidays, keep a close eye on any connected payment accounts, credit cards or apps used to make purchases. Even if you still receive paper statements in the mail, do you really want to wait until the end of the billing statement to catch fraudulent activity?
Another thing you can do is enable Multi-Factor Authentication (MFA) on your financial accounts, shopping accounts and even shipping accounts such as UPS and FedEx, requiring you to use more than just a password to log in. For more on MFA, check out this blog.
Most financial institutions will encourage you to set alerting thresholds, generating a notification if someone attempts to authorize a charge over a certain pre-determined amount.
Being vigilant and catching issues quickly is the best way to stop damage in its tracks.
5. Ship to a secure location
Ah yes, “porch pirate” season is back. Remember the stories from the last few years of criminals stealing packages off people’s porches, out of their driveways and even mailboxes? Tis the season, unfortunately. Despite the fact that it’s now a felony in several states, it’s still happening.
There are a few ways to combat this, and your local law enforcement community may be able to help. Some police departments allow residents to safely ship packages to their building and pick them up there. Check with your local police department to see if this option is available to you. Alternately, services such as Amazon Locker allow you to choose and designate your pickup location. Another great option is using the “Ship to Store” or Curbside Pickup features that many retailers have.
Sure, it’s not quite as convenient, but neither is a stolen package!
Happy Safe Online Shopping!
This isn’t a comprehensive list of all the things you can do for safe online shopping (although we do have that). However, following these tips will help you safely shop this holiday, wherever you are. From all of us at ADNET, we wish you a safe and healthy holiday season!
To learn more about cybersecurity, check out ADNET’s cybersecurity services and cybersecurity resources.
Original publish date: November 22, 2018
Updated publish date: December 07, 2022
