Cyberscams can ruin your holiday shopping
Cyber Monday is Nov. 27. But many holiday shoppers are hunting for deals via their smartphones and laptops long before — and after — that heavy online shopping day.
Online holiday shopping deals are all over the place — but if you think you’re too smart to get caught by a scammer, think again.
Two in five U.S. consumers have fallen victim to an online phishing attack, according to a 2017 Cyber Monday Phishing Survey by DomainTools, a Seattle-based company that helps organizations and security analysts map criminal activity.
Here’s how to avoid getting scammed during the holiday shopping frenzy:
Stop chasing every deal
“We live in an age where we have all these push notifications and emails,” said Steve Koenig, senior director of market research at the Consumer Technology Association, a trade group in Arlington, Va.
The volume of such activity during the holidays, he said, makes consumers even more vulnerable to clicking on a $100 coupon before thinking twice.
“We’re all moving super fast; we get distracted,” said Tim Helming, director of product management at DomainTools.
When we’re rushing, we might not notice the website in an email has an odd name.
Helming told me consumers need to be wary of fake sites that play up the “Black Friday” frenzy. Dozens of malicious domain registrations that touted a Black Friday connection cropped up last year beginning around Nov. 20, and he expects the same this year, too.
Learn how to spot a fake
Watch out for a domain decorated with a few extra, possibly even reassuring, words or odd spellings. DomainTools listed some brand-abusing domains that have a dot-com at the end but are still frauds, such as Amazons-ecure-shop, Target-official-site or Walmartkt.
Other fakes include Amazonshop.gq or Targethome. today or Walmart-outlet.ga.
Helming said domains that include a hyphen and words such as “shop” or “secure” can be good clues to a phony site, as many brand names use their names alone for their sites.
Other words in a fake URL site that appears connected to a wellknown name might be something like “outlet,” “discounts” or “deals.”
Many times, the fraudsters use words like “official site” to make their fake sites look legitimate. Or there might be extra letters, such as Yahooo or Walmaart.
Take care on social media. Phishers can use “URL shortening” services to obfuscate phishing URLs. As a result, a very short URL can be used in tweets, which redirect the visitor to a longer “hidden” URL, according to the Anti-Phishing Working Group’s research.
Beware ‘free’ gift cards
Yes, one of those free $50 Amazon gift cards popped up in my email the other day. Of course, it’s a spoofed email. So I just hit delete.
Amazon is warning consumers that phishing emails will direct you to a “false website.”
The fake sites can steal sensitive information to commit fraud, according to Amazon. Phishers can steal user names and passwords from one site to engage in fraud on other sites.
Amazon doesn’t send emails that ask for your Social Security number, bank account info, PIN or Amazon.com password. Susan Tompor is a personal finance columnist for the Detroit Free Press.