Online shopping scams: how to protect yourself and your money in the holiday season

2021-12-06

During the holiday season, starting with Black Friday and Cyber Monday at the end of November and leading all the way up to Christmas day, online shopping becomes increasingly popular and incurs in a significant spike. While online shoppers browse the internet for the best offers on their product of choice and on gifts for their loved ones, cybercriminals are lurking, waiting to target unsuspecting online shoppers and steal their money and personal information.

Online shopping scams are on the rise, and typically occur through bogus websites and mobile applications, or fake ads on websites and social media. The popularity of online shopping makes it an attractive target for cybercriminals, who have devised different and innovative ways to pretend to be legitimate sellers and trick unknowing buyers. One of the preferred methods is to create a bogus website that mimics a legitimate website, copying its logo and design, with the intention of tricking shoppers into purchasing from the fake business. The products involved in these scams are typically luxury and popular brands of clothing, electronics and jewellery. The buyer will most likely never receive the purchased product, or will receive a poor-quality knock-off version. In more recent years, scammers have started setting up and advertising their shops on social media platforms like Facebook and Instagram. These stores usually have a short life, and disappear after making money by defrauding unknowing costumers. Scammers can also infect online shoppers’ devices with malware through malicious sites, apps and links, in order to harvest and steal personal information.

 

What to look out for

One of the ways to avoid falling for an online shopping scam is to to take time to check some important details, and know which red flags to look for. During the holiday season some e-shops might attract shoppers with appealing offers and discounts, or by offering a hard-to-find or sold-out product. While working through the holiday gift list, it is important to keep an eye out for suspiciously low prices and too-good-to-be-true discounts, as scammers might be trying to lure shoppers in by appealing to their desire for good offers on a wanted product.

The design of a website is also an important tell-tale sign. Legitimate online retailers and stores typically put great care in the format and presentation of a website, to appeal to customers and to make the online shopping experience simple and comfortable. A website that presents poor-quality design, looks unprofessional, has broken links, insufficient product information, or grammar and spelling mistakes, gives the shopper a clear sign that the business should not be trusted.

When shopping on an unfamiliar website, it is also good practice to check the “about us” and “contact” information as legitimate businesses will typically display a physical address, and a phone number or email address that customers can reach out to. Online shoppers can use this information to check on Google Maps whether the address leads to a location where a legitimate business could operate from, as opposed to a residential building. By calling the contact number, online shoppers can verify whether the listed number actually works and leads to the appropriate business. For an extra degree of security, shoppers should familiarise themselves with the delivery, exchange, refund and privacy policies of online businesses. If these policies have incomplete and vague information, or are missing altogether, this could be a warning sign that the business in question is not legitimate.

Taking some time to check the website’s URL is a fundamental step that can help shoppers to safely purchase items online. As mentioned above, scammers can create bogus websites that mimic legitimate businesses to try and trick customers. The URL of the bogus website will usually be almost identical to the real website’s URL, but with some minor differences. Online shoppers should look out for long and overly complicated URLs, as most e-shops will simply use the name of the business. It is important to keep an eye out for slight variations in the spelling of the URL, for instance misplaced or transposed letters, additional extraneous characters, or unusual domains. Shoppers can use Google’s Transparency Report to check the safety rating Google gives to a website.

 

Tips to safely purchase online

There are some tricks that can be used to help shoppers verify the authenticity of an online shop, and protect themselves from scams. One important recommendation is to do all online shopping by going to a trusted website and looking up products once within the website, rather than using search engines, as scammers could manipulate the search results to lead unsuspecting customers to their bogus website.

Before purchasing, online shoppers should do some research on unfamiliar websites, by checking reviews from other customers, and by looking up the name of the business alongside words like ‘scam’ or ‘complaint’ to verify whether any results show up. A high volume of negative reviews and complaints is an irrefutable sign that shoppers should take their business elsewhere. Online shoppers can also verify the legitimacy of a business by checking when the e-shop was registered with a quick WHOIS search. Shopping on newer websites could present a higher risk compared to older, more established, websites that other customers have previously purchased from.

Particular attention should be paid to the method of payment for online purchases. The safest way to shop online is to pay by credit card, as this transaction method offers the most protection for recourse following fraudulent charges. Scammers will typically request for payments using money orders, pre-loaded cards, wire transfers or cryptocurrency, as these payment methods do not offer the same level of protection. Once the money is sent to the scammer via these methods of payment, it is extremely rare for online shoppers to recover their money. It is recommended to steer clear of websites or social media shops that do not allow payments through credit card or secure transaction services, like PayPal. When online shopping, buyers should avoid any e-shops that ask unnecessary personal questions, for instance National Insurance or Social Security Numbers, upon purchase. It is also good practice to checkout as a guest, rather than creating an account on unfamiliar websites. If this is not possible, online shoppers should create accounts protected by strong passwords that have not been used for any other account, especially online banking accounts.  

Before starting the holiday online shopping spree it is good practice to take some routine security steps, for instance securing email accounts by using strong and unique passwords, and enabling Two-Factor Authentication on online accounts where possible, to prevent cyber criminals from easily hacking into these accounts. Online shoppers should also be wary of links they receive containing offers from unknown sources both over texts and email, and should keep their devices up to date with the latest software security updates. Lastly, online shoppers should always trust their instinct: if they have doubts on an e-shop or on an unbelievably good offer, better to steer clear to avoid getting scammed.

 

Reference list 

https://www.aarp.org/money/scams-fraud/info-2019/online-shopping.html 

https://www.actionfraud.police.uk/a-z-of-fraud/online-shopping-fraud

https://www.consumerreports.org/online-shopping/online-shopping-scams-how-to-steer-clear/

https://www.cnbc.com/2021/11/29/fbi-look-out-for-these-potential-cyber-scams-on-cyber-monday.html

https://www.fdacs.gov/Consumer-Resources/Scams-and-Fraud/Online-Shopping-Scams 

https://www.scamwatch.gov.au/types-of-scams/buying-or-selling/online-shopping-scams

Related news

SIAE Data Breach
2021-10-21

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Why phishing emails contain errors?
2022-05-04

You have probably noticed that all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional. Find out why.

Read more
CRIF Cyber Observatory  - 2021 Yearly Report
CRIF Cyber Observatory - 2021 Yearly Report
2022-05-10

CRIF Cyber Observatory analyzes the vulnerability of people and companies to cyber-attacks both on open web and dark web. It In 2021 nearly 2 million of alerts were sent through CRIF services, with an increase by 48,7% vs 2020. Alerts were related to data both found on the open web and on the dark web, with an increase of the latter by 57,9%.

Read more
No stop to the theft of personal data on the web during the pandemic: in the first half of 2020, cases increased by 26.6% compared to 2019.
2020-11-22

The users most at risk are men between the ages of 31 and 40. 73.2% of stolen accounts are linked to entertainment sites (online gaming and streaming), followed by financial services. Italy ranks 6th overall among the most affected countries.

Read more

Contacts

Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!