It is the most wonderful time of the year… unless you get scammed. The holiday shopping season is in full swing, and so are fraudsters looking to steal your money and more. With more people shopping online, digital retailers make getting your holiday shopping done easy; you can buy what you need without going outside. It also comes with its own unique risks. Digital payment fraud has been growing with criminals paying special attention to the Black Friday shopping season.
“The total number of financial phishing attempts targeting e-payment systems more than doubled from September 2021 (627,560) to October 2021 (1,935,905), showing a 208% increase,” according to a study by online security company Kapersky. Those numbers are actually somewhat modest compared to what SEON Technologies, a fraud prevention, and detection API, found last year.
People trust big retail brands like Amazon, that makes sense because hundreds of millions of Americans use Amazon.com and its app on regular basis, which builds trust in the brand. That trust can be exploited by people looking to perpetrate online payment scams. Criminals often use well-known brands to lure people. “Amazon was consistently the most popular lure used by cybercriminals to launch phishing attacks. The second most popular was, for most of 2021, eBay, followed by Alibaba and Mercado Libre,” according to the Kapersky report.
Digital payment scams have been growing as we have moved closer to the traditional start of the holiday shopping season. “The total number of financial phishing attempts targeting e-payment systems more than doubled from September (627,560) to October (1,935,905) — a 208% increase,” according to Kapersky.
The two most prevalent holiday scams are non-delivery and non-payment crimes. In non-delivery situations, payment is sent, but goods and services are never received. In non-payment scams, goods and services are shipped, but the seller is never paid. According to the FBI’s Internet Crime Complaint Center’s (IC3) 2020 report, non-payment or non-delivery scams cost people more than $264 million. Credit card fraud accounted for another $129 million in losses.
One of the most common scams is to create a fake website offering great deals for popular shopping portals. Kaspersky researchers uncovered such phishing pages for Walmart, eBay, Amazon, Alibaba and Mercado Libre in various languages.
In the example below, the user can supposedly earn a special prize for completing a four-question survey. In fact, users end up giving away their personal data for free. That is because these surveys often have a long registration form that requires users to fill in their identifying information and, sometimes, bank card details. They’re often asked to then send the link to several friends so that the scammers can reach more potential victims.
Scammers will also use tactics like sending you emails that appear to come from Amazon or other credible retailers, telling you your account has been locked or that your credit card information needs to be updated. People naturally want to correct these problems and may try to do so without considering whether they’re being scammed.
The FBI offers the following tips to protect yourself when shopping online:
Know who you are buying from or selling to.
- Check each website’s URL to make sure it is legitimate and secure. A site you’re buying from should have https in the web address. If it does not, don’t enter your information on that site.
- If you are purchasing from a company for the first time, do your research and check reviews.
- Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you are using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.
- Avoid sellers who act as authorized dealers or factory representatives of popular items in countries where there would be no such deals.
- Be wary of sellers who post an auction or advertisement as if they reside in the U.S., then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.
- Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.
Be careful how you pay.
- Never wire money directly to a seller.
- Avoid paying for items with pre-paid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item.
- Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.
Monitor the shipping process.
- Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
- Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products.
If you suspect you have been victimized, contact your financial institution immediately, call your local law enforcement agency, and file a complaint at ic3.gov.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
https://www.redskyalliance.org/
https://www.wapacklabs.com/
https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments