Now that the holiday shopping season is upon us, consumers will be on the lookout for the best deals on the hottest toys, electronics, clothing and more. While this season can bring good tidings and gifts, it also brings out crafty and sophisticated threats from malicious actors. These hackers leverage the increased interest and online activity to launch a myriad of holiday shopping scams.
Shoppers come out in force
Black Friday is still one of the most popular days for holiday shopping following Thanksgiving, but Cyber Monday also brings online shopping to all-time highs. According to numbers from the National Retail Federation, 174 million Americans shopped over the holiday weekend including Black Friday and Cyber Monday. Over half – 54 percent – planned to spend about the same on gifts as last year, and 24 percent planned to increase their gift budget this year.
What's more, consumers aren't just shopping during their personal down time. One study from CareerBuilder found that 53 percent of corporate employees shop for gifts while at work. This includes 43 percent who admit to spending more than an hour on these online shopping pursuits.
In this way, holiday shopping scams don't just impact individual, consumer shoppers – a worker using his corporate network-connected device could also put the enterprise infrastructure at risk. As the shopping season hits its stride, here are a few of the most pervasive threats to be aware of:
Tempting phishing emails
"While 91 percent of consumers noted they were aware of phishing threats, two in five Americans have fallen for a fake."
Phishing attacks run rampant during the end-of-the-year shopping season, and much of this has to do with consumers being ready to pounce on the best deal. Hackers use this knowledge to their advantage, and craft legitimate-appearing emails promising discounts, coupons, gift cards and other tempting bonuses. However, these emails often contain a malicious link that infects victims' devices with malware, or snoops and steals their personal information for fraudulent purposes.
USA Today reported that while 91 percent of consumers noted they were aware of phishing threats, two in five Americans have fallen for a fake.
To spot a phishing attempt, check that the sender email address is actually what the company uses. Also, hover over links in emails before clicking them to ensure you'll be directed to the site you're expecting.
Spoofed online stores and malicious apps
Another scam that comes to light during this time of year are fake websites and mobile shopping apps offering the latest toys, technology and popular items. Tim Helming, DomainTools director of product management told USA Today that hackers look to register fake domains ahead of Black Friday. Many of these use popular brand and company names to trick customers, but the domain will append a few extra letters or words or even incorrect spelling. Examples include Amazonsecure-shop, Target-officialsite, Walmartkt, etc. In addition to Amazon, Target and Walmart, PayPal is also a commonly targeted brand for this type of holiday scam.
When shopping online, it's important that users pay close attention to domain names to ensure they are browsing with the official company, and not a closely mirrored fake. In addition, looking for security seals can be helpful as well – these seals note the presence of data protection required for online transactions in the retail industry.
Websites aren't the only target of spoofers: Users often receive notifications promoting them to download and install mobile apps to receive special discounts and deals. These apps can be a form of malware designed to hijack your mobile device. When seeking out mobile applications, users should only download from approved online stores like Google Play and Apple's App Store.
Fraudulent notifications and confirmations
Emailed coupons, gift cards and fake web sites aren't the only fraudulent activity that takes place during the final month of the year. Security experts also warn shoppers of fake notifications or email confirmations requesting personal information.
For example, a recent email scam targets Amazon users, and includes a subject stating, "We could not confirm your address," according to Forbes. The email includes an official Amazon seal, but is a clever ruse designed to direct users to a malicious, third-party site run by hackers.
Data protection during the holidays
In addition to keeping an eye out for sophisticated fakes, users should also ensure that they have adequate security in place that can safeguard their network and personal data against threats like these.
To find out more about the kinds of threats impacting shoppers this year, as well as the most optimal strategies for protection, contact the experts at Trend Micro today.