Of the 69 percent of Americans who plan to get a jump on their holiday shopping, the National Retail Federation reports that 78 million of them will be in front of laptops and on cell phones and tablets Monday, looking to catch the best deals.
Last year, sales on Cyber Monday – the day many return to the office and begin to turn their attention to the upcoming Christmas gifting season – hit $3.45 billion, up 12.1 percent the previous year, according to Adobe Digital Insights.
But lurking behind all those transactions is the constant threat of cyber crime. In fact, the number of malicious attacks goes up almost 40 percent on Cyber Monday as shoppers let their guard down and cyber criminals seize the opportunity. Texas ranked third in the nation for average total dollars lost in cyber crime last year.
“Finding the hot deals has become the big thing, and people are looking for the latest ads, specials, and online-only specials,” said Roman Medina, vice president and information security officer at Jefferson Bank. “People have become accustomed to signing up for a service or reading a blog for hidden Black Friday deals, and scammers know this and create fake emails and websites. The scammers read up on the latest specials to ‘create’ deals.”
Shoppers fall victim when they click on the ad and unknowingly install malware on their device, or when the ad is linked to a website that collects personal information.
“The more shopping there is, the more deals there are online. It’s brought everyone out, and for all the cyber criminals, it’s easy prey for them,” Medina said. “They cast a wide net with little effort and just let people come to them.”
Adobe reports the top promotion drivers on Cyber Monday – how shoppers find the deals – are search ads and direct sales ads, with some following links they find in shopper helper sites, like CNET and RetailMeNot, as well as email promotions.
But ads on social media platforms like Facebook also drive shoppers – and that’s often where people stumble into online schemes that trick them into giving access to networks and sharing personal information. Of the total $1.3 billion in losses reported to the FBI Internet Crime Complaint Center’s (IC3) last year, social media played a role in more than $66 million of those losses.
Non-delivery scams are one of the most common — ordering and paying for goods or services online that are not delivered. Those accounted for 81,029 victims and $138 million in losses. But that number could be low; the FBI estimates only about 15 percent of fraud victims report the crimes to law enforcement.
“Attackers are getting more and more sophisticated all the time,” said Bret Piatt, CEO of Jungle Disk, a data security firm in San Antonio. “Each individual threat is a full-time job just to keep up with them and do things to combat them.”
Piatt recommends that when you’re shopping online throughout the holiday season, do not click on ads, no matter how good the deal. Instead, use your preferred web browser (Chrome, for instance) to navigate directly to a retail site. “If the ad is legitimate, they are going to have a link to it on their main website as well. This eliminates hackers using advertising networks to target you.
“And while advertising networks try to stop this form of fraud from getting into the network, it’s one of the more common attack vectors we see out there today. There’s all sorts of different ways that hackers can inject these fake ads in there.”
The same strategy goes for email promotions. You can either avoid clicking on the ads within an email and go directly to the site, or use your mouse to hover over the link and verify that the web address (or URL, uniform resource locator) is the retail outlet that sent the email and not a bogus address.
When the Federal Trade Commission released its annual summary of consumer complaints in March showing the FTC’s Consumer Sentinel Network (CSN) had received over 3 million complaints last year, there was some good news: Identity theft complaints declined in 2016.
And some bad – CSN saw a spike in consumers reporting that their stolen data was used for credit card fraud – from nearly 16 percent in 2015 to more than 32 percent in 2016.
There are ways to help prevent this, Piatt said. First, do not save your credit card information on a website. “Treat it the same as if you were standing in a physical store,” he said, keying the numbers each time you make a purchase. “You don’t just go to Target and just tell them to keep your credit card on file … Best practice is not to leave information in places it doesn’t need to be.”
Piatt also recommends avoiding public WiFi while shopping online and, to prevent malware, keeping your device is updated with the latest versions of software. Be sure to use a credit card versus a debit card for the extra consumer protections they offer.
And if you want to be extra cautious, he said, purchase prepaid cards, like a Visa gift card, and use those online rather than your credit card.
“All of this will minimize the chance you have of something happening to you, and it’s taking some of the same preliminary precautions we would in the physical world and using them in the digital world,” Piatt said.
Another kind of online fraud known as the “impostor scam” also increased last year. In these crimes, a scammer pretends to be someone trustworthy, such as a government official or computer technician, and convinces the consumer to send money. CSN data showed military families are particularly targeted with this scam.
At USAA, a financial services provider to the military, chief security officer Gary McAlum reminds its members to be smart with passwords, wary of public WiFi, and proactive with device security settings and security features. Also, be sure to respond to security and fraud alerts from your bank about suspicious financial activity.
Consumers should be “picky about permission,” McAlum warned, by not sharing with online apps more about your location or access to your bank accounts, camera and contacts than necessary.
In the recent hacking of the Starbucks app, Medina saw one of his own family members become a victim after linking the app to her bank account.
“They were able to hack into her Starbucks account, probably because the username was part of another breach,” Medina said. “The fraudsters were able to increase the amount of money loaded on the card and, in turn, bought mugs and tumblers and coffee at a Starbucks store, all through the app.” Starbucks has stated only a small number of customers have been affected.
“It’s always a matter of time for your card to be part of a breach,” Medina said. That’s why it’s important to know what kind of fraud liability protection your bank or credit card provides. It is especially important if you’re using a payment service like PayPal or Apple Pay.”
If you think you might be the victim of internet fraud, the FBI recommends filing a complaint with IC3.
“I have had my credit card compromised multiple times,” said Piatt. “I travel, shop online, eat at restaurants – there are so many ways you can become a victim.
“It doesn’t hurt, during the holiday season, to log in and look at all your transaction history. Spend a few minutes doing that every day or two to make sure there’s nothing on there you didn’t order.”
This story was originally published on Nov. 23, 2017.
Roman Medina is awesome!