With the holiday shopping season upon us, experts are reminding consumers to be vigilant about potential Black Friday and Cyber Monday scams.
An increased volume of online shopping during the post-Thanksgiving period means cybercriminals are primed to take advantage of unsuspecting buyers, and analysts from the cybersecurity firm EclecticIQ said earlier this month that they discovered a phishing campaign targeting e-commerce consumers in the U.S. and Europe.
The campaign, which analysts attribute to a financially motivated threat actor in China called SilkSpecter, uses fake Black Friday offers to lure prospective victims. Its goal is to obtain cardholder data, sensitive authentication data, and personally identifiable information from unsuspecting shoppers, EclecticIQ reported.
Phishing—defined as fraudulent activities that attempt to obtain sensitive information through trickery via emails or websites—is a rampant threat during the holiday season. Below are tips on how to avoid scams by checking a website's legitimacy.
Chase Bank has given the following tips to help customers identify bogus websites and avoid becoming victims of fraud:
- Study the URL and address bar of a website. Be wary of unusual or misspelled domain names. Legitimate websites often have straightforward, recognizable URLs.
- Investigate the SSL certificate. You can typically check whether a connection is safe by selecting the padlock icon, which also displays the certificate details. However, note that while an SSL certificate can indicate security, it doesn't always mean the site is trustworthy.
- Check for grammar and spelling errors. Poorly written content can signal a fake or hastily created website.
- Verify the domain. Ensure the domain matches the retailer's official name. For example, "amazon.com" is a legitimate URL, while a site called "amazon-shopping-deals.com" should give shoppers pause.
- Review the contact page. Legitimate websites generally include clear and functional contact information. If you locate its contact information, you should still consider a few questions. Is there only one method of contact? Is it a generic contact form? In general, if it appears the website does not provide complete contact information or is pointing you to other sites, the website may be harmful.
- Research the company's social media profiles. Reputable companies often maintain active and verified social media accounts. When checking a company's followers, remember that quantity and quality are both vital. Scammers may buy bot followers to appear legitimate to the naked eye. If its followers have empty profiles or otherwise do not appear to be authentic, the account is most likely fraudulent. A phony account may also include off-topic information or superficial responses, such as a large number of emoticons. Other prominent signals of a fraudulent social media account include excessive use of stock photographs and postings with no original text.
- Look for a privacy policy. Legitimate websites will detail how they handle user data.
- Avoid clicking links from suspicious emails. Questionable links in unsolicited messages can lead to phishing sites, as they can contain malware and request personal information. It is important not to trust links from questionable sources, whether they arrive in emails, text messages or your preferred method of digital communication.
Experts also recommend leaving any site that looks odd and checking with the three major credit reporting bureaus—Equifax, Experian and TransUnion—to freeze or lock your credit if you fear you've been scammed.