The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday.
According to Adobe Analytics’ recent holiday forecast, online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.
This prolonged season of online shopping (and stress) will provide ample opportunity for phishers, smishers, vishers and identity thieves to pilfer your valuable personal and/or payment information. So, whether you plan to shop on the web or a brick and mortar store, extra vigilance is warranted. Here are 50 ways to avoid getting scammed on Black Friday — and beyond.
- Choose credit over debit
Credit cards offer markedly better fraud protections than debit cards, which connect directly to your bank account. Many credit cards also offer ancillary protections, like purchase protection, price protection and extended warranties.
- Consider alternate payment methods
Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Virtual credit cards similarly allow online shoppers to mask their financial accounts.
- Monitor your statements
No matter your payment of choice, check bank and credit card statements daily for suspicious or erroneous charges.
- Set up transaction alerts
Many financial institutions offer free transaction alerts that notify you when charges hit your account. These alerts can help you quickly spot fraud.
- Report mysterious charges promptly
If you notice something that shouldn’t be on your bank or credit card statement, call your bank, credit union or credit card company immediately to dispute it. Immediately cancel all compromised cards and request replacements.
- Be careful when making payments over the phone
Never provide your payment information to anyone who calls you. Instead, hang up and contact the company directly to handle all transactions.
- Guard your personal information
Be similarly wary of turning over your address, phone number or, worse, Social Security number, to unsolicited callers. (It’s worth noting that there’s no reason a legitimate retailer would need that last one — the skeleton key to your identity — to process a purchase.)
- Lock your devices
Make sure your smartphone, tablet and laptop are password-protected, particularly if you’re in the habit of carrying them around wherever you go.
- Update your browsers
Popular browsers, like Safari or Firefox, frequently issue updates to protect against scams. (Think of Google Chrome blocking you from visiting a suspicious website.) Make sure you have the latest version to protect yourself against new or emerging threats.
- Leverage antivirus software.
Protect yourself from malware by purchasing, updating, and upgrading antivirus software. Malware is malicious software designed to harm devices or glean data to commit identity-related crimes.
- Browse online using secure networks
Stick to shopping when connected to your private Wi-Fi network as public Wi-Fi is a hotbed for criminal activity any time of year.
- Use a VPN
If you have to connect to the internet using a public network, do so with a virtual private network. VPNs encrypt data, making it much harder to intercept when transmitted through a shared or suspect internet connection.
- Limit the scope of your holiday spending
Keep purchases concentrated to a one-to-two week window, if possible. Shop at reputable and recognizable retailers.
- Do your research
If you’re shopping at a retailer that is new to you, research the company’s standing on the Better Business Bureau website. You can also check a site’s status via Google’s Transparency Report tool.
- Read reviews
Scammers aren’t exactly known for their five-star ratings. If a purported company has a bevy of bad reviews — or no reviews at all — consider that a cue to take your business elsewhere.
- Compare prices
Minimize the odds of getting price-gouged by legitimate and illegitimate retailers alike by comparison-shopping across trusted websites before making a purchase.
- Check for “HTTPS” in the web address bar
While shopping, check that a website url starts with “HTTPS” (vs. HTTP). This designation signifies that the site has a Secure Sockets Layer (SSL) certificate. SSLs ensure all data is encrypted.
- Look for the lock
A green or gray padlock icon in your browser’s address bar also indicates that information, like credit card numbers, is encrypted when transmitted.
- Beware web address misspellings
Typos are a surefire sign of fraud. Check urls for slight modifications to a popular retailer’s name. (Think “amazn.com” or “banofamerica.com”.) You can hover your mouse over links in emails to see full urls without having to click on them.
- Create long and strong passwords
A strong password contains a random collection of uppercase and lowercase letters, numbers and symbols or a series of disassociated words, numbers and characters.
- Vary login credentials across accounts
Never use duplicate usernames or passwords across any of your online accounts to limit your exposure in case of a data breach.
- Change passwords repeatedly
Conduct a password audit before you start your holiday shopping — and after, to decrease the odds of getting hacked after the holiday season is over.
- Enable two-factor authentication
Most online accounts allow users to enable two-factor authentication, or 2FA, which requires someone to login in with a password and a secondary credential, like a one-time code sent to a cell phone. Consider 2FA the equivalent of a lock on your front door: It won’t guarantee protection for your possessions, but it will provide a fair amount of security with minimal effort.
- Resist the urge to auto-save payment information
Online auto-pay options or auto-fill settings are certainly convenient — but they’re also risky, leaving your credit or debit card information vulnerable to thieves if they compromise whatever protections you have in place.
This fine print can provide valuable information regarding the data a site collects, how it’s protected, how they use it and who else has access to it.
- Know how to spot ‘malvertising’
Malvertising occurs when criminals hide malicious code in ads on legitimate websites. Common schemes include pop-ups advertising free goods or services in exchange for filling out a survey or warnings that your device has been infected.
- Turn on an ad blocker
You can minimize exposure to malvertising by using an ad blocker, disabling Flash and Java and keeping all software systems updated.
- Watch your wallet
If you walk into a store, keep your purse and/or wallet close. Never leave it in your shopping cart, car or even a back pocket.
- Carry one card at a time
Be equally vigilant about traveling light: Carry one card for charging your holiday purchases. Leave cash, your checkbook and your Social Security card at home (in a secure location, of course).
- Use ATMS carefully
Thieves are known to install skimmers, devices intended to pilfer payment information and PIN codes, wherever and whenever possible. To mitigate risk, avoid non-bank ATMs, particularly if they’re outside or in areas with little foot traffic, and scan all machines for signs of tampering.
- Guard your PIN number and security code
Memorize your PIN number instead of writing it down on your card or keeping it in your wallet. Never let a store clerk enter your PIN code for you. Do it yourself. Place a sticker over your credit card’s CVV code, that tiny three-digit number on the back of your card at the end of the signature box.
- Save your receipts
Compare the totals to the charges that appear on your credit card statements.
- Examine “on-the-rack” gift cards closely
Criminals often steal account codes from gift cards that are easily accessible, so look for signs of tampering before purchasing one. It’s advisable to purchase gift cards close to Christmas and encourage recipients to use them right away.
- Be wary of email offers
There’s a chance the unsolicited offer in your inbox is a “phishing” scheme. “Phishing” occurs when a scammer poses as a legitimate company or website in an attempt to get their targets to click on a link that prompts them to enter personal information or downloads malware onto their devices.
- Consider attachments a big red flag
Retailers will never send an unexpected attachment. If you receive an email from a seemingly legitimate retailer that contains an attachment, close the email and call the retailer directly.
- Be dubious of deals via texts
Phishing schemes don’t only travel by way of email. Avoid clicking on links in unsolicited texts, especially if the deal they’re touting seems too good to be true.
- Question correspondence on “delivery issues”
In one of the tried-and-true scams of Christmas, fraudsters phish by sending their targets texts or emails about “delivery issues” or false-shipping notifications. Contact the sender directly if you get one of these communications.
- Track your shipments
Avoid delivery issue scams by tracking your shipments via confirmation emails or password-protected online accounts.
- Install a security camera
Dissuade porch pirates from stealing deliveries by installing a security camera or smart doorbell.
- Consider contactless curb-side pickup or locker options
Security cameras are a deterrent, but not a failsafe. Thwart thieves by having items shipped to a nearby store that offers contactless curb-side pickup. You can also have packages held at your local post office or, for example, stored in an Amazon Hub Locker.
- Forgo fake coupons
Steer clear of freebies, discount codes, e-vouchers and sweepstakes making the rounds on social media. They’re often designed to harvest valuable personal information.
- Think twice before downloading shopping apps
Back in 2016, hundreds of fake retailer apps flooded Apple’s App Store just in time for the holiday shopping season. The apps were ultimately removed, but scammers are still known to slip into the App Store or Google’s Play Store from time to time. You can avoid downloading a counterfeit app by checking the developer’s or company’s name for misspellings or typos, reading reviews and accessing the app via the company’s official website.
- Say ‘no’ to wire transfers
They are a scammers’ modus operandi. Be equally dubious of any sellers or resellers asking you to pay via a gift card.
- Skip impulse donations
Scammers will tug at your heartstrings via charity scams at all times of the year, so pause before giving. Instead, visit the organization’s website by manually typing in its URL or using search to find the link. You can also use Charity Navigator to confirm an organization’s authenticity.
- Go directly to the retailer
It bears emphasizing: You can skirt most online shopping scams by ignoring unsolicited links and verifying any deals, steals and promotions directly with the retailer.
- Limit social sharing
Identity thieves make a living piecing together profiles or figuring out passwords by looking at photos, geolocational data or other seemingly innocuous information shared via social media platforms.
- Delete your wish list
Online wish lists are designed to let your friends and family know what you want for Christmas, but they also provide scammers with an aggregate of your interests. Resist the urge to create one — or, if you must, adjust your privacy settings so that only particular people can see it.
- Shred financial documents
A best practice any time of the year, never discard full bank or credit card statements in the trash. Identity thieves go through garbage in the hopes of obtaining payment or personal information.
- Check your credit reports
Unfamiliar accounts on your credit report could be a sign of identity theft. You’re entitled to a free credit report from each major credit reporting agency every twelve months — and due to the COVID-19 pandemic, the bureaus are offering free weekly online reports through April 2021. You can request these reports from AnnualCreditReport.com.
- Report scams
Spread awareness by reporting any scams you encounter to the Federal Trade Commission. If you fall victim to fraud, file a police report and register a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).
Identity-related crime doesn’t have to ruin your holidays or your life. Many insurance companies, financial services organizations and employers offer cyber and identity protection products and services as a perk of your relationship either for free or at a deep discount.
Before you have a problem, it’s a good idea to contact your insurance agent, bank or credit card rep or the HR Department where you work to find out if they offer it, if you are already enrolled and if not, what you need to take advantage of it.