There are only a few days left until Santa leaves for his annual trip. If you haven't started shopping yet, now is the time.
But try not to panic and click before thinking. Scammers and other online Scrooges want to take advantage of your haste and trick you into falling for fake deals and other shopping scams.
It's the surge in online shopping combined with countless busy and distracted shoppers that makes this time of year so tempting for fraudsters, says Darius Kingsley, head of consumer banking at Chase.
“Many of us are stored throughout the year, at least to some extent,” Kingsley said. “Then it's late November and you've just started your holiday shopping, so panic sets in.”
This year's online holiday sales are expected to set records. Adobe projects that online sales in the US will reach $240.8 billion this holiday shopping season, representing growth of 8.4% over the same period last year.
They got off to a good start over the holiday weekend. Adobe says online sales for this year's Cyber Week, the five-day period that includes Thanksgiving, Black Friday and Cyber Monday, reached $41.1 billion, an 8.2% increase over the same period last year.
Like some shoppers, many scammers got an early start on their holiday activities this year. In its Holiday Threat Report released in November, Visa noted that the number of fraudulent and fraudulent merchant websites seen by its researchers in the past four months was nearly triple that of the four months prior.
James Mirfin, the company's senior vice president and global head of risk and identity solutions, said Visa has also seen an increase in other types of malicious activity, including phishing and social engineering scams, along with travel fraud and seasonal jobs.
Meanwhile, generative AI tools are making it easier for cybercriminals to craft their own scams, allowing them to spoof voices and create deeply fake videos that make their scams much more convincing, he said. And, needless to say, gone are the days of poorly written phishing emails that would raise the suspicions of even the least tech-savvy consumer.
“These things are starting to look and feel more and more like they're coming from your bank or someone you trust,” Mirfin said.
Mike Price, chief technology officer at ZeroFox, also pointed to the rise of tools like ChatGPT and other big language models as the latest game changer in the world of online fraud. He noted that in addition to fake voices and videos, those types of tools allow criminals to create photorealistic images of almost anything you can imagine, simply by entering a text message.
“And this wasn't really possible until the last couple of years and it didn't really mature until this year,” Price said. “Platforms have come a long way in the last few months.
It can seem daunting. But a few basic precautions will help keep you safe from the Krampus of the online world. Here are some expert recommendations on how to shop safely for the holidays.
Check your list (and credit card and bank statements) more than twice
Keep an eye on your bank and credit card accounts. It's good not only for security, but also for tracking your spending.
Mirfin said shoppers should set up purchase alerts on their accounts and monitor their statements carefully, especially this time of year.
You can make this task easier by limiting your holiday shopping to one credit card and email address. Doing so will also reduce the risk of forgery fraud if it gets to your other email accounts.
If you notice something off, log into your account directly through your bank's app or website, or call the number on the back of your card. Do not click on links in emails.
Do not pay for your purchase with cryptocurrency. By design, crypto is meant to be anonymous and extremely difficult to trace. If someone steals it, it's probably gone.
Retail Payment Requests gift cards should also be viewed with suspicion. They are also untraceable and can easily be converted into cash or goods by cybercriminals.
Don't be a feast for phishers
Spam and scam emails, text messages, and other types of messages are a year-round business, but they really pile up this time of year. They might look like a fraud alert from your bank or a big part of that must-have item.
The risk is that buyers could click on a link in a malicious email that takes them to a fake website that then collects their personal or financial information, putting them at risk of financial fraud or identity theft.
Major email providers do their best to keep scam emails out of your inbox, but some inevitably overstep their defenses, ZeroFox's Cena said. And it can't do much to stop people from clicking on things they believe are legitimate.
Scott Knapp, Amazon's vice president of worldwide buyer risk prevention, said order fraud, where a consumer receives a message or email claiming to have purchased some kind of expensive item they didn't, is on the rise this year. . Some are claiming a delivery issue, while others are now claiming fake “private” deals for Amazon Prime members.
When it comes to potentially fraudulent emails that mention Amazon, Knapp says the best thing people can do is just go back to the company's website or app. If there's a problem with the order or the company otherwise needs to put you on hold, that information will be in your message center.
Read more: Best Identity Theft Protection Services for 2024
Is that Santa Claus? Or just the Grinch in disguise?
Sure, you can Google around if the big box retailers don't have what you want in stock, but make sure you're dealing with a legitimate business. Be especially skeptical of ads that appear on your social media feeds that promote amazing limited-time offers.
When in doubt about the authenticity of any offer, message or retailer, the advice is the same.
“Customers should be suspicious,” Knapp said. “It's the old saying, 'If it seems too good to be true, it probably is.' Go away from him.'
You're almost always better off buying from well-known retailers, but if you want to work with something that looks like a discount site or even a small business, you should check that out first. Look for reviews online and check for complaints with groups like the Better Business Bureau, Price said.
Even if you do your homework, you should be prepared for the possibility of losing your money to a scammer, he said. If you're not okay with that, you're probably better off paying a little more elsewhere.
Be picky when it comes to gift cards
Some people are really hard to buy for, especially if you're short on time, which may tempt you to just buy them a gift card. But experts say cybercriminals are also looking to cash in on those cards before their recipients get a chance to use them.
While digital gift cards are ideal, never buy them from a third party, even if they're offering them at a generous discount, Chase's Kingsley advised. There is no guarantee that they will actually arrive. And even if they show up in the mail, they may turn out to be expired or used.
Although they are difficult to wrap and put under the tree, it is best to buy digital gift cards directly from the company that issued them or from a major retailer. If you really want a physical card, look for one with intact packaging, preferably behind the counter in a store.
Elf on the Shelf may not be the only one watching
Basic cyber security precautions, which you should take all year round, are a must if you want to avoid a visit from the cyber Grinch.
Make sure your devices and online accounts — bank and credit cards, email, social media, logins to shopping websites, etc. — are locked before you start shopping. Update your operating systems, antivirus software and all your applications.
All your online accounts are required strong, unique passwords. If you need help, use a password manager. User keys are becoming more and more accessible and can make things easier. Two-factor authenticationwhich requires a second identifier such as a biometric or a push notification sent to your phone, should always be enabled when available.
If you're concerned about the safety of free internet at your local store, consider signing up for a virtual private network. Good ones will mask your location as well as encrypt the data you send and receive over that Wi-Fi.
You can also use your smartphone's cellular connection. It is much more secure than any Wi-Fi connection out there.