How to stay safe while shopping for last-minute holiday gifts

There are only a few days until Santa leaves for his annual journey. If you haven’t started shopping yet, now is the time.

But try not to panic and click before thinking. Scammers and other online Scroogses want to take advantage of your haste and trick you into fake deals and other shopping scams.

It’s the surge in online shopping, combined with countless busy and distracted shoppers, that makes this time of year so attractive to fraudsters, says Darius Kingsley, head of Chase’s consumer banking practice.

“A lot of us are lifted all year, at least to some degree,” Kingsley said. “So it’s late November and you’ve just started your holiday shopping, so panic sets in. It’s kind of all these typical emotions, but it clouds your judgment a little bit.”

This year, holiday online sales are expected to set records. Adobe projects that US online sales will reach $240.8 billion during the holiday shopping season, representing an 8.4% year-over-year increase.

They got off to a good start over the holiday weekend. Adobe says online sales for this year’s Cyber ​​Week, the five-day period that includes Thanksgiving, Black Friday and Cyber ​​Monday, reached $41.1 billion, an 8.2 percent increase over the same period last year.

Like some shoppers, many scammers got an early start on their holiday activities this year. In its holiday threat report released in November, Visa noted that the number of fake and spoofed merchant websites spotted by its researchers in the past four months was nearly three times higher than in the previous four months.

James Mirfin, the company’s senior vice president and global head of risk and identity solutions, said Visa has also seen an increase in other types of malicious activity, including phishing and social engineering scams, along with holiday travel and seasonal work fraud. places.

Meanwhile, generative AI tools are making it faster and easier for cybercriminals to create customized scams, allowing them to spoof voices and create deep fake videos that make their scams much more convincing, he said. And needless to say, gone are the days of poorly written phishing emails that would raise the suspicions of even the least tech-savvy users.

“These things are starting to look and feel more like they’re coming from your bank or someone you trust,” Mirfin said.

Mike Price, chief technology officer at ZeroFox, also pointed to the rise of tools like ChatGPT and other broad-language models as the most recent game changer in the world of online fraud. He noted that in addition to deeply spoofed voices and videos, these tools allow criminals to create photorealistic images of almost anything imaginable simply by entering a text prompt.

“And it really wasn’t possible until the last couple of years and it hasn’t matured until this year,” Price said. “Platforms have come a long way in the last few months.”

This may seem intimidating. But a few basic precautions will help you protect yourself from the kramps of the online world. Here are some expert tips on how to shop safely for the holidays.

Check your list (and credit card and bank statements) more than twice

Keep track of your bank and credit card accounts. It’s good not only for security, but also for keeping track of your expenses.

Mirfin said shoppers should set up purchase alerts on their accounts and keep a close eye on their statements, especially this time of year.

You can make this task easier by limiting your holiday shopping to one credit card and email address. This will also reduce the risk of falling for a phishing scam if it reaches your other email accounts.

If you notice something wrong, log into your account directly through your bank’s app or website, or call the number on the back of your card. Don’t click on links in emails.

Don’t pay for your purchase with cryptocurrency. By design, crypto is meant to be anonymous and extremely difficult to trace. If someone steals it, it’s probably gone.

Retail Payment Requests gift cards should also be viewed with suspicion. They are also untraceable and can easily be converted into money or goods by cybercriminals.

Don’t be a feast for phishers

Spam and scam emails, text messages, and other types of messages are a year-round thing, but they really pile up this time of year. They might look like a scam alert from your bank or a great deal on that must-have item.

The risk is that buyers could click on a link in a malicious email that would take them to a fake website that would then collect their personal or financial information, putting them at risk of financial fraud or identity theft.

Major email providers do their best to keep fraudulent emails out of your inbox, but some inevitably get past their protections, ZeroFox’s Price said. And it can’t do much to stop people clicking on things they believe are legitimate.

Scott Knapp, Amazon’s vice president of global buyer risk prevention, said fake order scams, where a consumer receives a text message or email claiming to have bought some high-priced item that actually didn’t well, have increased this year. Some claim a delivery problem, while others advertise fake “private” deals for Amazon Prime members.

When it comes to potentially fraudulent emails that mention Amazon, Knapp says the best thing people can do is simply return to the company’s website or app. If there is a problem with an order or the company otherwise needs to contact you, that information will be in your message center.

Read more: The Best Identity Theft Protection Services of 2024

Is that Santa Claus? Or just the Grinch in disguise?

Of course, you can search on Google if the big retailers don’t have what you want in stock, but make sure you’re dealing with a legitimate business. Be especially skeptical of ads that pop up on your social media feeds touting amazing, limited-time offers.

When in doubt about the authenticity of any offer, message or merchant, the advice is the same.

“Customers should be suspicious,” Knapp said. “It’s the old saying, ‘If it seems too good to be true, it probably is.’ Get away from him.”

It’s almost always better to shop from well-known retailers’ sites, but if you’re going to do business with what looks like a discount site or even a small business, you should check it out first. Look for reviews online and check for complaints with groups like the Better Business Bureau, Price said.

Even if you do your homework, you should be prepared for the possibility of losing your money to a scammer, he said. If you’re not okay with that, you’re probably better off paying a little more somewhere else.

Be picky when it comes to gift cards

Some people are really hard to shop for, especially if you’re short on time, which can tempt you to just buy them a gift card. But experts say cybercriminals are also looking to cash in on these cards before their recipients even have a chance to use them.

While digital gift cards are the perfect way to go, never buy them from a third-party site, even if they’re offering them at a generous discount, Chase’s Kingsley advised. There is no guarantee that they will actually arrive. And even if they do show up in the mail, they may be expired or used.

Although they’re difficult to wrap up and put under a tree, it’s best to buy digital gift cards directly from the company that issued them or from a major retailer. If you really want a physical card, look for one with intact packaging, preferably behind a store counter.

Elf on the Shelf may not be the only one watching

Basic cyber security precautions to take throughout the year are a must if you want to prevent a visit from the Cyber ​​Grinch.

Make sure your devices and online accounts – bank and credit cards, email, social media, shopping website logins, etc. – are locked before you start shopping. Update your operating systems, anti virus software and all your applications.

All your online accounts need it strong, unique passwords. If you need help, use a password manager. Access keys are becoming more accessible and can make things easier. Two-factor authenticationthat requires a second identifier such as biometrics or a push notification sent to your phone should always be enabled when available.

If you’re worried about the security of free internet at your local store, consider not signing up for virtual private network. Good ones will both mask your location and encrypt the data you send and receive over that Wi-Fi.

You can also simply use your smartphone’s cellular connection. It’s much more secure than almost any Wi-Fi connection out there.