Look out for these 4 top threats while shopping online this year

Cyber crooks know you’re willing to open your digital wallet a little more quickly this time of year. And since COVID may be keeping us closer to home, more people will be shopping online.

Here are four of the top threats heading your way this year — and how to avoid them.

1. Emails & text messages offering fake deals

Stores are offering hot deals right now, and you want to get in on it. Attackers are taking advantage and sending you messages with enticing deals. Click, and you can give away your credit card number, your password and even your entire bank or email account to crooks who will use the info to steal your money and more.

A recent survey showed that 73% of people ages 18 – 24 say they don’t check to see if a text message or email promising a bargain is real. They’re easy targets. But everyone of every age is susceptible.


Fake Black Friday coupon in an email. Image: ESET

Skip the scam:

—Don’t click on emails or messages with coupon offers or deep discounts. Go directly to the website itself by typing in the name of the store and looking for offers. Chances are the deal is a dud — and it’s not worth getting hacked to find out.

2. Fake shopping sites

You may see ads on Facebook and other social media for great deals. Click, and some will take you to fake sites that look just like the real thing but are run by criminals. They want you to fill in your order — and your credit card number — so they can go on a spending spree with your money.

Some may also ask for personal info, like your mother’s maiden name or the name of your first pet. Don’t so it. You don’t need to give that up for a legitimate purchase.

Crooks can use tricks to make their fake sites appear ahead of real sites in search rankings, so if you Google a site or product, beware of imitations appearing at the top of your search results.


A fake site from 2019 offering low prices on toys. Image: BBB


Skip the scam:

—Check the website address carefully before you click on an ad, message or search result. Look for copycat websites with addresses that are very close to real deal. Are they one letter off, or do they add in a bunch of extra characters to confuse you? Go directly to the real product site yourself instead of clicking.

—If you need to enter your credit card number, check the address bar. Does it say “https:” at the beginning? If it only says “http:”, it’s not secure enough. Stay away.

3.  Holiday markets online

Attackers are mimicking popular holiday markets online to try to steal your money, according to the Better Business Bureau. They’ll copy the market name, then add a twist — that you have to pay an entry fee: just enter your card number, and you’re in. They can then tie up your card with fake purchases so you can’t use it during prime shopping time.

Skip the scam:

—Research the online event before you click. Can you go to the market directly instead of clicking on a link? Do you really need to pay, or is it a trick? A little Googling can save you a stolen credit card number and a headache.

4.  Fake customer support

Complain online about a purchase and you just might get an answer from customer support. But make sure it’s the real company responding and not a copycat. Criminals keep watch for complaints, make fake accounts that look like support, then contact you, eager to help with your problems. They ask you to verify your credentials or enter private info that can be used against you later. You’re the one who needs to do the verifying — to make sure that the account responding is a real customer support account.

For example, a Twitter user posted that an impostor tried to hijack his conversation with Virgin about a TV issue. Rory Cellan-Jones said an account with a very similar name messaged him with a request. The fake account, now suspended, asked him to confirm his name and address so they could “help” — help themselves to his account details.

Phony customer representatives may call or send you emails as well. A woman in China said she got a call telling her the product she ordered was unavailable and she would get a refund for more than the amount she paid. She just needed to provide her bank info so they could send her another item. She did — and ended up losing $30,000, according to the BBC.


A fake account posing as Virgin Media tries to trick a customer. Image: Rory Cellan-Jones/Twitter

Skip the scam:

—If you get a message or call from customer support, get contact info, then go to the company directly. For calls, get a name, employee number and phone number, then look up the company number yourself online. If they send you a message, check the account name and make sure it’s the actual support account and not an imitation.

Other tips:

Use a credit card to shop online, not a debit card. Attackers can get away with more of your money if you give them your debit card number.

Sign up for credit card notifications whenever you make a purchase. That way you’ll know immediately if someone else is using your card.

—Some sites will ask you to sign in with Facebook or Google. But that could give them more access to your information. Experts say you’re better off creating a separate account for that site, using a new and unique password, and storing that password in a password manager.


Main image: Grinch float in the 2017 Macy’s Thanksgiving Day parade in New York. Image: Tarabird/iStock

Leave a Reply