Tis the season … and hackers are not taking a break. Already we are starting to see emails targeting online shoppers.
Taking advantage of all those online sales also means waiting for and tracking your packages to make sure they arrive safe and sound on your doorstep. And that is exactly what hackers are counting on. Be sure to heed caution when checking the mailing status of your orders as hackers are sending legitimate looking shipping emails in hopes of gaining access to your information.
Here are a couple quick steps you can check when looking at emails to determine if they are “ph”ishy or not:
Step 1: Look at the “from” line vs the domain. The from does not match the domain it is sent from.
Step 2: Look for grammatical errors such as the one below with the “clic k here” link having odd spacing.
Step 3: Make sure the hyperlink you are clicking on is directing you to the page it is intended to go to.
Or they can show you a legit hyperlink yet be directing you to a malicious site:
Step 4: Take generic messages with a grain of skepticism.
Here are some tips to help protect you and your identity while shopping online this holiday season:
- Fake Purchase or Delivery Receipts: This has become a very popular ploy for malware authors as of late to send what appears to be purchase receipts to users. These “receipts” are meant to lure recipients into believing someone has made unauthorized purchases on their behalf. Fake delivery receipts can also work in this way. They confuse recipients into believing that something they may have actually ordered online has transit issues. With many people doing a majority of their online shopping during this time of year, this is a perfect time to see these scams in the wild.
- Monitor Accounts Closely: If you have not had your credit card information stolen yet then consider yourself lucky but also be realistic. It is just a matter of time before it is stolen or maybe it already has and you just don’t know it yet. With data breaches occurring with staggering regularity these days, it’s a good idea to take monitoring your accounts seriously, and whenever a more appropriate time than the holiday shopping season. Take a few minutes several times a week to log in to your credit and debit card accounts and review ALL charges to verify that they are legitimate. Catching fraudulent charges quickly can make life much easier.
- Unsecured Wi-Fi: If you are like me and you prefer to do the majority of your shopping online, then you need to be mindful that threats do exist in places like your seemingly innocuous local coffee shop. It’s best to avoid making credit card purchase while connected to a publicly available Wi-Fi signal, since you really have no idea who could be connected, leaving you vulnerable to dangers such as man-in-the-middle attacks. Whenever you must use public Wi-Fi, do your best to ensure that you are connecting to the correct Wi-Fi provider and that they are using a valid SSL certificate. Another thing to watch out for is that you might find that you appear to be connected to a signal that matches the name of your home or office Wi-Fi signal. This is a major red flag and could indicate that you are about to fall victim to a man-in-the-middle attack.
- Fake Holiday eCards: If you don’t recognize the sender, delete it. If the email is not addressed to you specifically, delete it. If you’re instructed to download an “executable program,” delete it.
- Fake Holiday Products: Often promoted via spam emails, always do your research. If you don’t recognize a company, don’t order anything from it until you’re sure the company exists.
- Fake Holiday Promotions: Similar to the Fake Holiday Products scams, these fake promotions appear online and offer huge discounts or ways to get the year’s hottest gadgets for free. Sometimes they may require an individual to take a survey, or to simply enter in contact information. These too-good-to-be-true deals usually are.
- PayPal/eBay Phishing: Avoid following links that are provided in an email, especially if you are unsure of the sender. A frequent trick spammers use during the holidays is to embed links to a fake eBay or PayPal log-in page. Rather than follow links in emails, type it directly into your browser.
If you are shopping online this season, please remember that these sorts of things are circulating constantly. Never open links or download attachments in unsolicited emails.
If you suspect a shipping issue with a package, it would be best to navigate directly to the carrier’s website and use the tracking number that you were provided by the retailer. If that does’st assuage your concerns then pick up the phone and give them a call.
AppRiver’s SecureTide customers are protected from all variants of this threat.
Not shopping online?
Still love the hustle and bustle of Black Friday shopping in traditional stores? Check out these tips safe shopping tips:
- Keep it covered: Don’t flash cash or lots of cards, cover up keypad when entering pin/zip code.
- Don’t get skimmed: Look for card skimming devices anywhere you would swipe a card. ATM’s and gas stations are targeted most frequently but it could happen anywhere, even restaurants.
- Lock it up: Keep gifts and valuables in vehicles out of plain sight, make sure doors are locked. Thieves will commonly go around parking lots trying doors to get into unlocked ones.
- Ditch distractions: Be more aware of surroundings, there is a lot to distract shoppers with lights, decorations, and marketing. Thieves know this and will use it to their advantage to try to hide their malevolent actions. Keep valuables close at hand, don’t make it easy for them to pick-pocket.
- Monitor accounts: Watch account activity very closely, with all the shopping sometimes illegitimate transactions might go unnoticed. Thieves will commonly test a card with a small charge first to see if it works before going big. Noticing the first sign of bad activity and shutting down a card quickly can save a lot of time, money, and hassle.
- Save it all: Save all receipts, keep a paper trail. Not only for returns but for warranties and to accurately verify all transaction amounts are correct, especially for those purchased online.