Winter-holiday shopping of yesteryear kicked off with the deep discounts and early-bird specials of Black Friday, a retail frenzy on the day after Thanksgiving. Traditionally, shoppers forwent their post-feast dreams, waking early to await doorbuster sales at their favorite retailers.
Today, shoppers avoid the crowd, line, and occasional brawl by shopping online. The move to online sales means retailers can start their sales anytime, and Black Friday has evolved into more than just a day. Now it is a season, beginning as early as mid-October.
Wherever people spend money, criminals try to get in on the action. According to the Better Business Bureau Online Purchase Report, 2021, online purchase scams comprised 38.3% of all scams in 2020. Most victims—79%—end up losing money, making online purchase scams the number one riskiest scam type overall.
We’ve described some of the most common online shopping scams and provided a list of security tips for shoppers below.
Happy holidays (and shopping)!
Common Online Shopping Scams
The Wayward Package Phish
A common phishing strategy, especially during the holiday season, is known as the “wayward package phish.” In this scam, a phisher sends out a SMiSh (phishing by SMS) impersonating FedEx or another delivery service in an attempt to extract personal and financial information from their victim when the recipient clicks on a link.
Commonly, the link leads to a page with a button to reschedule the delivery, such as the one pictured below. Clicking on “Schedule new delivery” brings up a page requesting personal information such as your name, address, phone number, and date of birth. Eventually, victims who enter this information will need to click “Next Step,” at which point they will be prompted to enter payment information for a redelivery fee as well as identity-verifying information such as a social security number, driver’s license number, email address, and email password.
Avoid falling for these scams. Don’t click on links like these, and don’t provide personal information or payment for redelivery. When in doubt, reach out to the shipper directly using known and publicly available contact information. Read more about this type of scam at Krebs on Security
Phishing, SMiShing, Pop-Ups, and Social Media Scams Offering Coupons and Flash Sales
Scammers will try to get your attention by email, text message, pop-ups, and social-media ads with too-good-to-be-true, time-limited coupons and sale offers. These communications will often have a congratulatory tone, impersonating a known business offering an exclusive reward. Please don’t trust these messages or follow any links that they contain.
Fake Online Stores
Scammers create fake online stores, mimicking actual stores or brands. When you search for the best deals online, your search results may include these counterfeit sites. If you make purchases on these sites, you may buy counterfeit or stolen goods, your delivery might never arrive, and the cybercriminal may steal your credit card and personal information. Protect yourself:
- Shop at online stores that you know and trust. Bookmark their websites for return visits.
- Be skeptical of ads and promotions in search engine results or social media platforms. If the advertised prices seem unusually low or too-good-to-be-true, it’s probably a scam.
- Be cautious of websites that look familiar but have a different web address. For example, you may be used to shopping at Amazon.com but find yourself on AmazonShopping.com, a fake website. If this happens, leave the page immediately. Don’t enter any information.
- If you’re unsure about whether a store is legitimate, type the name of the store and the web address into a search engine to see reviews.
- Protect your accounts b always using strong and unique passwords for each account. Use a password manager to help.
Scammers on Legitimate Websites
Stay on guard against scammers even when shopping at trusted websites. Some online stores (e.g., Amazon, Walmart, eBay) allow third parties to sell products. Some of these third parties may not be legitimate. Protect yourself:
- Check the seller’s review scores before making a purchase.
- Avoid making purchases from new online stores, stores without reviews, or stores offering products at unusually low prices.
- Review the return policy before making a purchase. If there are no returns or the policy is unfavorable, shop somewhere else.
- When in doubt, go directly to the online store instead of shopping with third-party sellers.
Online Payment Scams
- Opt to pay with an electronic payment service such as PayPal to avoid disclosing your credit card number to a seller.
- Use a credit card rather than a debit card. Debit cards will take money directly out of your checking account, making it harder to recover funds used to pay for a fraudulent transaction. Credit card companies typically have channels to dispute these charges.
- Avoid websites that only accept payment by cryptocurrency, cash on delivery (COD), or prepaid gift cards.
Holiday Online Shopping Safety Tips
- Shop only on known, legitimate websites and shopping platforms.
- Look for the “lock” icon and https:// in the address bar. The lack of these indicators typically indicates a scam is afoot. Please be aware that criminals can also fake these elements, so be on the lookout for other red flags.
- Avoid making purchases on social media platforms.
- Use trusted payment methods. Use a credit card or an electronic payment service such as PayPal as an intermediate step in the transaction for an added layer of protection. Be aware that wire transfers and cash apps such as Venmo don’t offer buyers’ protection. Avoid paying with a debit card, which will withdraw money directly from your checking account. Avoid making purchases from sellers who only accept cryptocurrency.
- Don’t click on links or attachments from unknown sources.
- Don’t provide personal information for “redelivery” of an unexpected package.