Online Shopping Safety Tips: Learn How to Spot and Avoid Phishing Scams
Shopping online is efficient and convenient, especially during the holiday season when malls are packed with frantic shoppers. Unfortunately, while shoppers hunt for great bargains and huge discounts, cybercriminals are out to shop around for victims as well. And as the shopping season rolls around, phishing sites are expected to take advantage of the holiday rush. Phishing is a popular online ploy used to steal credentials and payment information, usually via spoofed websites that are designed to look legitimate or nearly identical to the original, making it hard for users to detect bogus sites.
Phishers do not discriminate. They are interested in credentials used to access sites that online shoppers frequent, compromising personally identifiable information (PII), potentially leading to data theft. Online scammers and data thieves looking to fill their phishing carts score the best “deals” by knowing where to look. This holiday season, it is expected that they will target shoppers looking for in-demand gift items such as popular electronics, toys, and video games.
Last year, online shoppers were the target of “Operation Huyao,” a crafty phishing scheme that operated under the radar by using letting its victims browse the original website's content. Potential victims are only led to a phishing page to steal payment information once it's time to check out and purchase an item. When the shopper finally makes the transaction, the victim even gets a confirmation message of a successful transaction to make it look legit.
Once an individual’s personal data is compromised, the attacker can sell the information, steal one’s identity, steal funds, or hijack other contacts for future phishing targets.
Learn how to spot and avoid phishing scams:
- Bookmark shopping sites. Avoid using search engines to find good deals. Limiting your search to trusted shopping sites can reduce the chances of you landing on a spoofed site.
- Always check the hyperlinks. To verify the legitimacy of the URL, move your cursor over the embedded link before even clicking it. False links can be deceiving as scammers can use URLs with the relevant terms.
- Spoofed emails usually contain a generic greeting. The user’s email address can also be used rather than directly addressing the recipient with his/her name, and that's a red flag.
- Watch out for poor grammar or dodgy spellings. Legitimate emails do not contain glaring errors.
- Recognize sloppily-designed emails. Wrong or out of place logos and layouts are signs that a message isn’t from a trusted source.
- Beware of websites that ask for your password. Never give away passwords or sensitive information to untrusted or third party sites.
- Stay clear of emails or sites that demand urgent action. Some messages will include desperate calls to action such as clicking certain links or disclosing personal information.
- Be wary of too-good-to-be-true offers. There's a saying that goes, “if something seems too good to be true, it probably is,” and it applies to online shopping. Be wary of items offered at very low prices.
- Routinely check your card statements. Be on the lookout for unauthorized transactions.
If you find out that you got hooked by a phishing scam, immediately change passwords and PINs on all of your accounts. Alert your card issuers that you suspect a fraudulent activity on your account.
The excitement and chaos of online shopping during the holidays can make shoppers more vulnerable to various online schemes. Aside from practicing the tips above on online shopping, it is recommended that you keep your operating systems and security software up-to-date. Trend Micro’s Smart Protection Network actively identifies and blocks spam and phishing emails and sites before they reach end-users.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report