The holiday season is an exciting time for consumers, and even more exciting for identity thieves. Criminals know that good cybersecurity practices are often put on the back burner when consumers are shopping for the perfect holiday gift.
Fraudsters rely on you to “click before you think” when browsing the abundance of online discounts and holiday sales. Without the proper preventative measures put in place, the holidays can leave you extremely vulnerable to various identity crimes and scams.
It’s no secret that the holidays are prime time for cybercriminals. Research confirms what identity thieves already assume: The majority of Americans — up to 96% — are making online purchases. The Federal Trade Commission (FTC) found millennials are more at risk for online scams than seniors, so it’s important to educate young adults on safe online shopping habits before it’s too late.
Trends have historically shown spikes in cybercrime during the holiday months. During the 2020 holiday shopping season, 80% of online purchase scam victims report losing money. Experts project increased online sales of 7.6% this year and the strongest overall holiday sales in 20 years.
Fraudsters have a plethora of methods to target consumers for their personal and financial data online, but consumers continue to fall victim to the traditional scams. Let’s explore how emails, malware, and spoofed websites can be used for a variety of holiday scams.
Spoofed websites — also sometimes called phishing sites — are extremely common during the holiday season. In fact, the number of malicious shopping websites jumped 178% ahead of the November holidays. The numbers go on to increase during December’s online shopping month.
Criminals set up fake websites to steal your personal information. These sites will often replicate well-known companies like Target, Amazon or Walmart to further convince you of their legitimacy. In short, criminals hope that you trust the site enough to provide personally identifiable information (PII) like Social Security numbers, credit and debit card information, and other sensitive data.
You may visit a page that visually looks familiar, but spoofed websites will have URL links that do not align with a company’s official website. While some may be easy to spot, more sophisticated criminals can create URLs that closely mirror legitimate sites. Because of the fast-paced nature of holiday shopping, criminals hope you’re too fixated on that too-good-to-be-true deal than notice whether the site is real or not.
Phishing emails go hand-in-hand with spoofed websites, also aiming to impersonate well-known companies that are familiar to you. The Federal Trade Commission notes that around the holiday season, spam emails containing requests for payment via gift card are especially common. Spam emails can also contain harmful software or malware be disguised as discount links or attachments within the email itself.
Check the validity of a link before clicking on it. Fraudsters will disguise malicious links with seemingly harmless, hyperlinked text. Hover your mouse over a link to verify it is going where you expect it to before you click.
Malware can pose a major risk to the sensitive data you store and share on your devices. There are many types of malware that carry out a variety of functions. One type of malware referred to as a “Trojan” will disguise itself as a legitimate file like Word documents and images. This may even be sent to you without a file, making it impossible to know your device has been targeted.
A “virus,” on the other hand, works to infect the existing files to cause damage to your device. A third type of malware, known as “spyware,” can track your keystrokes and other user behaviors to capture sensitive information like login credentials, financial account numbers, and more.
It would be difficult to avoid the internet altogether during the holiday season — especially when gift shopping is much more convenient online. Use these tips to help secure your identity for the upcoming holiday season: