Everyone is filling their shopping carts with deals for Black Friday … be careful that you don’t get more than you bargained for!
One of the most common scams out there is the fake order notification scam. If you receive an email asking to update your payment method or requesting any personal information regarding an “order”, contact the company directly to make sure the email is legit before you do anything else.
One of the most commonly spoofed companies is, of course, Amazon. If you have the app on your phone, just go to your account and check to see if there’s any notifications, otherwise just type the Amazon url directly into your search bar.
It’s always best to avoid clicking on links, even if it’s from someone you trust, because accounts can be compromised, and links are very easy to spoof.
According to the Federal Trade Commission and StaySafeOnline.org, here are some clues an email might be a phish:
- The sender’s email address looks nearly right but contains extra characters or misspellings.
- Misspellings or bad grammar either in the subject line or anywhere in the body.
- The email addresses you with generic terms (“Mr.” or “Ms.” or “Dear Customer” or just your email) instead of by name.
- Sense of urgency – The message warns that you need to take immediate action and asks you to click a link and enter personal details, especially payment information.
- The message promises a refund, coupons or other freebies.
- The company logo in the email looks low-quality or is just a bit off
Another threat to watch out for is virtual credit card “skimming”. You might have heard of credit card skimming, where physical payment devices are altered to collect your credit card information, like at a gas station or ATM. This can also be done digitally, with a malicious code inserted into a website to collect your payment information, such as the Magecart attacks.
Magecart is a type of attack where payment information is collected via malicious code on a payment website. This is not something you, as the user, would notice, but is something to be aware of, and a good reason to avoid the more obscure shopping websites.
A few ways to protect your payment information this holiday season:
- Don’t save your credit card info on retail sites, also good in case the site suffers a data breach.
- Consider using a third-party payment method like Apple Pay, Google Wallet, Venmo or PayPal.
- Set up purchase alerts on all your credit cards and other payment methods.
- Disable international purchases on your credit cards.
- Only make purchases over your home network or cellular network, not on a public Wi-Fi network where your payment information could be intercepted.
Last but not least, watch out for social media and charity scams during the holidays. The “secret sister” online gift exchange is always a scam, just don’t do it. The exchange promises that if you give a $10 gift to a stranger online, you will get up to $350+ in gifts in return. It’s a pyramid scheme, stay away. And be careful with charitable giving, always verify they are who they say they are, especially if they are soliciting donations via phone calls. It is really easy to spoof a local number and pretend to be a local charity requesting donations. Also watch out for online scams, the same rules apply as catching a phish- watch for misspellings, bad grammar etc.
The AARP and FTC offer these tips for avoiding charity scams:
- Do your research. Consider using services like CharityWatch to get more information about a charity and learn how credible it is.
- Look closely at the charity name and website. Fake charities tend to mimic other popular charities.
Keep an eye out for bargains, but also make sure you avoid getting scammed, and have a safe and happy Thanksgiving with your family!
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.