Tip #2: Dodge Potential Phishing and Smishing Attacks
As we noted above, more than a quarter of US online sales over the Thanksgiving holiday weekend resulted from email referrals — meaning that shoppers clicked through an email, visited a website, and ultimately made a purchase. This may seem like a perfectly harmless action, since many reputable sellers communicate sales and special offer codes via email. And while this is certainly true, it’s equally true that cybercriminals take advantage of email-heavy seasons, peppering inboxes and with malicious messages that mimic legitimate emails.
This practice, known as phishing, is a common way for fraudsters to trick unsuspecting shoppers into visiting unsafe websites and revealing login credentials, credit card data, and other personally identifiable information (PII). Unfortunately, imposter emails and websites can be difficult to quickly spot, because they are often designed to look like the marketing tools of a known, trusted brand.
In addition, mobile users should realize that malicious messages aren’t limited to email. You could also receive a fraudulent communication (and dangerous link) via text message — a type of cyberattack known as smishing — or through social messaging channels.
The key in all cases is to take extra care with any link you receive in a message; anti-virus and anti-malware software cannot save you if you navigate to a fraudulent site. The easiest way to avoid these types of attacks is to avoid clicking solicitation links altogether; instead, go directly to the source of the special deal by accessing a trusted app or typing a known address into your mobile browser (Chrome, Safari, etc.). In the case of special offer codes, simply enter them during the checkout process to see if they are real or fake.
To see examples of fraudulent messages and links, view the holiday shopping tips on our blog. And for step-by-step advice on identifying (and avoiding) phishing attacks, check out our “decision tree” infographic.
Tip #3: Verify Before You Buy
This last tip goes hand-in-hand with our tips for avoiding phishing and smishing attacks, but it deserves some separate emphasis because web traffic isn’t solely driven by email, texts, and direct visits (i.e., typing a URL into a browser). You might also end up on a site following a web search (via Google, Bing, or DuckDuckGo, for example) or after clicking an ad or link within a mobile app or website.
As noted above, cybercriminals and scam artists are opportunistic; they also tend to be unscrupulous and quite talented, monitoring buying trends and hot topics to make their lures as enticing as possible. As such, the fraudulent ads, websites, and mobile apps they create can be very difficult to distinguish from legitimate counterparts — at least at first. Consumers generally don’t realize they’ve been duped until information has been compromised, money has been stolen, and/or purchased products don’t arrive. The result is a time-draining nuisance at best and a time-draining nightmare at worst.
But how to avoid these dangerous copycats? First and foremost, direct visits to a known, trusted mobile app or website are best; that means going to a vetted, verified app or typing in a familiar, well-known web address. In the case of an intriguing new app or unfamiliar site, take a few minutes to do your homework. We recommend that you apply a process that many consumers use before buying a new product: check reviews, search online for customer complaints, and ask friends about their experiences (if applicable).
In the end, if your research leaves you feeling less than confident about the application or website you’re considering buying from, save yourself the nuisance or the nightmare and opt for another, more trustworthy outlet. Leave that lump of coal for someone else’s stocking.