Tips to avoid online scammers this holiday season

With Black Friday and Cyber Monday offers, often dramatically cutting prices for one day only, there will be many genuine deals to be had. The problem for many of us is how to spot the real deal, from the scam? Here’s five tips to prevent you gifting your money to the criminals these holidays.

Money off coupons – If it’s too good to be true, it’s probably too good to be true
In the last 12 months we’ve seen many retailers confirm that they’ve suffered breaches. While for some, such as Target, the end game has been obvious, others have said that the information taken has not included credit card details and are therefore “insignificant’ – for example names and addresses, passwords, transaction history might all be amongst the liberated data. While that might seem harmless enough, to the professional scammer it is gold dust.

Intimate relationship details, which should remain between a retailer and its customer, can be used to fool a person into believing a message is genuine. For example, ebay has always said that the fact the message contains the person’s first name and surname is proof that it is genuine. However, if a criminal has made away with a database of usernames, can this still be considered evidence of authenticity?

Similarly, if a message states that you recently treated yourself to a Sony Playstation – and you have, the fact it now suggests that you buy games and accessories for the console at a greatly reduced price, can it really be trusted?

While criminals are extremely clever, and often messages will look exactly the same as a genuine mailing, there will be tell tale signs. Here’s a few things to look out for:

  • Is the sender’s email address exactly the same as it normally is?
  • Does the way you’re addressed seem unusual?
  • Does the message look the same – type face, logos, even wording can all give the game away
  • What about typing errors or grammatical mistakes – criminals are clever but often English isn’t their first language
  • Never follow links embedded in a message, especially one that’s not completely ringing true. Instead type the usual address into the URL bar. If the offers are genuine, the website will be displaying them too.

Search Results – proceed with caution to sites you don’t recognise
Just as marketing executives spend time and money improving page rankings in search engines, criminals will do the same. Similarly, there have been instances where legitimate sites have been compromised and malware inserted to trap unsuspecting visitors.

With many people wanting to make sure they get the best deal possible, canny individuals have capitalised on this. While researching this article, I came across a number of search sites that claim to have trawled the web to compile a list of the best Black Friday and Cyber Monday deals. While these appeared to be genuine, you can be sure that they’re also attractive to criminals so my advice is to approach with caution.

Malware – are you already infectious?
While this article is primarily intended to prevent you falling foul, a previous infection can’t be ruled out. For example, if you have a program already installed on your machine it could be monitoring all of your online transactions to steal your banking information and credit card details.

So, are you using anti-virus (AV) software to keep your systems clean? If not, may I recommend before you do anything else that you download a program (from a reputable source) and check your device to make sure it’s malware, and other nasties, free. Even if you are running AV, check it’s been recently updated to include all the latest threats. If not, do that now too.

If you tend to avail of any business equipment you have access to, you will therefore have some protection from the services it subscribes to. However, you still need to be aware that sometimes malware can slip through the web of defences. Vigilance is often the key to making sure you’re not the reason the corporate systems get infected this year.

Password overkill – once is enough
Many sites will often ask people to create a user name and password to create an account when shopping online. However, there are a number of risks associated with this.

The first is that, if you use the same username and password for more than one site, should criminals get in and steal your combination they can then try the virtual locks at all the other retailers to try and get in. This is what Dropbox recently experienced when credentials liberated from “unrelated services’ were used to try to hack into accounts. Secondly, if you were accidentally duped into creating a user account on a “false’ site, you could be gifting the criminals your keys.

There are a number of ways to create unique passwords for different sites by combining a static element with a more fluid associate element.

Fake purchase or delivery receipts
It has become a very popular ploy for malware authors as of late to send, what appear to be, purchase receipts to users. These “receipts’ are meant to lure recipients into believing someone has made unauthorised purchases on their behalf.

Fake delivery advice notes can also work in this way. They confuse recipients into believing that something they may have actually ordered online has transit issues. With many people doing a majority of their online shopping during this time of year, this is a perfect time to see these scams in the wild.

If you were physically pounding the busy high streets, desperately seeking the perfect gift at the best price, you’d actively keep your money out of the criminals clutches and buy from stores that offer quality merchandise. Ultimately, it’s the same online. Remain vigilant and you’ll stay safe during cyber weekend.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss