The holiday season has again crept up on us quicker than anticipated, and the consumer craze and bargain-hunting that go along with it is already in full swing.
In the United States, buyers shell out more than $1 trillion in retail sales in trying to find the perfect gift.
in-store purchases now account for less than half of that revenue, with shoppers preferring to avoid Black Friday chaos and shop from the comfort of their own home.
That kind of spending reiterates the need to be vigilant in watching out for scams. If there’s one group that doesn’t take time off during the holiday season, it’s hackers.
Are you keeping an eye on your bank accounts?
We spend a lot during the holiday season. It's easy to miss a few unauthorized charges on your credit card. The threat isn't only online, either. An attacker might also obtain your credit card details from organizations using insecure POS systems when you swipe your credit card in the store, something completely out of the shopper's control. Especially during the holiday season, keep an eye on your credit card and bank accounts. For all online shoppers, follow standard online security best practices such as using secure passwords and enabling 2FA (two-factor authorization) for your online accounts if available. Nothing ruins a holiday more than finding out you've been hacked.
Use a credit card instead of a debit card.
If your credit card gets stolen and used without your knowledge, it’s significantly easier on your wallet than if the same happens with your debit card.
The Fair Credit Billing Act says that your maximum liability for unauthorized use of your credit card is $50 — and if you report the loss before your card is used, you aren’t responsible for any charges you didn’t authorize.
If you report a debit card to your bank as missing before someone uses it, the Electronic Funds Transfer Act says you’re not responsible for any unauthorized purchases. But if someone uses your debit card before you can report it as missing, how much you’ll have to pay for any unauthorized purchases will depend on your bank.
Watch for Phishing Emails
Phishing attempts are one of the most successful methods used by criminals to steal your personal and financial information, and attacks are on the rise. IBM reported that the number of spam emails increased by 400% in 2016, and it’s estimated that spam now accounts for over half of all emails. With malicious emails potentially posing themselves as tracking updates for online orders, account updates or alerts, or even court notices, it pays to be extra vigilant.
Familiarize yourself with the general structure of a phishing email, and be wary of emails offering high demand or high-profile products or services (like smartphones, laptops or airline tickets) at prices significantly below the rest of the seller landscape. Besides not delivering on their promises, bogus offers like these can compromise your personal data and end up costing you more than money. I have already seen a large increase in my spam email I get daily and I don’t even open them…they go straight to my trash.
Beware of Fake Websites
Attempts to hijack your sensitive data through phishing don’t stop with email — criminals even create dedicated websites to trick unsuspecting consumers. Even as designs get more sophisticated, though, there are ways to identify these fake sites.
Pay attention to how you arrived at a site requesting your personal information. Phishing emails will often include a link to a fraudulent web page designed to mimic a legitimate one such as a login or order confirmation page, prompting users to enter their information.
Pro Tip
Make sure the URL is spelled correctly. Fake websites often use a URL that appears legitimate, but may have one letter out of place.
It’s possible for phishing sites to obtain a valid SSL certificate and the accompanying reassuring green padlock next to their URLs. Pay extra attention to the structure of the site’s URL to determine the actual domain of the site you’re visiting, especially when shopping. Make sure each site uses secure socket layer (SSL) encryption (the URL should start with https instead of just http), and also check the security certificate of any site that looks suspicious.