This was originally a newsletter published in December 2019. To sign up for our newsletter, click here!
Consumer spending on Black Friday reached $5.4 billion this year, a 22% increase from last year, indicating a higher likelihood that Cyber Monday shopping will increase similarly. In fact, 65% of Black Friday sales took place on phones.
That means Cyber Monday provides hackers and scammers with a concentrated, target-rich environment, and they will certainly be using this shopping holiday to steal personal info such as credit card data, billing and shipping addresses, and much more.
Here is how hackers can take your data, and how you can stay vigilant.
1. They set up a fake online store
You can launch a site in less than an hour, and that task is made easier if the site isn’t designed to actually sell anything. Hackers can create a site, lure people to land on it, promise deep discounts, and steal the credit card info of victims who think they’ve stumbled upon the ultimate Cyber Monday deal.
2. They impersonate actual retailers
Also known as typosquatting, hackers can impersonate existing sites and use a misspelled URL or host the page within a larger URL and hope victims don’t notice and can’t tell the difference. For example, instead of Amazon.com, they may use Amazons.com, or have supersalespecial.amazon.com. There are a number of different ways hackers can get people to land on these fake sites, but most of the time they’re impersonating payment pages so they can take your info. To avoid suspicion, these sites will redirect you to the right page after you give up your data so it just seems like the website had a hiccup.
3. They hack real websites
Hackers can sometimes set up malicious code within a real website and skim the payment information as you complete a purchase. This recently happened to Macy’s, potentially affecting thousands of customers. This kind of attack is impossible for customers to detect.
Some of these online shopping attacks can be avoided. Here’s what to look out for:
- Scrutinize the site. Does something about the site you’re visiting seem off? Typos? Particularly clumsy color choices? Maybe it only has three pages, all designed to get you to buy something. Is it missing social media links or buttons? That’s a red flag—any legitimate shop would be focused on building a social media presence. Great websites are hard to build, and quick ones usually show their rough edges. If you think something’s wrong, it very well might be. Websites promising impossible deals, brands, or products that are hard to find somewhere else, and sites that seem hastily put together, should be avoided.
- Check the small details. Look for typos, incomplete web pages, bad, missing, or old photos (an iPhone 11 deal with a picture of an iPhone 10, for instance). When it comes to major holiday shopping events like this, you’re better off sticking with a trusted brand instead of a newcomer site.
- Look at the URL. For typosquatting and site impersonations, the URL is almost always a dead giveaway. Also be sure that it’s an HTTPS site, not just an HTTP site (most browsers will have a lock symbol on it, noting that it’s HTTPS), which offers more security.
- Use a virtual card service. This is one of the best ways to stay safe while you’re shopping online. A virtual card uses a different set of data to complete a transaction and has limits on where and how much it can be used. This means if a hacker stole the info, via a fake site or by hacking a real site, it can’t use the data to make purchases on your dime.
Don’t let us stop you from enjoying your holiday shopping. Just keep an eye out for any warning signs and take the steps outlined to keep your data safe.