How to avoid holiday scams this shopping season

Holiday cyber shopping scams at a glance

• Holiday shopping scams may involve emails, ads, or applications with phishing links, fake products, or malware that could be used to steal your money, personal information, or login credentials.
• Scammers often target deal hunters with urgent messages marketing hard-to-find products or huge discounts.
• Using strong passwords or password managers and limiting information sharing are easy ways to help avoid scams year-round.

The number of promotional emails is at an all-year high during shopping season. Yet phishing, which most often happens over email, remains the most reported cybercrime (PDF) to the FBI. In this scam, emails that look like they’re from legitimate or even well-known brands lure recipients in with bargains but will instead collect their information or lead to fake websites.

Does a price look too good to be true? Try finding the brand’s official product page or see if the deal is reflected on other pages for the same product. Look for signs of phishing.

Scammers may target shoppers looking for specific hard-to-find or valuable gifts with fake ads that are really designed to collect your financial information. These too-good-to-be-true ads can be attractive because they may promise incredible markdowns, but buyers are often pressured to act fast to secure their rare item.

If an ad looks suspicious, check if “https” is at the beginning of the linked webpage’s URL and that there’s a closed lock or broken key icon next to it. If so, then the site is valid, and the data submitted on the site is encrypted.

When it comes to holiday shopping, shoppers are looking for special low prices. Three in four are expected to hunt for deals this year, according to PwC’s Holiday Outlook 2023 report. Another scam involves dubious apps promising coupon codes or steep discounts on popular products. But clicking a link or downloading the app leads shoppers to give up personal information via phishing or install malware.

Before downloading or using a new application, read recent reviews, look for spelling or grammatical mistakes in its advertising, and be wary of excessive permission requests on your devices.

With millions of Americans expected to spend more than $1.5 trillion between November and January according to Deloitte, scammers likely see ample opportunity to cash in on distracted online shoppers. Fortunately, simply learning about these common financial scams may reduce your risk of becoming a victim when you’re targeted.

Criminals often target online shoppers with the same tactics and urgency that marketers use to advertise their products. It’s no wonder one in three Americans report being a victim of online financial fraud or cybercrime, according to a recent Ipsos poll conducted on behalf of Wells Fargo.

“When it comes to online shopping,” Hudson said, “this is the time of year when scammers are really zeroing in on targets who are searching for the best promotions and deals and are really moving faster than usual.”

Here are a few other good cyber hygiene tips to help protect yourself this holiday season:

• Never give more information than you need. Avoid storing payment data and personal identifiable information on websites, such as those of retailers.
• Use strong passwords and store them with password managers. For an additional layer of security, use multi factor authentication (MFA). For example, along with a password, users may be asked to enter a code sent to their email or answer a secret question.
• Watch out for spoofed calls of legitimate companies asking for financial or personal information.
• Credit cards are a safer gift-buying option. Another is shopping with a virtual credit card linked to your credit card account. These virtual cards have unique numbers and can be used for a short time, such as the holiday shopping season.

If you think you’re a victim of a holiday scam or cybercrime, don’t be embarrassed. These scams are dangerous not only because they affect our finances or sensitive information, but because they’re convincing and spread quickly.

Here are a few steps to consider if you think you’ve been a victim of a holiday cybercrime or have fraudulent charges on a debit or credit card:

1. Contact the bank or company that issued your card and tell them about the fraudulent charge or withdrawal. They may recommend turning off or canceling the card and sending a new one.
2. If you haven’t already, check your card account for suspicious transactions. Change your password.
3. If you think the scam involved your personal information, reach out to the Federal Trade Commission to report the fraud and follow next steps, which may include monitoring your credit for suspicious behavior.
4. Make sure you’re regularly scanning your financial statements for unauthorized charges, unknown merchants, or other suspicious transactions.