The holiday season is always a busy time of year for online shopping. But 2023 promises to be one of the busiest shopping years yet.
According to the National Retail Federation, holiday spending is expected to reach record levels during November and December, with an increase between 3% and 4% over 2022. That translates to between $957.3 billion and $966.6 billion spent on gifts, decorations, food, and other holiday-related purchases this year.
And with every card swiped and promotional email sent, scammers are looking for opportunities to grab your cash. So, before you make your list and check it twice, take the time to review these cybersecurity pointers.
Email Phishing
Email phishing scams are deceptive messages that appear to be from a legitimate source to induce individuals to reveal personal information, such as passwords and credit card numbers. This time of year, email phishing scams may imitate promotional offers, receipts, or customer service messages.
Take these precautions:
- Slow down. Scammers will create a sense of urgency by sending fake confirmations of purchase, claiming to be customer service, or offering too-good-to-be-true deals. For any unexpected communication, verify its legitimacy through official channels rather than relying solely on email notifications.
- Don’t click. Links might contain malware. Hover over suspicious links to reveal where it really leads. Additionally, never open suspicious attachments, and never scan suspicious QR codes.
- Verify incoming emails. Just because an email says its from a company or person you recognize doesn't mean it’s legitimate. Check the email address.
Fake Websites
Retailers are touting holiday sales to attracted shoppers, and criminals are eager to prey on those same unsuspecting consumers.
Spoofed, or fake, websites mimic legitimate online retailers, leading users to unwittingly share personal and financial information. Malvertising infiltrates legitimate advertising networks, placing malicious ads on seemingly trustworthy websites and compromising the user’s device upon interaction. E-skimming involves the malicious injection of code into online payment forms, enabling cybercriminals to intercept and steal sensitive payment information during transactions. These criminal acts have the same aim – to commit fraud or identity theft.
Here’s how to mitigate your risk:
- Double-check website URLs. Does that website address look correct? Check for legitimacy, ensuring web addresses match the official domain of the retailer. Better yet, type the URL directly into your browser.
- Look for secure sites. Check that the URL of the site is prefixed with “HTTPS” and look for trust seals or security badges, including those from SSL certificate providers and payment processes.
- Use retailer apps whenever possible. Many reputable retailers have their own apps allowing users to shop and pay directly through the mobile app.
- Consider payment options carefully. Credit cards offer fraud protection features that debit cards and gift cards lack. Avoid paying by money transfer app as money sent this way is unrecoverable.
- Monitor bank statements. Be alert for suspicious transactions and set up transaction alerts that can aid in early detection of unauthorized activity.
Social Media Scams
Social media platforms are also breeding grounds for scams, with fake advertisements, pyramid schemes disguised as gift exchange games, and hijacked giveaways leading users to spoofed websites.
Want to avoid scams on your feed? Slow your scroll and read these tips from the Federal Trade Commission:
- Ask yourself: Does this business need information like my credit card number to get this free prize? If it’s legit, probably not!
- Contact the business using a phone number, email, or website that you know is real. Ask if they really sent the message. If they didn’t, report the post and let them know that their account may have been hacked.
Knowledge is Power
Explore First Interstate’s Safety and Security section to learn how to protect your accounts, identity, and financial well-being from the malicious actions of scammers.
Remember, First Interstate has a policy of NEVER asking a client for personal financial information such as account numbers, balances, PINs, or credit card numbers by email, text, or phone. If you think you’ve been the victim of fraud, contact us immediately. Reset passwords where necessary and enable multi-factor authentication (MFA).