With the pre-Christmas shopping season upon us, experts are reminding consumers to be wary of potential Black Friday and Cyber Monday scams.
Increased online shopping during the post-Thanksgiving period means cybercriminals are ready to take advantage of unsuspecting shoppers, and earlier this month cybersecurity analysts at EclecticIQ said they discovered a phishing campaign targeting e-commerce consumers in the US and Europe. .
The campaign, which analysts attribute to a financially motivated threat in China called SilkSpecter, uses fake Black Friday deals to lure potential victims. Its goal is to obtain cardholder data, sensitive authentication information and personal information from unsuspecting shoppers, EclecticIQ said.
Phishing – defined as fraudulent activities that attempt to obtain sensitive information by trickery through emails or websites – is a rampant threat during the holiday season. Below are tips on how to avoid scams by checking the legitimacy of a website.
Chase Bank has provided the following tips to help customers identify fake websites and avoid becoming a victim of fraud:
- Study the URL and address bar of the website. Beware of unusual or misspelled domain names. Legitimate websites often have straightforward, recognizable URLs.
- Examine the SSL certificate. You can usually check if the connection is secure by selecting the padlock icon, which also displays the certificate details. However, remember that while an SSL certificate may indicate security, it does not always mean that a website is trustworthy.
- Check for grammar and spelling errors. Poorly written content can signal a fake or hastily created website.
- Verify the domain. Make sure the domain matches the seller’s official name. For example, “amazon.com” is a legitimate URL, while a site called “amazon-shopping-deals.com” should give shoppers pause.
- Check the contact page. Legitimate websites generally have clear and functional contact information. If you find his contact information, there are a few more questions to consider. Is there only one contact method? Is this a general contact form? In general, if a website does not appear to provide complete contact information or refers you to other sites, the website may be harmful.
- Explore the company’s social media profiles. Reputable companies often maintain active and verified social media accounts. When reviewing a company’s followers, remember that both quantity and quality are essential. Scammers can buy bot followers to appear legitimate. If its followers have empty profiles or otherwise don’t seem authentic, the account is most likely a scam. A fake account may also contain off-topic information or superficial responses such as lots of emoticons. Other telltale signs of a fraudulent social media account include excessive use of photos and posts without original text.
- Look for the privacy policy. Legitimate websites will detail how they handle user data.
- Do not click on links from suspicious emails. Questionable links in spam messages can lead to phishing sites, as they may contain malware and require personal information. It’s important not to trust links from dubious sources, whether they come in emails, text messages, or your preferred method of digital communication.
Experts also recommend leaving any site that looks strange and checking with the three major credit reporting bureaus — Equifax, Experian and TransUnion — to freeze or lock your credit if you’re concerned you’ve been scammed.