I'm usually in too much of a Thanksgiving food coma to hit the sales on Black Friday, but millions of other Americans somehow find the energy. Last year, 89 million people took advantage of Black Friday sales (57 million of them online), while an estimated 247 million shopped throughout the four-day weekend, as stores increasingly have opened their doors on Thanksgiving itself.
In addition, millions of bargain hunters spent another $2 billion on Cyber Monday, so it's clear that online holiday shopping is here to stay. Unfortunately, cyber criminals have zeroed in on this trend and are redoubling their efforts to separate shoppers from their hard-earned cash.
Whether you're shopping online using your computer, smartphone or tablet, here are some common cyber scams to watch out for and security precautions you should take:
Gift Cards. A few tips for buying gift cards:
- Only buy them from secure websites of trusted retailers (look for an "s" in the "https://" web address and a lock symbol in the lower-right corner of the screen).
- At walk-in stores, only purchase cards from an employee who has them locked up. Avoid cards at unattended display racks, since thieves can scan the card's unique serial number; then, after you've loaded it with cash, drain its value with online purchases before the recipient has a chance to use it.
- Never purchase deeply discounted cards or event tickets from online marketplaces like eBay or Craigslist -- chances are good that the cards are counterfeit or were stolen.
Discounted goods. Most retailers offer holiday sales as a way to boost their year-end bottom line. If you've "liked" a product or store on Facebook or Twitter, or have signed up to receive their emails, you may well get genuine offers for steep discounts or last-minute sales.
But beware of bogus offers from sites that mimic those of legitimate retailers. They could be:
- Trying to harvest your credit card number and other personal information to make illegitimate charges to your account or even open new accounts in your name.
- Attempting to sell you counterfeit or stolen goods.
- Trying to gain access to your social media profile to log into other accounts tied to it, or to post illegitimate offers purportedly endorsed by you to lure in your friends.
Delivery problems. Another common scam is to send an email claiming that Fed-Ex or another courier is trying to deliver a package or there's a problem with your order. You'll be told to click on a link to get details and will likely be asked to reveal account or other personal information to verify. Unless you previously provided them your email address, this is probably bogus.
Another variation is to send a postcard saying a package was undeliverable. You'll be instructed to call a number for details (often an expensive toll call) and, again, reveal personal information. If you think you may have actually missed a delivery, contact the company yourself to verify -- their website should have a toll-free number to call.
Phony charities. The holiday period is when many people make most of their charitable contributions, so you can expect an uptick in calls, emails and letters from both real and fake charities. Never give your credit card number or send a check until you've verified that the organization is legitimate. See my previous blog, 'Tis the Season for Donating Money, for suggestions on screening non-profits.
A few additional holiday-related security tips:
- When shopping online, avoid pop-up ads touting incredible deals. If you think it might be real, log into the retailer's website yourself to see whether the deal is posted.
- Hackers create realistic-looking web addresses that, when clicked, take you to a bogus site that can infect your device with malware or install a Trojan Horse program to steal your personal information. To be safe, let your cursor hover over web addresses you didn't type in yourself -- if a misspelled or weird-looking sequence of characters appears, don't click on the link.
- Similarly, be cautious when opening electronic holiday cards, especially from unfamiliar email addresses. Legitimate card notifications should include a confirmation code you can enter at the issuer's website.
- Before completing an online order, visit the site's "Contact Us" and "Terms and Conditions" pages for their phone number, mailing address, return policies, etc. Phony sites often either don't have such pages or they're filled with easy-to-spot errors.
- When shopping at online marketplaces (like Craigslist), be wary of overly cheap prices, especially if the seller claims to be a service member needing a quick deal before being deployed, or another hard-luck story. And never agree to wire-transfer payments with strangers -- they're rarely legit.
- For more tips on spotting bogus emails, text messages and voicemails, see my previous blog, How to Catch a 'Phish.'
Don't let the prospect of getting a great deal on Black Friday allow you to drop your guard against scammers who would love to fill your stocking with coal.
This article is intended to provide general information and should not be considered legal, tax or financial advice. It's always a good idea to consult a legal, tax or financial advisor for specific information on how certain laws apply to you and about your individual financial situation.