You’re probably already looking for the best Cyber Monday online shopping deals. Here’s another recommendation, from the Federal Bureau of Investigation: Keep your eyes peeled for an uptick in cyber scams, too.
Ahead of this year’s holiday shopping sprees, the FBI and Department of Homeland Security issued a warning to shoppers and businesses alike: Be vigilant against attacks that cyber criminals use to steal your money and personal information.
“Malicious cyber actors aren’t making the same holiday plans as you,” the FBI and DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said in a joint press release last week. “Recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends.”
Cyber Monday is the country’s biggest online shopping day. Last year, Americans spent a record $10.8 billion online during the holiday. That makes this year’s edition a particularly attractive day for cyber criminals to target shoppers and businesses with a variety of tactics, ranging from phishing scams to fake e-commerce websites, according to the government agencies.
Here are three of those tactics, along with advice from CISA, the FBI and other top experts on how to identify and defeat them:
Phishing scams
In phishing scams, cyber criminals pose as trustworthy organizations — like a charity or one of your favorite retail brands — and send you emails that encourage you to download attachments or click on hyperlinked text or photos in the email. In June, credit reporting agency TransUnion found that digital fraud attempts like phishing attacks were up 25% in the U.S. from 2020.
You might be able to detect illegitimate emails based on the sender’s email address, which often look very similar to a trustworthy one, but with altered or missing characters. Another red flag: a generic greeting alongside spelling or grammatical errors in the body of the email.
The FBI and CISA said you should always be suspicious of unsolicited emails — and you can protect yourself by always double-checking the sender’s address, never following hyperlinks in the email’s body and never replying with any personal information.
Fraudulent websites
Sometimes, cyber criminals create fake websites meant to look like real ones that would normally attract hordes of holiday shoppers.
CISA recommends always double-checking the website’s URL. “Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain,” the agency’s website notes.
A fraudulent website could use a “.net” domain instead of “.com,” for example. CISA also recommends making sure the website you’re surfing features a URL starting with “https” — “an indication that sites are secure,” the agency says — as opposed to “http.”
On Tuesday, CNBC reported that fraudulent websites could be particularly popular during this year’s holiday shopping season. Many popular gifts are expected to be sold out, and a false promise of availability could be enticing for many shoppers.
As of last month, the Federal Trade Commission said it had fielded nearly 58,000 Covid-related consumer fraud reports from online shopping scams dating back to January 2020, more than any other category of fraud.
The FTC also warns holiday shoppers to keep any eye out for social media scams, where scammers could advertise discounts or prizes on platforms like Instagram, Facebook or Twitter — only to lead you to a malicious website where they can harvest your personal data.