Online holiday shopping scams to watch out for
Posted November 24, 2017 7:45 a.m. EST
NEW YORK (CNNMoney) — An estimated 164 million Americans are considering shopping during Thanksgiving weekend, according to the National Retail Federation.
And for the first time, more shoppers say they plan to shop online than at big box retailers like Walmart and Target.
As consumers hunt for holiday deals and shift their purchasing online, it's also the prime time for scammers to steal data and money.
Here are some tips for protecting yourself online this holiday shopping season.
1. Be extra cautious when shopping on a mobile device
Consumers should be especially careful when shopping on a mobile browser, according to Gang Wang, a cybersecurity expert and assistant professor in the Department of Computer Science at Virginia Tech.
Scammers often create fake websites with URLs that look similar to those of legitimate retailers in an effort to trick users. Mobile browsers have a much shorter address field, and consumers may not see the full URL on their phone. As a result, it can be more difficult to spot a scam.
"A better alternative is to use the merchants' native apps. Make sure you download the apps from the official app store. Don't install any apps from web links or code," Wang said.
2. Be on the lookout for bogus apps
Some fake apps have malware that can steal your personal information or lock the device until you agree to pay a ransom, according to a report by cybersecurity company RiskIQ.
Other bogus apps prompt users to login using their Facebook or Gmail accounts, which can also reveal your sensitive information.
While RiskIQ recommends only downloading apps from official app stores like Apple and Google, the firm notes that even apps on official stores can be potentially dangerous.
Be cautious of apps that ask for suspicious permissions, such as granting access to your contacts, text messages, stored passwords or credit card information. Before downloading an app, RiskIQ also suggests taking a look at the developer. If it's not a brand you know, think twice before downloading.
"Also, poor grammar in the description highlights the haste of development and the lack of marketing professionalism that are hallmarks of mobile malware campaigns," RiskIQ said in the report.
3. Don't click on questionable email links
Consumers should avoid clicking on links in an unsolicited email -- even if the deal looks really attractive.
Phishing emails usually look similar to those sent by popular retailers, your bank or a family member.
"The link may lead you to a bogus website that aims to lure you to enter your credit card information," Wang said.
4. Always use secure network connections
Make sure the website you're visiting has a valid "HTTPS" connection with a lock symbol, not "HTTP."
HTTP is vulnerable to attacks, and a bad actor can steal your credit card information by monitoring your HTTP network traffic, according to Wang.
Consumers should never give their credit card information unless they are in a secure online shopping portal. "Sites that ask for it in return for 'coupons' or to win 'free' merchandise are almost always scams," RiskIQ said.
5. Practice good security hygiene
In general, consumers should always use difficult-to-guess passwords, unique passwords on every account, two-factor authentication, and password managers to help keep track of different logins.