Coal in Your Stocking is the Least of Your Worries with Phishing Sites Around
When it comes to holiday shopping, it’s very clear that the internet is not just a tool for browsing and filling in those wish lists.
2017 marks the first year in history that Americans plan to do more holiday shopping online than in-store. A recent Deloitte survey found that we will spend roughly 51% of our gift budget this year with online retailers, compared to just 42% at brick-and-mortar stores. It’s not hard to understand why; after all, why fight the crowds when you can shop from convenience of your living room? Not to mention that online shopping usually means saving a bit compared to in-store prices.
It’s not all a Winter Wonderland, though. In the rush to take advantage of limited-time deals and other offers, many US consumers will fall victim to a phishing scam known as “spoofing.”
What are Spoof Sites?
Spoof sites—fake websites set-up by fraudsters to capture consumers’ information—are no stranger to the average online shopper. Spoofing is one of the oldest and most successful phishing techniques around.
Like any phishing attack, the fraudster’s goal is to trick you into voluntarily handing over sensitive information, such as credit card numbers, CVV codes, and account passwords. Even though roughly 91% of consumers are aware of these sites, nearly two out of five have fallen victim to one. So, how does it keep happening? Well, there are a few possible reasons:
- Customers are rushed and overlook the signs of a phishing site.
- The site promises deals that are too good to resist.
- Users type in the site domain incorrectly or click the wrong link.
- Fraudulent marketing strategies lure in unsuspecting victims.
- Customers get snagged by trap emails after ordering from a legitimate site.
Spoof sites are everywhere; fortunately, though, spoof sites are also very easy to avoid. Just follow these simple tips to dramatically reduce your risk of being victimized this holiday season:
#1. Learn to Spot Spoof Sites
Sites like Amazon, Walmart and Target are among the top targets (no pun intended) for spoof tactics. While scammers do their best to imitate popular and highly-trafficked sites, even the best fakes will still have signs that give them away.
The most obvious signal should be the UR; fake sites will have a URL that is like the real site, but just slightly off. Some examples might include Amazonshop.gq, Targethome.today, or Walmart-outlet.ga. Scammers might conspicuously use terms like “official site” even more than the site they’re copying, or add extra letters to a name like “Amaazon.com.”
#2. Slow Down
Now that you know how to spot the hallmarks of a spoof site, it’s time to put that knowledge to work. You can’t properly judge a site for trustworthiness, though, if you’re moving too fast to pay attention.
Rushing to snag a seemingly good deal can lead you to overlook your own best interest. You might miss key details that would otherwise tip you off to the fact that a site isn’t quite trustworthy. It’s better to take those key extra seconds to make sure you are where you think you are before engaging with anyone online.
#3. Beware of Suspiciously Good Deals
We all know the rush and the excitement of finding a great deal on a gift for someone special, but remember the old saying: “if it sounds too good to be true, it probably is.” Amazon won’t randomly send you a $100 gift card just because they like you. Similarly, an email promotion or sidebar ad might offer a great coupon, only for it to turn out to be a scam. That’s why you need to think twice before you click.
This should go without saying but remember: NEVER give out your personal information online. This includes:
- Social Security Number
- Banking Information
- Personal Identification Number (PIN)
- Birth Date
- Account Numbers and/or Passwords
#4. Don’t Click a Link You Don’t Trust
Just about every eCommerce site sends promotional emails, coupons, and other items to their customers. You shouldn’t click on anything, though, unless you are absolutely sure of who sent it.
It’s best to go directly to a retailer’s website if you have the option. Of course, this isn’t always possible if you want to take advantage of a special offer, or simply don’t know the URL by memory. Remember to apply the spoof-detecting tips mentioned above, and use your best judgement.
This includes emails, social media posts and ads, or desktop notifications. Anyone of these can be spoofed by skilled data thieves, and used to capture your information or install malware on your device.