Features, Insight, Security

Six ways to spot a holiday cyber scam

By Haifa Ketiti, Senior Sales Engineer at Proofpoint.

It’s that time of the year when people are making the most of enticing shopping discounts and sales. Be it 11.11 Singles Days sales, White Friday or Cyber Monday, retail traffic peaks during Q4, the Golden Quarter.

With the ongoing Qatar World Cup and White Friday discount sales, consumers are expected to spend a record breaking $70 billion on retail in the MENA region this year. Millions of shoppers will continue to scour the internet for the best deals available. Unfortunately, cybercriminals are also on the prowl, creating tempting clickbait for unexpecting consumers.

The threat landscape has changed dramatically in recent years. Until a few years ago, running antivirus software, hovering your mouse over links in emails, and making sure your transactions were conducted on a secure site (with a padlock on it), was enough to ensure a safe shopping experience. That is no longer the case.

Here are a few shopping tips to help you navigate safely through sales season.

Use strong passwords

Reusing passwords on multiple sites increases cyber risk. Create a separate password for each online shopping site, one that you don’t use anywhere else. Ensure it does not include your birthdate, anniversary, date or any other information you might have posted on a social media site. Consider using a password manager to make your online experience seamless, whilst staying safe.

Avoid unprotected Wi-Fi

Open access, “free” WiFi hotspots are easily available everywhere. However, if you shop on the go, private data over WiFi can make you a target for cybercriminals.

If there is no password, the WiFi network is not secure. This goes for your home network as well. A secure network uses encryption measures and is protected by a strong password.

Scammers snoop on public WiFi, and with the right tools can easily hack your phone. Never assume an open WiFi network is safe from prying eyes. Avoid entering any private information (including logins, passwords, and account numbers) while on a public network. Just because you trust the location doesn’t mean you can trust the WiFi.

If you can’t wait for a secure network, use a VPN and make sure URLs start with https. A VPN helps to protect the data you transmit by creating a secure virtual “tunnel” for your information to pass through, so it’s a must for anyone who regularly relies on public WiFi.

Watch out for copycat sites

The rise in online shopping also contributed to domain fraud targeting retail brands. Attackers create copycat sites that imitate familiar brands, but these fraudulent sites may sell counterfeit (or non-existent) goods to customers, infect them with malware, or steal money or credentials. These sites often use legitimate brand logos and photos, as well as similar domain names. Attackers will attempt to draw victims to lookalike sites by spreading links in phishing emails, social media posts, and online ads. A well-designed lookalike site can be quite convincing. And shopping on a small smartphone screen can make it even harder for users to spot subtle warning signs. The holiday season is just another reminder that you must be able to identify online shopping scams such as lookalike sites and avoid phishing attacks and other threats.

Dodge potential smishing and phishing attacks

Phishing emails lead to unsafe websites that steal personal data. Watch out for SMS phishing too —aka ‘smishing’ and messages through social media. Cyber criminals recognise that mobile messages are read more quickly and with less scrutiny than email. They are often received on devices that have access to both personal and business accounts. Phishing and smishing present a risk to individuals so everyone has a part to play in mitigating the danger of a cyberthreat. To do this, one must watch for unknown senders and treat unexpected mobile messages like you would an unexpected email notification.

When you do receive a mobile or a social media message that contains a link, do not use the web link provided in the text message. Instead, use your device’s browser to access the sender’s website directly, or use the brand’s app if you already have it installed.

Don’t click on links

Many legitimate emails and texts will flood your inboxes this holiday season. But lurking among them are malicious phishing messages that are designed to steal your data, your login credentials, your money, and more. Scammers can embed dangerous links inside of text, URLs, and images that look safe. Though it is tempting to “click here to take advantage of this great deal,” the safest route to a website is to type a known URL into your web browser.

Verify before you buy

Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.

Previous ArticleNext Article


The free newsletter covering the top industry headlines