As you get ready for holiday shopping this year, chances are good you’ll make some of your purchases online. Nearly 60% of people surveyed by the Better Business Bureau (BBB) say they shop online more often now than they did before the pandemic. Scam artists are taking advantage of this trend: Online shopping scams topped the list of riskiest rip-offs for consumers last year, according to the BBB 2021 Scam Tracker Risk Report, accounting for more than one-third of all scams reported to the organization.
Online holiday shoppers are often harried, hurried, and searching for deals, all of which can leave them vulnerable to fraud. From products that never arrive to stolen credit card numbers or personal information, online scams can put your bank accounts, financial data, and identity at risk.
A few simple precautions can help safeguard you from scam artists. Protect yourself when shopping online by following these 11 tips.
You can safeguard yourself by limiting your online shopping to reputable websites, such as major retailers or online marketplaces. However, scam artists are getting better at creating fake versions of real websites, and when you’re in a rush, you might miss the clues.
To avoid fraud, carefully examine the website’s URL for these common red flags:
Nearly half of people the BBB surveyed reported spending more time on social media in 2021 than pre-pandemic. Criminals are taking advantage of this trend, too. About one-fourth of all fraud reported to the Federal Trade Commission (FTC) last year stemmed from scams on social media, according to the agency’s latest Consumer Protection Data Spotlight.
Scammers use social media ads, posts, or messaging to target you with bogus offers or links that may spread malware or viruses. Friends may unknowingly spread these scams by sharing a post about a cool product or great deal. The scammers might reach out via direct message to ask for your payment information. Not everyone selling on social media is a scam artist, of course, but as with any unknown website, always verify a site’s legitimacy before you shop, and never share payment information or other personal details with others on a social site.
Unbelievable deals like 90% off a new smartphone or the latest game console for $25 can tempt any budget-conscious shopper. But as the saying goes, if it sounds too good to be true, it probably is. Deep discounts can tempt you to click on an online ad, social post, or email just out of curiosity. Avoid the temptation and go directly to the retailer’s website instead; if the deal is real, you’ll see it there.
Online coupons can save you money but can also be sources of scams. Legitimate ecommerce sites often ask for your email in exchange for a discount, but fraudsters typically ask for more personal information. For example, they may want you to fill out a form or survey that reveals information, such as a pet’s or child’s name or favorite color, that could provide clues to security questions a criminal could use to change your passwords and hijack accounts. Beware of ads or popups you don’t recognize offering coupons; instead, sign up for coupons directly on trusted retail sites.
Phishing and smishing scams use fake messages (emails, in the case of phishing; text (SMS) messages in the case of smishing) to trick victims into turning over money or personal information. The messages typically appear to be from a trusted company, such as a bank, retailer, government agency or shipping company.
Fraudsters may try to trick you into clicking links by claiming that:
If you volunteer that information, scammers can use it to steal your data or identity. Even just clicking a link in a bogus email or text message might download malware or expose your personal data to hackers. Phishing and smishing often attempt to create a sense of urgency that can lead you to click before you think. If you get a message like this, stop, and think. Do you have an account with the sender? If not, don’t act on the message, but report it to the FTC at ReportFraud.ftc.gov. If you do have an account with the sender, go to their website and contact them directly to ask about the issue.
Set up automatic updates on your computer and mobile devices to keep their operating systems current. Updates often fix security issues and outdated operating systems can expose you to risk. Install firewall and antivirus software and keep that updated, too. Run regular virus scans.
Multi-factor authentication requires you to take extra steps in addition to supplying your username and password when logging into an online account or smartphone app. You might have to input a code texted to your phone or use the phone’s facial recognition or fingerprint recognition technology to confirm your identity. This makes it difficult for a thief to access your accounts even if they learn your passwords. Whenever possible, enable multi-factor authentication for safety.
Strong passwords are vital to keeping your data safe when shopping online. The FTC recommends you:
Make your life easier by using a password manager, which generates secure passwords, encrypts and stores them, and fills them in automatically. Google Password Manager (built into the Chrome browser and Android devices), iCloud Keychain (built into the Safari browser and Apple devices), LastPass®, and Dashlane® are all popular options.
Using a credit card when shopping online is safer than using a debit card. If your credit card information is stolen and used fraudulently, but the card itself isn’t stolen, you’re not liable for any unauthorized charges. Debit cards have fewer protections. If a scammer steals your debit card information, they could access your bank account. Notify the bank within two business days of the unauthorized transaction, you’re liable for up to $50. If you notify them after two days but within 60 days, you’re responsible for up to $500. Wait longer than 60 days, however, and you could be liable for the full amount.
Using a peer-to-peer (P2P) payment app like Zelle®, PayPal® or Venmo® to make a purchase? Be cautious. A study by fraud tracking company Javelin found P2P fraud rose 733% between 2016 and 2020. A recent investigation by Sen. Elizabeth Warren found Zelle users lost $440 million to scams in 2021—and 90% of them never got their money back. For example, if your P2P account is connected to a bank account or debit card, scammers who access your P2P account might be able to drain your bank account. Before using any P2P service to make online purchases, carefully read the terms and conditions to understand your risks.
Be vigilant when buying from online retailers or social media sites you’re not familiar with. Exercise extra caution when dealing with merchants who will only accept payment via cryptocurrency, wire transfer, or prepaid debit or gift card (that they push you to obtain before the transaction can be completed)—often these are signs of a scam. According to the FTC, paying via gift card is the most common way people lose money to scammers. And once money is sent using any of these methods, there’s no way to trace it or recover the payment.
Storing your credit card information on a retailer’s website can save time when shopping, but that convenience could come at a steep cost if hackers access your account information. For a safer option, there’s Click to Pay®, a service that stores your credit card information and lets you pay with one click at participating retailers. Click to Pay never sends your card information to retailers. Instead, it uses an encrypted placeholder called a token that’s used only once, for that specific transaction, and uses two-factor authentication for extra security. To sign up, log onto Click to Pay from any of the major card networks: Visa®, Mastercard®, Discover®, and American Express®.
Thieves know most of us spend more than usual at this time of year, so it’s easy for a false transaction to slip under the radar. Don’t wait for your monthly statement to review your spending; check your accounts weekly for transactions you don’t recognize. Better yet, set alerts to stay on top of your accounts in real-time. Most banks and credit card issuers let you set a variety of alerts, including notifications sent to your smartphone of transactions that exceed a certain amount, transactions on a certain card, or any account activity at all.
You can get free copies of your credit report from each of the three major credit bureaus—Equifax, Experian and TransUnion—at AnnualCreditReport.com. Normally, credit reports are free once every 12 months, but in response to pandemic-related scams, you can now get them every week through 12/31/23. Check your credit reports for anything unusual. For example, if you see a new credit card or loan you never applied for, it could be one of the signs someone has stolen your identity and is using it to open accounts in your name. If you find anything suspicious, contact the relevant credit bureau about placing a fraud alert or security freeze on your credit report and visit IdentityTheft.gov for advice on next steps.
Online shopping can sometimes seem as perilous as swimming with sharks. Fortunately, there are ways to steer clear of scams. By securing your technology, choosing a safe payment method, and remaining cautious and alert to potential fraud threats, you can keep yourself and your bank accounts safe while checking off every holiday item on your list.
Financial health tips and strategies you can use to plan ahead or put into action month-by-month.Read More