As we all prepare for what will undoubtedly be an unconventional holiday season, many of us are turning to our computers to check off items on our shopping list instead of bundling up to head to the mall. Online shoppers around the nation have already made the strongest showing in history with $10.8 billion in sales on Cyber Monday alone, which amounts to a 15.1% increase from last year, while foot traffic in brick and mortar stores was down 42.3% for Black Friday weekend. With the recent spikes in COVID-19 cases around the country, staying home and having those packages delivered right to your door step might seem like the safest way to go, but cyber criminals are pouncing at the online shopping frenzy to steal consumers' personal and financial information.

This increased threat has been a common thread throughout 2020, as we saw cyber criminals amp up their tactics during the early days of the coronavirus crisis and when Americans received their CARES Act stimulus checks. Indeed, the bad guys are not taking a break because of COVID-19. The FBI reports that cybercrimes are up an astonishing 400% this year. Now it is more important than ever to understand how these criminals operate and how you can avoid falling victim to these crimes so that you can keep your celebrations holly and jolly.

What to Watch Out For

There are several common schemes that scammers employ to steal unknowing consumer's personal information or otherwise bait you into making bad decisions, including:

Email spoofing. Cyber criminals will send phishing emails that appear to be an account notice or order information from a well-known retailer or service provider, or maybe even someone in your organization, but instead will contain malicious links that ask for personal information such as your banking information or login credentials.

Impersonating shipping services. Given that so many consumers are ordering and receiving packages during this time of year, another popular tactic is to impersonate a shipping service provider such as FedEx, UPS or the United States Postal Service, and fabricate a delayed or faulty delivery. These texts or emails usually include malicious links or attachments that, when opened, can infect your devices.

Offers that are "Too Good to be True." Advertisements on social media or that arrive in your email inbox that include sales or offers that simply appear too good to be true, probably are nothing more than a hoax platform to obtain your financial information or imitate a transaction for highly sought after goods.

Bogus Payment or Wire Transfer Instructions. Any or all of the above scams and social engineering ploys can be used to induce you to make a payment or make a change in payment to your regular vendors, suppliers or clients. As we wrote about last year, if you initiate a transaction to a bogus account in response to such an email or text, you might as well kiss that money goodbye.

How to Mitigate Risk and Avoid Falling Victim

Be patient. Amid the hustle and bustle of the holiday season, we as consumers and employees have become accustomed to clicking through emails and links without even taking a second to scan the body of the email or review the "from" address. Taking a few extra moments to review the texts and emails we receive before clicking on links and attachments can save some heart ache down the road.

With the current trend involving illegitimate emails, texts, or e-cards with malicious links or attachments, be sure to ask yourself.... Did you place an order recently? Did you sign up for email and/or text updates? Do you recognize the shipping company or vendor name? These simple questions are easy to overlook, but slowing down for a few seconds may help avoid jeopardizing personal and financial information and falling victim to holiday scammers.

Other helpful tips to mitigate risk and limit online vulnerability include:

  • Check for spelling errors or shoddy grammar
  • Hover over links without clicking to see if you're being misled to an unintended website
  • Be cautious of huge discounts or free offerings from unfamiliar websites
  • Unsolicited correspondence that asks you to click on a link or download an attachment to access a deal, login or input account information

When in doubt, do nothing and either delete the message or follow up with the sender via a trusted phone number to make sure the message it legitimate.

Friendly Reminders to Practice Cyber-Safety

While the holidays are a ripe time for increased online scams and cyber threats, we should take precautions and employ cyber-safety principles year-round. Remember that knowledge is power. Always do your research when engaging with or purchasing from a website. Look for the "lock" symbol, or "https" on the URL, when making a purchase online. Don't overshare—no online retailer will ever need your Social Security number to implement a purchase. Check your statements regularly. Address any suspicious charges immediately with your credit card company.

These general precautions and principles may seem daunting or too laborious when we already have packed schedules and are inundated with holiday sales promotions and deals. Over time, however, they become second nature. Utilizing these precautions and principles will lead you to be a more informed and savvy consumer by limiting and mitigating potential risks and threats.

Always be sure to:

  • Use unique, long passwords and change them any time you feel they might be at risk
  • Stick to websites and mobile applications you know. Save those trusted pages as bookmarks rather than repeatedly entering the site (and possibly making a typo).
  • Do not automatically save credit card or personal information on websites or accounts (at least not without encryption)
  • Research unfamiliar sites or seemingly illegitimate correspondences
  • Be wary of promotions or giveaways that request or require your personal information;
  • Use an antivirus or anti-malware program on your computer and keep it up to date (set automatic updates)
  • Use two-factor authentication when available (and never use a bank that doesn't!)

As the final push for holiday shopping is underway, or as your business year winds down and employees work feverishly to process payments and get bills out, let's all take a little more time and be diligent in our online activity. The extra steps and seconds taken can make the difference between a happy holiday or loads of coal in your stocking.

Happy Holidays from all of us at Taft's Privacy & Data Security Insights. And all the best for 2021 (it HAS to be better than 2020, right?).

Originally Published by Taft, December 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.