The holidays are a busy time for buying gifts and other items, but unfortunately it’s also a time when consumers need to be on the lookout for potential scams.
Phishing scams, in particular, tend to flourish during the holidays. In this type of con, a scammer will send malicious emails and messages to consumers to try to obtain credit card details, usernames, passwords, and other sensitive information.
To avoid being taken advantage of, it’s important for consumers to recognize the telltale signs of a phishing scam and only shop at trusted sites.
Phishing scams on the rise
Cyber criminals tend to be more active during the holiday season because of the increase in online purchases. A study found that consumers spent over $3.45 billion last year on Cyber Monday alone, and a third of shoppers plan to spend upwards of $500 over the holidays this year.
Tim Helming, a product manager at threat intelligence company DomainTools, says phishing attempts have increased exponentially over the years, with scammers focusing even more on stealing banking and credit card information.
“What can be really alarming is what happens after the data is stolen,” Helming tells ConsumerAffairs. “[This information] becomes a platform from which cybercriminals can launch further criminal activities, such as targeted attacks which operate as a gateway for malware or other malicious software.”
“According the Anti-Phishing Working Group (APWG), in November of 2016, over 64,000 unique phishing email campaigns were reported targeting more than 330 different brands.”
How to avoid phishing scams
Helming says that many shoppers are more concerned with snagging a good deal than avoiding phishing scams. A DomainTools survey found that even though 91 percent of consumers know that phishing scams are dangerous, 38 percent have still fallen prey to them. An additional 19 percent of those surveyed have fallen for scams more than once.
Of consumers who followed phishing links, 31 percent downloaded a computer virus, 30 percent had their financial information stolen, 7 percent lost money, and 6 percent were tricked into buying a fake product.
Here are some tips on how to avoid falling for one of these scams:
Pay close attention to the web address. Scammers will often misspell words in a URL to make it seem like you are going to a trusted website. Be on the lookout for extra letters, odd combinations, and extra affixes at the end of URLs.
Don’t click links in suspicious messages or emails. Sometimes all it takes for a phishing attack to be successful is for the recipient to click on a malicious link.
Only shop at trusted online retailers. Shopping at trusted sites will greatly reduce your risk of falling for a phishing attack.
Look out for poor grammar. In addition to misspelled words, phishing emails are often riddled with other grammatical errors. If the email does not look like something that was professionally edited, you could be looking at a scam.
What to do if you fall for a phishing scam
Even if you've fallen victim to a phishing attack, there are still steps you can take to protect yourself. “If you feel that you have been phished, and especially if you believe it may have led to identity theft, you should file a police report,” said Helming.
Another step you can take is to update your antivirus software and use it to run a full system scan to see if your computer has a virus.
You’ll also want to change your email and account passwords to ensure that the hackers don’t have access to your information. Just make sure you change your password on a different computer or phone than the one you used to follow the phishing link.
Finally, Helming says to make sure that you share information about the scam to help others avoid it. “The United States Computer Emergency Readiness Team (US-CERT) partners with the APWG to collect phishing information,” he said.
Consumers can report phishing attempts to the APWG by sending an email to firstname.lastname@example.org.