Cyber Monday marks the unofficial beginning of the Online Holiday Shopping season. As I write this on the eve of Cyber Monday, you can be sure that cyber crooks are ready to unleash a variety of scams intended to separate you from your hard-earned money.
The odds are very good that every of us will come across such a scam over the next few weeks. How we handle the situation could make the difference between a joyous holiday season and a sad one. Here are some tips to help keep your Holidays happy ones:
1) Learn to identify fake web sites in emails.
You get an email from “Amazon.com” that says you can get a free Apple ipad if you spend $1000 on Amazon. Or they are selling them for $100 below the regular price. First thing to do is STOP and THINK. What are the odds Amazon is giving away ipads? zero. What are the odds they are selling them at $100 below normal price? zero. Apple controls pricing and their products are not discounted. These are just some simple examples, but the point is, just a little common sense is often all it takes to smell a scam.
But suppose the offer you get is thoroughly believable or you don’t know enough about the items to know what is reasonable. Before you click on the link in that email that says “Buy on Amazon.com,” just put your mouse cursor on the link without clicking. Somewhere on your screen (depends on which email program you use), the actual URL of the link will appear. Sometimes it will be an obvious fake, ( like usamza.com). But many times, they will includes words in the URL that can fool you. (amazon.com.ipad.store.usamza.com/online_store). Look carefully at what the last .com (or .net, .biz, .info, etc.) says. That will tell you the real domain name for the link you are about to click on. In this case, it’s usamza.com. The “amazon.com.ipad.store” at the beginning is just there to trick you.
Note: This is also a very common tactic when it comes to online payment sites, like PayPal. You are bound to get emails saying they are from PayPal and you need to login to your account to fix a problem. Two things: First, remember to closely inspect the link and second, the real PayPal will probably never send you such an email.
2) Beware of store emails with attachments.
Chances are good you are on some mailing lists from legitimate stores and shopping sites. Chances are just as good that they will never send you an email with an attachment. For example, you get an email claiming to be from Macys.com, and it tells you to open the attached PDF file for details on a specials friends and family sale – STOP right there and immediately delete the email. Legitimate retailers do not send emails with attachments.
Keep in mind that often times the emails look quite authentic. They’ll have the Macy’s logo, and links to legitimate pages on the real Macy’s site, all designed to make you believe the email is legitimate. It is not.
3) Don’t use store links from search engines.
A favorite tactic of cyber crooks is creating entire fake web sites that are mirror images of a real site. This has been done with banking sites, hoping you will enter your real BankofAmerica username/password on a fake BankofAmerica site they have created that looks just like the real thing. The same tactic is used with shopping sites. If they can create a fake “buy.com” and get you to go there and put in your real buy.com password, they can then go to buy.com and buy things using your account.
The problem for cyber crooks is, how to get you to go to the fake site? One way is with faked emails, as described in #1 above. Another is through search engine results. Let’s say you are looking for a special cooking utensil as a gift for a friend. You do a google search, and one of the first matches is a link for “cooking.com”. You click on the link and are taken to a web site that says Cooking.com” all over the page. You probably wouldn’t notice that the actual URL says “cookingz.com”. It’s a complete fake. Once you are on the fake, they can try to gather personal information or just install malicious software on your computer.
What should you have done? When a search result for cooking.com came up, instead of clicking on the link in the search results, you should open another browser tab or window and manually type in cooking.com. Now you know you are at the real cooking.com. Then, once you’ve used a web site and you know it’s legitimate, add it to your favorites and only use the favorite link to go there in the future.
4) Only enter your credit card info on a secure web site.
The Better Business Bureau online shopping division highly recommends that you ALWAYS use credit cards when purchasing online (built-in fraud protection) and ONLY use web sites that use SSL (Secure Sockets Layer) on their payment page. You’ll know you are on a secure page if the page URL starts with “HTTPS://” instead of “HTTP://.” The data transfers on secure pages are encrypted, which protects your confidential information, even if the data is intercepted by a malicious program on your PC that is “listening in” on the transaction.
5) Use internet security software.
This may seem kind of obvious to some of you, yet you wouldn’t believe how many home PCs we see that either have no security software installed or have an old, un-updated version that has expired. Seriously folks, it’s almost 2012. You’re being seriously irresponsible if you are not running some type of security software. Here are 3 I recommend for home use. Two even have basic FREE versions, so you have NO excuse. However, I highly recommend you spend some $$ on the more comprehensive paid versions.
Avast (my favorite free program): http://www.avast.com/free-antivirus-download
AVG: http://free.avg.com/us-en/free-antivirus-download
F-Secure (what I use at home): http://www.f-secure.com/en/web/home_us/protection/internet-security/trial
Be SMART and be SAFE.