Protect Yourself When Shopping Online this Holiday Season

The holidays this year will be dramatically different. Many families are curtailing travel and celebrating virtually to prevent community spread of COVID-19. Cities and counties across the country have reduced the foot traffic allowed in retail stores at any given time.

As a result, a record number people are turning to online shopping for holiday gifts. IBM’s most recent U.S. Retail Index Report indicates that the pandemic has sped up the shift from in-store to online shopping by about five years.   

Just as people take protective measures to stay well this season, shoppers should take precautions before clicking enticing offers for holiday deals.

“Malicious actors know there are more eyes checking email and websites for deals this year,” said Jeremy Hopwood, Pinnacle’s chief information security officer. “And they’ll take advantage of anyone in a hurry to snap up a great price on the latest gadgets or popular gifts to finish their holiday shopping in time for shipping deadlines. They know people’s email inboxes are going to be full of purchase confirmations, so we’ve already seen a number of phishing attempts made to look they’re from popular shippers like Amazon. They often links that look official, like ‘an update on your order.’ Don’t take the bait. Fact check them by logging into your real account for that website and checking for messages and alerts there.”

A few more tips as you let your fingers do the (online) shopping:

1. Avoid shopping on a smartphone. The convenience of a hand-held device can lead to clicking links that aren’t the real store you’re looking for. The screen is smaller, and you don’t have a mouse to hover over a link and verify the URL.
2. Inspect emails carefully. Check the “from” email address to make sure it matches the retailer it’s presenting to be. Don’t click on links within an email. Email deals that offer a code to type in at the point of sale are safer. See our Super Six for more tips on email safety.
3. Use a browser on a computer to navigate to the store’s website instead. The same offers should appear there. Beware of lookalike domains and spelling errors in website addresses. Instead of clicking on the advertised sites listed after a Google search, scroll down to find the real McCoy.
4. Look for the little padlock icon. It's located to the left of the address in your browser, indicating a secure website.
5. Be suspicious of deals that emphasize urgency. If it says, “You’ve been chosen” or “Act fast – only five left in stock!” those are red flags for scams.
6. For sites that require registration, use unique, complex passphrases instead of simple passwords. Build your own code and use it to spell out phrases, substituting numbers and symbols for some letters. An example: “I’m from Nashville!” becomes 1mfr0mN@5hv1ll3! It is more difficult for threat actors to write algorithms to break the code.
7. Shop small. Look for locally-owned stores and boutiques offering curbside pickup and contactless payment. You may find more unique gifts and a safer shopping experience, all while supporting a small business.

For more tips, visit the Fraud and Security section in the Pinnacle Learning Center and take a look at this brochure on holiday scams from the FBI.