COLORADO SPRINGS — It’s holiday shopping season, and Americans love to spend big during the festive season. According to statistics from the National Retail Federation, Americans spent nearly $800 billion during November and December of 2020, and the number is expected to rise this year.
With an estimated 62 million Cyber Monday shoppers this year, according to a customer survey from the NRF, it will be up to consumers to stay smart to prevent fraudsters from profiting off of the holiday season.
Three of the biggest ways scammers will try to obtain your money or information around holiday shopping are through phishing, spoofing, and non-delivery scams, often using fake websites or online auction platforms.
These three common scamming methods cost consumers in the United States over $500 million in 2020 alone, according to data from the FBI. Coloradans made up over $20 million of that lost money.
Coloradans also make the top 10 in the amount of money lost to internet crimes according to the FBI, despite being the 20th state in population.
Spoofing and Phishing
Spoofing is when a scammer creates an email or website to look like a legitimate seller. The FBI says this is typically done by changing just one letter, symbol, or number. They might then ask you to download software, send money, or disclose personal, financial, or sensitive information that could compromise you.
Phishing is often related to phishing, as fraudsters will combine the two schemes. A phishing scam will often come from an email, text message, or call from an address or number that appears to be from a legitimate business. According to the FBI, a common tactic of phishing is to ask you to update or verify your personal information in a reply to the email or by visiting a website.
The website, however, will be a spoofed version, and the website will be used solely to steal whatever information you put in.
How to avoid:
The National Cybersecurity Center provided News5 with a set of checks you can do with websites to determine whether the website you are on is legitimate or not.
- Make sure the website is spelled correctly, e.g. it doesn’t have 0’s for o’s or .org where it would be more appropriately .com
- Check for “https” v. http – this can be an indicator that a site is secure, especially if paired with a padlock.
- Click on the padlock in the url bar – when you do you should see a confirmation that the site is secure, and that the addresses match between what’s in your url bar and what’s in the box that opens. If they don’t match, that’s a warning that it’s not a good site to be on.
- More and more browsers are also adding an extra level of “secure”/ “not secure” text in the url bar to help more quickly recognize if a site is a safe place to be or not
- Look for a site seal – like this one:
But don’t just look, make sure to actually click on it to make sure it’s not a fake image put there by a smart criminal
- Check to see if the site has privacy policies, return policies, weird grammar issues, look for Facebook or Google reviews of the business (if it is a business)
- Use a site checker, like transparencyreport.google.com to get an idea of whether something has been flagged as an insecure site
- Add an extension to your web browser, like this one [chrome.google.com], to help make sites that are legitimate but may not be inherently secure, encrypted and safe
Non-delivery is “most often linked to internet auction fraud,” according to the FBI. The scam is rather simple. A ‘seller’ lists an item on an internet auction website and then accepts your payment for the item, then they simply don’t ship it. The FBI says that sellers like these will sometimes repeat the process with the same item under different usernames.
How to Avoid:
There are a few things you can do to figure out if the auction seller is legitimate. The FBI advises following these steps to make sure you’re not buying from a fraudulent seller.
- Make sure you are purchasing from a reputable source, and search them or check reviews to ensure they are a real seller
- Check for a physical address rather than just a phone number or PO box, and make sure to call and/or email the seller to ensure that the number or email is legitimate
- Check the Better Business Bureau’s website from the seller’s area
- Be cautious about ‘special’ investment offers, and when dealing with people outside the United States
- See if they provide a refund or warranty, and use a credit card so you can dispute the charge if something goes wrong
What to do if you find a scam or fake site
The National Cybersecurity Center also provided a few tips on what to do if you do end up on a fake or scam website.
- If you find a site that seems suspicious and you’re able to get out of it quickly, report it. A few different places include: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en [safebrowsing.google.com] and https://reportfraud.ftc.gov/#/?pid=A [reportfraud.ftc.gov]
- If you enter a site and you suddenly start getting pop-ups to download antivirus software, that is a good sign you’re in a spot you shouldn’t be. If you try closing out of your browser and you get pop-ups asking if you’re sure that you want to leave, close out of your browser entirely and do a quick anti-virus scan to just make sure nothing suspicious made its way onto your device.
- If you can’t close out of your browser, go to your task manager through your “start button” and choose the browser you’re in and ‘end the task’. And again, do a scan of your device for any possible viruses
The FBI also hosts a website dedicated to internet crimes, where consumers are able to file a complaint. If you or someone you know has seen a fake website or been a victim to a scam, you can report it by following this link.