Pay Attention to the Details When Shopping Online
The introduction of Amazon Prime Day several years ago was a viral hit with consumers. Unfortunately, it was also a viral hit with cyber threat actors who capitalize on unsuspecting shoppers by taking advantage of their willingness to buy things quickly online without paying attention to detail. To stay competitive, other retailers are offering their version of “Prime Day.” These additions have exponentially increased the risks of fraud and cyber threats.
What is the Threat?
Cyber threat actors and other criminals prey upon those who don’t remain situationally aware. Specifically, they try to take advantage of several key consumer habits with Amazon Prime Day-style attacks.
Sense of Urgency:
You don’t want to miss out on a deal, so you’re more likely to rush through a purchase without confirming who you are giving your credit card number or what link you are clicking on. Threat actors use phishing messages or website spoofs that contain “Flash Sales” or false item quantities, such as “Hurry, there are only two left in stock!” to get your attention and make you click fast.
Spoofed Email Addresses & Websites:
It couldn’t be easier for criminals to make their fake pages and emails look real. A simple copy and paste of graphics and content allows them to make realistic-looking messages or landing pages. If you aren’t paying attention or are in a rush, it can be very easy to submit your PII to these sites thinking you’re making a purchase. You should ALWAYS go to a known, trusted site for online shopping vs. clicking links or redirects within unsolicited messages.
Too Good to be True:
Threat actors often dangle “too good to be true” offers to consumers to get them to take the bait. These are usually combined with sense-of-urgency-style attacks. People don’t want to miss out on a sale that can save them 50% or 75% on something they’ve been wanting but otherwise couldn’t afford. It is worth pausing if something seems almost too good to be true.
Subscriptions & Memberships:
Criminals aren’t limiting their attacks to buying goods online. I’ve seen several malicious landing pages that referenced subscription services and memberships at a discounted rate. For instance, if a hacker knows that you shop at a specific store or work out at a certain gym because of a compromised mailing list, they may target you with a fake offer for a discounted membership renewal. When in doubt, always contact the store or gym to verify the deal using a phone number or contact from a known safe site. Never verify using a phone number or email address in the advertisement.
I hope this reminder helps keep you and your family safe and makes you more knowledgeable when shopping online.
For more information on how to keep you and your personal information safe, visit our webpage on fraud alerts.
Brian M. Howell
Chief Strategy Officer, CISO
People Driven Credit Union
