Tips to Avoid Holiday Shopping Scams Online

Another Cyber Monday, and more online sales records will be set. What can you do to protect yourself at home and work?

by / November 30, 2014

We have reached another Cyber Monday, with experts reporting that this holiday weekend is breaking all previous records for online shopping. Early projections were that online purchases would account for 44% of total Christmas sales this year.

Many online sales are going on all week, with free shipping and big discounts. In fact, some ads are promoting an all new "Cyber Week." And yet, shoppers need to take precautions as they surf for deals online.

Time Magazine described how protests and more did not stop shoppers on Black Friday:

Despite protests against Walmart and a national backlash over stores opening for customers on Thanksgiving day, this year’s Black Friday sales hit record-highs both in stores and online.

A record-breaking $1 billion was spent online on Thanksgiving day, according to an analysis by Adobe Systems, which examined 180 million visits to more than 1,000 retail sites. Sales on eBay.com shot up 35% through noon EST compared to the same time last year on Black Friday.

Fifteen thousand people shopped at the Macy’s flagship store on Thanksgiving Day, and Black Friday sales for Amazon UK was the busiest sales day on record.

According to IBM Digital Analytics and USA Today,

Thanksgiving Day website sales jumped 14.3% over 2013. Sales and traffic were driven by mobile phones and tablet use, which accounted for 46% of all Black Friday online traffic.

Walmart racked up more than 500 million Thanksgiving page views, surpass only by the retailer's Cyber Monday traffic last year. ChannelAdvisor, which tracks retail data, said Amazon also was a big winner, with sales up 26% from last year. Electronics retailer Best Buy's website crashed for about an hour Friday morning due to a "concentrated spike in mobile traffic,'' said spokesman Jeff Shelman.

Major news sources were full of advice such as this Tablet Buying Guide from USA Today being one example.

And we’ve only just begun. Cyber Monday is next, and here are a few Cyber Monday online guides:

1)      Engadget’s Cyber Monday 2014 Roundup

2)      ABC News’ 7 Super Cyber Monday Travel Deals – Who says special online codes can’t really lower prices?

3)      CyberMonday.com - There are even websites that totally focus on special Thanksgiving weekend cyber deals.

Avoiding Online Scams This Holiday Season

So how can you be safe in cyberspace while you are saving money?

My first tip for safe online shopping flows from name recognition. Simply stated, know who you’re dealing with. This means ensuring that web addresses that you are connecting to are, in fact, actually the companies that are reputable and the names you trust. Reputation matters even more online, so make sure that the web address (URL) is safe and actually goes to the website for the company you know.

The corollary to this tip is that deals that seem too good to be true, from companies that you’ve never heard of, should be treated with suspicion.

USA Today offers these tips to shopping safely online. Three of my favorites include:

Phone facts: Your bank will never call and ask you to give them your account information. But scammers do. T

Wherefore your Wi-Fi: It's tempting to make use of free Wi-Fi when you're out and about, but be cautious. Sometimes it's the store but sometimes it's cybercriminals providing the service. When in doubt, check and make sure the Wi-Fi really is set up by the business you're in.

Check you card: If you can, use one credit card for all your online purchases, so you can easily see if there are charges for items you didn't buy.

McAfee (now Intel Security) offered these 12 Scams of the Holidays back in 2009, but they still apply today. The first two are:

-       Charity phishing scams:
Knowing that consumers like to give this at time of year, hackers send out fake emails requesting donations that appear to be from legitimate charitable organizations. However, these emails usually link to phony websites that take your money without passing it along to a good cause.

-       Holiday e-card scams:
More and more people are sending holiday e-cards instead of regular cards because they are convenient and “environmentally green.” Cybercriminals will send you an e-card, asking you to download an attachment to pick up your card. However, the attachment isn't really an e-card—it's malicious software ready that installs on your computer without your knowledge and wreaks havoc.

Politicians getting involved

The online scam problem is getting so important, even politicians are getting involved. CBS News in Baltimore reported:

Representative Elijah Cummings and Senator Elizabeth Warren sent letters Thursday to 16 different banks, demanding answers about recent data breaches. On that list–Bank of America, Citigroup, PNC and Wells Fargo.

“Folks can rob a bank of more money with a cyber attack than walking in the door with guns,” Cummings said.

The goal is to figure out the extent of those recent breaches and what protections–if any–they’re putting in place….

Cummings expects to hear back from that list of banks by early next week. Cummings also sent letters to retailers and other companies, including Home Depot and Target.

 After Buying: Bring Your Own Presents to Work, Or Not?

  Another, less talked about issue involves millions of Christmas presents showing up at work on company networks – both before and after Christmas. Public and private sector technology infrastructure teams need a plan to deal with this annual challenge, expecting the onslaught to begin every Cyber Monday and not end until mid-January. Security teams need to prepare in advance. (I have even seen Cyber Monday shopping impact operational work networks in places where Internet connectivity is poor.)

While many businesses have implemented bring your own device to work (BYOD) policies, many still do not have these important policies.  Even where BYOD policies are in place, angst still exists for many staff regarding personally-owned devices.

Though BYOD programs were instituted to ease tensions between employees and their companies, it turns out there’s still plenty to go around, particularly when it comes to security and privacy. Almost half of American workers said they would stop using their personal devices for business if their employer required them to install a specified security app, according to a July report from Harris Interactive, a market research firm, and Webroot, a cybersecurity company. Worries included employer access to personal data, the wiping of personal data in the event that a device is lost or compromised, the tracking of one’s location, and reduced performance due to the additional software running in the background.

Some Final Thoughts

It’s never too early to think about what your organization could do different next year.

Here’s a new idea for 2015: Governments could get into this Cyber Monday excitement. How about: Pay your friend's back-taxes (as a Christmas present)- with 10% off the normal bill. 

Or, get you campground reservation for $20-off on a $100 purchase.

Or, donate to various social services for the less fortunate.

There are literally hundreds of services that governments could sell online that should participate in Cyber Monday buzz.

It just seems like a matter of time before federal, state and local governments get into the Black Friday and Cyber Monday selling scene.

What are your thoughts?

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso