Gearing up for Black Friday deals? Well, so are the scammers...
In fact, they've been at it since last month, building thousands of fraudulent online storefronts for the unsuspecting American to "shop" at.
Hackers have been hard at work, pumping out fake websites that mimic real ones from well-known merchants like Ikea, The North Face, and L.L.Bean.
Cybersecurity firm EclecticIQ nicknamed these fraudsters "SilkSpecter," believing them to originate from China.
And the number of fake websites already identified is absolutely stomach churning... Analysts have racked up a list of more than 4,000 of these fake shopping sites meant to trick the hapless shopper into entering his or her personal information and credit-card details.
So today, we want to share some tips to help keep you safe while you're shopping online...
- Really read the web-address bar. A spoofed website might have an address ending in "top," "shop," or "store," for example, rather than ending in "com." Dot-com sites can still be faked, too – there might be a typo of one letter that's off or have the company name but with eye-catching terms like "blackfriday" added in.
- Bypass sites without "https" at the beginning of their URLs. The extra "s" stands for "secure" in secure sockets layer ("SSL"). The SSL lets you know that the information you will type into the site is encrypted and secure. Also, you'll likely see an adjacent icon of a padlock or shield (or, in Google Chrome's case, two horizontal lines and two dots). But be aware that SSL certificates can be faked, too, so make sure you're looking out for all of the red flags I talk about in this issue.
- Don't click on any pop-ups. Doing so may trigger a download of malware. For instance, you might see a pop-up asking you to join the e-mail list for a new-customer-discount promotional code. Or you might see "scareware" pop-ups warning you that the device you're using is already infected and to click for help. Ignore those, too, as clicking on them can guide you to another fake site.
- Look for poor quality. In the same vein as the URL "typos" I mentioned, if the site is riddled with grammatical and/or spelling errors, steer clear. The same goes for low-quality images and a website layout that makes it difficult to navigate.
- Check for contact information. It's a red flag if there's hardly any contact information for customer service – like a "Contact Us" form on the site to fill out. Similarly, scam sites might have no "About Us" webpage detailing the business.
- Beware of "too good to be true" prices and ads (including on social media). It's all too easy for a scammer to create a fake Facebook business page. Ignore ads with insanely low prices that seem too good to be true. You also might see a suspicious-looking web address.
- Report the fraudsters. You can report fake websites to the Federal Trade Commission ("FTC") at ReportFraud.ftc.gov. If you think any of your personal information has been exposed, don't panic. Go to IdentityTheft.gov for the next steps or call 1-877-438-4338.
Slowing down to assess the safety of a website can protect you and your wallet this shopping season. In the same vein, pause before hitting "purchase" on your shopping cart and ask yourself these questions: "Do I really need this item, or do I just want it?" "How many times will I use it?" and "How long will this item make me happy?" That way, you won't waste your money on impulse buys.
What We're Reading...
- Something different: The biggest turkey recalls in U.S. history.
Here's to our health, wealth, and a great retirement,
Dr. David Eifrig and the Health & Wealth Bulletin Research Team
November 26, 2024