eShopping scams you should be aware of
Digital technology has brought enormous benefits, but it also has generated new risks for users of e-commerce, web browsing, and online transactions.
E-commerce fraud has increased twice as fast as the revenues (1), reaching $ 41.4 Billion (2)
The open nature of the Internet, without a ruling authority, allows cybercriminals vast possibilities to carry out their malicious activities. Users are exposed to fraud by many types of scams, and they only have their knowledge and tools to protect themselves.
The most significant risks for users are:
The impersonation of the citizen's digital identity to access their assets, such as bank accounts or e-shopping accounts, and drain them. Also, for access to physical resources such as a second home or committing crimes that will then be attributed to your identity.
The stealing of your credit card information or your bank account's credentials, including the dual factor SMS interception, to transfer money from your account or make purchases with your card.
Scammers use many methods you should be aware of to create your personal strategies and best practices and enjoy secure digital experiences. Some of their most common and apparent methods are:
Visual observation, if we introduce our keys while we are in a public place.
Interception of traffic to steal passwords, if we are on a public WiFi and we are not using a VPN
Introducing our credit card information on a fake website with a payment gateway, if we see attractive offers but we don't identify the site's owner and reputation.
Intercepting our credentials and credit card information via malware that has been introduced into our equipment, if we do not have an updated antivirus or EDR.
Intercepting our credentials and credit card information by malware that has infected an e-commerce site, if the company that manages it has not patched the vulnerabilities.
Cyberbaits or phishing via email, SMS, or social engineering. A deception technique through which we are providing our keys to the cybercriminal without being aware.
Fraudulent duplication of our SIM module by the cybercriminal to intercept the SMS validation codes
Lack of discipline in the custody of our passwords, registering them somewhere from where they can be stolen, not updating them periodically, or using the same password for several services.
Entering our credentials on a website that does not have the HTTPS protocol implemented (the green padlock in the browser), thus allowing the data in the communication to be intercepted by a cybercriminal.
And the recommendations you should take:
Never introduce your account credentials or credit card information in a public space or a public WiFI where another person or a hidden camera can observe you, nor do you share them with anybody under any circumstance.
Before e-shopping on a new site, always check the owner's information (3) and the site's reputation (4). Don't purchase if you are not able to get this information.
Make sure you have an updated antivirus or EDR installed on all your devices.
Don't fall into phishing or social scams. Learn how to identify suspicious messages (5), ignore them, and report them.
Never click on a URL if you don't trust the person who sent it to you. Before clicking, check the site's reputation (4).
Use a password manager or have a secure method to manage and store your passwords. Update them periodically.
Enable credit card payment with your smartphone, and activate it only when you are going to pay. Smartphone payment provides different credit card info on every payment, making useless any interception of the numbering by cyber criminals. Alternatively, for e-shopping, use virtual credit cards or rechargeable cards.
Never use a debit card to pay online; if a cybercriminal gets your debit card info, they could drain all the money in your bank account before you notice.
Never introduce your personal details or credit card info on a website that doesn't use the HTTPS protocol for traffic encryption.
There is no 100% protection against scammers. There is such a massive volume of scam attempts with evolving and new tactics that, even following best practices, it can still happen to us.
It's not a matter to be paranoid about it but reducing the chances and the most obvious methods we can fall victim to.
Let's be safe and enjoy a peaceful Christmas surrounded by your loved ones. My best wishes to you all. 🎅
(1) Digital Commerce 360: E-commerce fraud rose nearly twice as fast as e‑commerce sales in 2017: https://www.digitalcommerce360.com/2018/04/24/e-commerce-fraud-rose-nearly-twice-as-fast-as-e-commerce-sales/
(2) Juniper Research: ONLINE PAYMENT FRAUD: MARKET FORECASTS, EMERGING THREATS & SEGMENT ANALYSIS 2022-2027: https://www.juniperresearch.com/researchstore/fintech-payments/online-payment-fraud-research-report?utm_campaign=pr2_onlinepaymentfraud_financial_fintech_oct22&utm_source=vuelio&utm_medium=pr
(3) Who is the owner of a site: https://who.is/
(4) Check a URL's reputation: https://www.scamadviser.com/
(5) Five ways to detect a phishing email – with examples: https://www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email