FB-ISAO PSA: Ways to Avoid Getting ‘Grinched’ This Holiday Season

With the holiday shopping season in full swing, it is important to remember some key tenants to being safe and secure while shopping online courtesy of FB-ISAO friend Jennifer Lyn Walker:

• Verify before you buy. Fraudulent ads, websites, apps, and counterfeit products can be difficult to spot. Take time to read credible/legitimate reviews before visiting an unfamiliar site.
  • Check BBB.org for BBB Business Profiles and consumer reviews. 
  • Search for credible online reviews and research the retailer’s social media accounts.
  • Building upon the above, look at Scamadviser.com to learn how long a website has been in operation. A recently created website may be a red flag.  
  • Review the website’s URL for misspellings or other errors – often these edits are extremely subtle.
  • Examine the URL with Google’s Transparency Report tool.
  • Verify before you buy / sell. If you’re using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.
  • Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products. 
• Shop from a secure device (with a trusted connection). Use strong passwords, update your software, and turn on multi-factor authentication (MFA). If you can’t use your phone’s broadband connection, don’t buy until you get home to a trusted Wi-Fi – never provide financial information when using public Wi-Fi. 
• Pay securely.  If you are able, use a single credit card or virtual card as opposed to your debit card for online purchases, preferably a card with a low credit limit that you can more easily track your transactions. Alternatively, consider using platforms like PayPal, Google, Apple Pay, Meta Pay, or others to help to keep bank details from being stolen. Also, don’t save payment details on the website.
• Watch your account. Check your account statements frequently, especially during the holidays.
• Practice good cybersecurity hygiene. Be especially wary if a company asks you to update your password or account information. Look up the company’s phone number on your own and call the company.
• Know who you’re buying from or selling to. Check each website’s URL to make sure it’s legitimate and secure. A site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information.
• Be careful how you pay. Never wire money directly to a seller. 
• Monitor the shipping process. Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process. 
• And remember: If it seems too good to be true, it probably is.

Below are some resources to help people stay safe while shopping this holiday season.

• Holiday Scams guide to help shoppers.
• Holiday Online Shopping Guidance.
• Phishing Infographic. 
• Finally, Sucuri, a website security firm, published a blog post on “How to Securely Shop With Your Credit Card: Use a Virtual Card & Check for Skimmers.”

So, don’t get ‘Grinched’. And one final thing, your bank will NEVER EVER ask you to verify account credentials or personal information via an unsolicited email, text, or cold call. If you didn’t initiate the communication, call your financial institution from the number directly from its website, your card, or prior contact.