November 16, 2023

How to Avoid Online Shopping Scams This Holiday Season

As fall fades into winter and the holidays approach, a sense of wonder descends like the first snow. This time of the year can turn any Scrooge into an angel. After all, who doesn’t enjoy a cup of hot cocoa by a crackling fire?

When Black Friday comes, the idyllic sounds of cheerful carolers are quickly drowned out by hordes of shoppers barreling down the aisles of big box stores and malls. The goal is to get the best deals, and some will trample over another shopper to get it. Thankfully, online shopping and Cyber Monday bring a peaceful alternative to the budgetary bedlam of Black Friday.

Online shopping is a convenient way to buy everyday necessities, compare prices between vendors on big ticket items, and find great deals on gifts for special occasions. Although eCommerce has been around for decades, it wasn’t until 2020 and the onset of the COVID-19 pandemic that online shopping became commonplace. In 2022, 77 million people chose to avoid the crowds and shopped online during Cyber Monday, spending $11.3 billion and surpassing in-store purchases on Black Friday by 23.9%.

Whether you love or hate shopping online, you’ll likely turn to the internet at some point to purchase a gift this holiday season. Take caution as you look for presents at a rock bottom price. A deal too good to be true could be a scam.


What is an Online Shopping Scam?

Online shopping scams involve fraudsters setting up legitimate looking retail websites and business pages on social media. Their objective is to gather personal and financial information to commit credit card fraud and identity theft. Sometimes, the scammer may be trying to offload knock offs of well-known luxury brands. Often times, the items you purchase don’t even exist.

Scammers might create a slick looking brand presence online to draw people in, so it can be difficult to spot a fake small business retailer from a real one. They may even pay for ads on social media or search engines.


Red Flags of an Online Shopping Scam

One of the biggest warning signs that someone is trying to scam you is payment method. Money orders, pre-loaded gift cards, and wire transfers are like cash. It’s nearly impossible to get a refund if the item is never delivered or you’re unsatisfied with the product. Using a credit card makes refunds easier and leaves a clear paper trail of who the vendor is and how much was charged.

Another red flag is a deal too good to be true or a sense of urgency to purchase the product before the deal ends. Heavily discounted items and coupons are often used by scammers to motivate online shoppers to click on malicious links, enter their credit details on spoofed sites, and steal their money.



5 Online Shopping Scams to Avoid

As new ways to shop emerge, it creates a new avenue for scammers to exploit consumers. Here are a few of the most common online shopping scams to avoid.


1. Phony Package Delivery Scam

You’re likely to send and receive a flurry of packages around the holidays. Scammers attempt to leverage the chaos of the busiest online shopping seasons by sending emails and texts about a package waiting for delivery. They’ll prompt you to provide personal details to ensure the package is successfully sent to your address, but instead they use that information to steal your identity and open credit cards in your name.

Scammers may also attempt to contact you by phone and request your personal information. The U.S. Postal Service has clarified on its site that it doesn’t call customers about package deliveries, and they never ask for personally identifiable information to verify deliveries. Similarly, FedEx and UPS don’t make outbound phone calls to confirm if you’ll be home for delivery or request personal details. Instead, if you miss a package, a note will be left on your door. If you get a call, text or email attempting to extract this kind of information, hang up or delete it and report it as fraud.


2. Order Confirmation Phishing and Smishing

Phishing is a common tactic used by scammers to get people to click on malicious links in an email. When the links are sent via text message, it’s called smishing. Scammers use both methods of communication to send fake order confirmation links that might download malware to your device or send you to a spoofed portal where personal and financial details are collected.

Much like the fake package delivery scam, these fraudsters are hoping you won’t notice this message is out of place. Fortunately, there are a few ways to spot this scam in an email:

Examine the sender email address. Look to see if the email address matches the company name. In some cases, scammers may try to mimic the name of another company but replace a letter like “l” with the number 1. If there’s anything suspicious about the email address, don’t click on any links and report it as phishing. This will help email clients like Google and Microsoft identify bad actors and shut down email accounts that violate their policies.

No personalization. It’s standard for companies to use your first name when sending confirmation emails. If there’s no personalization, it’s a potential red flag.

Grammar and unprofessional formatting. Misspellings, poor grammar, and odd formatting is another hint that the sender is likely a scammer posing as a legitimate business.

If you get a confirmation text for an item from a business you don’t remember purchasing from, log into the shipping company’s website to track packages instead of clicking on the link.


3. Fake Social Media Stores

The Federal Trade Commission (FTC) reports that one in four instances of fraud start on social media. Social media scams also rack in a shocking amount of money. Reported losses reached a shocking $2.7 billion. That’s more than any other method of contact like phone calls, emails, and text messages.

Online shopping scams have the highest number of reports. Scammers open stores on social media platforms like Instagram or Facebook for a short time, often selling counterfeit items of high fashion brands or nothing at all. They may run ads and have a website to give the veneer of a legitimate business.

Take steps to investigate a new business before you purchase a product:

Check the vendor’s profile for details about the business and contact information. A legitimate business usually makes it easy for customers to get in touch, so if it’s difficult to find an address, email, or phone number, pass on the purchase.

Look for reviews. Shoppers are quick to call out bogus online stores. Search for reviews online if you can’t find any on the business’s social media pages.

Look for secure payment methods. When making a payment online, check the beginning of the URL for “https” and a closed padlock symbol. This indicates that the financial information you enter is being sent over a secure browser. Alternatively, payment processing services like PayPal and Stripe are often used by online vendors and provide the same kind of security.


4. Malvertising

Malvertising is a more sophisticated kind of online shopping scam that involves injecting harmful code into legitimate online advertising platforms. Facebook and Google go to great lengths to weed out these bad actors, but some slip through their security measures.

Even trusted brands can be compromised if a business account is accessed through malware like NodeStealer or DuckTail. After stealing login credentials for an account, the scammers run ads with malicious links that can compromise your personal data and lead to identity theft, credit card fraud, and financial losses.

The scariest part is that the malicious code buried in these ads can infect your computer whether you click on the ad or not. The malware uses open-source JavaScript libraries to automatically launch. This is the code that basically makes every website on the internet work. The script will continue to operate after restarting your computer, so turning it off and turning it back on won’t get rid of the malware.

Using a device protection app like IDSeal’s Pro-Tec helps you detect and remove threats like malware, viruses, trojans and other dangerous scripts that steal your personal data. Pro-Tec comes with other features to improve your online data privacy and security like a Virtual Private Network (VPN), Ad Blocker, Encrypted Documents Vault and more.

Protect your identity and devices with an IDSeal protection plan starting at $9.99 a month. Compare our plans here.


5. Malicious eCommerce Apps

In addition to legitimate advertising platforms, cybercriminals also use reputable app stores like Google Play, Samsung Galaxy Apps, and the Apple App Store to distribute malware. Earlier this year, Google suspended the account of Pinduoduo after finding malware on several apps created by the Chinese eCommerce company. It’s not uncommon for an app to track your activity so it can sell you more products, but Pinduoduo’s malicious code went way beyond the typical consumer behavior tracking and gave the app access to a user’s contacts, calendars, photo albums, social media accounts, notifications, and messages. The app was even able to change cellphone security settings.

The parent company of Pinduoduo also owns the U.S. based online eCommerce app Temu. Within a year of launching the app, over 50 million Americans downloaded it. The popularity of the app is driven by cheap prices and the promise to “shop like a billionaire,” a dubious slogan used for its expensive Superbowl ads. Although the prices are low, the quality of the products hardly reflects the tastes of a billionaire.

While malware hasn’t been found on Temu, the proximity to Pinduoduo and Communist China is too close for comfort for some.

One expert recommends deleting the app to ensure your data stays safe. Like many apps, it asks for as much personal information as you’re willing to give, which includes your name, address, phone number, date of birth (so you can get that special coupon or gift of course), and photo. It also collects information about your device, its operating system, IPS address and GPS location.

Avoid apps with malware by doing your research before downloading. Only download apps from recognized retailers in official app stores and carefully read the permission requests apps send before agreeing. Some apps need location data to function properly, but for others, you can adjust those permissions in your phone’s settings.

Remember free is never really free. If you aren’t buying a product, you’re likely trading your consumer data for the pleasure of using the app. In other words, you are the product.


Stop Online Shopping Scams with the Help of Device Protection

Take preventative measures before you begin your online shopping with IDSeal Pro-Tec. Our device protection app is packed with must-have features to enhance your online safety and protect your personal and financial data.

The Safe Browsing Protection warns you when a website may expose you to malware, spyware, viruses, and other malicious scripts. Enable our Ad Blocker to eliminate annoying ads, making your online shopping experience safer and more enjoyable.

Turn on the VPN when shopping on public Wi-Fi to prevent cybercriminals from intercepting your payment information. Meanwhile, Antivirus and Malware Protection defend against viruses, spyware, malware, ransomware, and similar threats.

Each IDSeal identity theft protection plan comes with Pro-Tec, so no matter what plan you pick, you’ll have the tools to stop scammers in their tracks.

Learn more about all the features of Pro-Tec and see how we stack up to other device protection apps.

Start protecting your identity today! Signing up is quick & easy

Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter

of if you'll become a victim, it's when...

Get Protected