[Published November 16, 2020]
Before using your credit card, read this.
Staying home to score an online deal may give you bragging rights, but it also can be a great way to get scammed.
“It’s a digital pandemic of fraud out there,” warns Jim Fuher, manager of Fraud Prevention at STCU. “Before you give out your credit card number, be sure it’s handled by someone you trust.”
Shopping online will reach new heights during the 2020 holidays, as millions of people stay home during Covid-19 to fill their carts with gifts and gift cards shipped to homes and offices everywhere.
So, how do you know who you can trust when shopping online? Here are some basic safeguards to practice before you give out your credit card number to online stores:
Make sure the website is secure.
To see if the merchant is using a secure website, look in your browser bar for a web address that begins "https." The “s” indicates you’ve got a secure connection. A locked padlock or unbroken key icon in the address bar also indicates the site is using encryption to scramble your data.
Determine if the company is legitimate.
Avoid shopping online at the coffee shop.
It’s tempting to shop when you’re bored or away from home, but don't buy anything using open networks provided by coffee shops, hotels, or airports. These can be hacked by skilled cyber-thieves. Only shop online using secure networks on your private phone or computer.
“I’ve received several of these texts myself and, even though I know they are a scam, it’s hard to ignore them,” Rebecca Berger says.
Watch for phony emails and alerts.
No one should be surprised anymore to receive authentic-looking “phishing” emails — as well as texts and robocalls — that look and sound like they are from legitimate companies. These warn you to act quickly to confirm account information, or to make your purchase while supplies last. If you open the link, it directs you to a bogus app or website, where they ask for your credit card and other personal information.
One of the biggest trends in fraud are authentic-looking text alerts for orders you allegedly made on Amazon or other sites. Opening the link may release malware onto your computer that begins logging your keystrokes in an attempt to steal account passwords and other credentials. If you didn’t order anything, don’t open the link. If you can’t remember, check your bank account or previous email confirmations to see if you had placed an order.
“I’ve received several of these texts myself and, even though I know they are a scam, it’s hard to ignore them,” says Rebecca Berger, fraud investigations specialist at STCU. “It’s best to just delete them so temptation doesn’t ensnare you.”
Remember: If you didn’t request the email or text, delete it.
Other flags that an email is a trick, says the Federal Trade Commission, are messages that warn you to take immediate action, links to update or access your account, promises of refunds or coupons, and use of a generic address such as “Hello!” instead of your name.
To determine if the company making the offer is legitimate, search for a real phone number and physical address, check reviews and ratings for the site and its products, or search online for the site's name and the word "review" or "complaint" to see what others have reported about the business. Here’s more help from Consumer Reports.
Choose your apps wisely.
The use of fake apps is exploding! During Thanksgiving shopping 2019, RiskIQ online security firm reported more than 6,300 apps blacklisted from the 10 busiest online sites. These apps illegally used branded store names, slogans, and images to pose as legitimate merchants.
When shoppers see great offers on social media, opening the app can be the first step toward fraud. So, if the offer seems too good to be true, ignore it. And apply the same skepticism described above for unsolicited email and unknown websites to help determine if the offer is from a legitimate source.
Pay with a credit card or digital wallet.
Experts recommend you use your credit card — not debit card — to pay for holiday gifts online. Your liability on most credit cards is $50, but could be unlimited on your debit card, depending on the policies of your bank or credit union. If someone hacks your debit card, they could drain your checking account.
Digital wallets, such as Apple Pay or Mastercard Click to Pay, also are a better option than a debit card for online shopping. Digital wallets store your payment and shipping information under multiple layers of security and send data through encrypted channels that are difficult to hack.
Don’t order by email.
Email is convenient and easy, but almost never secure. Do not place orders, with your financial or private information, with an email to anyone, even if you know the owners of the store.
Buy gift cards online.
Here’s a twist: buying a gift card online is safer than buying one at a store. Crooks have been known to tamper with in-store cards, so that the money loaded on the card goes to their accounts. But a gift card purchased from a reliable store online can’t be tampered with.
Get acquainted with common scams.
At a time when everyone is looking for a deal, you can help your friends and family by becoming the household expert on scams. Here’s a quick snapshot of some of the most common to watch out for:
- Discounted gift cards.
- Offers to participate in a clinical trial for Covid-19 vaccines.
- Offers for cleaning supplies or medicines.
- An alert that you overpaid your utility bill.
- How to prepare for natural disasters offer.
- Give to a charity to help those who lost their home.
- Secret Santa or Secret Sister gift exchanges.
Some cyber-security experts also suggest installing antivirus software on you devices, limiting the practice of saving your credit card information on retail sites, enable purchase alerts on all your credit cards, and checking your accounts or monthly statements regular to spot questionable purchases and cyber theft early on.
Finally, when you do place an order online, ask the merchant to ship them to a secure location, such as your office, a trusted neighbor, or a location where the packages can be taken inside immediately.