This holiday season is far from normal, but one tradition is sticking around: online fraud.
Studies show increased shopping volume typically results in a rise of fraud attempts over the holiday season. But online fraud has already been increasing for much of 2020, as more shoppers flocked to online shopping amid stay-at-home orders and ongoing public health concerns resulting from the pandemic. As a result, the record volume of online purchases predicted this holiday season could result in a similar record number of fraud attempts.
“Every year, we monitor a spike in the holiday season,” says Shai Cohen, senior vice president of global fraud solutions at TransUnion. “So if there is a spike every year, we imagine this year the spike will be even larger.”
Fraudsters seek out opportunity, and when more people shop online, those opportunities grow. Right now, people are especially vulnerable, says Vanita Pandey, vice president of marketing and strategy at Arkose Labs, an online fraud prevention technology company. “The propensity for someone to fall victim to these crimes is high, and I believe that fraudsters have all of that information ready to go as the holiday season approaches.”
Here are four major risks you should look out for while shopping online this holiday season, and the specific strategies experts recommend for keeping your data secure.
1. Account Takeover
In the recent past, fraud attempts were typically thieves using stolen credit cards to buy things, says Gary Sevounts, chief marketing officer at Kount, a digital fraud prevention company. But now the landscape has changed. Your identity is more important than anything else, Pandey says. Fraudsters are not only mining for credit card information, but also login credentials, reward points, and, most importantly, personal account information. “I don’t need to take your card,” Pandey says. “I could get into your account and once I get into your Gmail account, I can wreak havoc.” This is called account takeover (ATO) fraud. “When attackers successfully compromise accounts, they monetize their access by abusing credit card or loyalty programs, committing identity fraud, or submitting fraudulent transactions,” according to a recent FBI report on the trend. Account takeover is such a boon for scammers because — despite being warned otherwise — many people use the same or similar username and password combinations across multiple online accounts. One hacked account could mean access to others, ranging from your Amazon account to your Twitter profile and even your online banking data.How to Prevent Account Takeover
It can be difficult to prevent widespread account takeover schemes like data breaches — that responsibility largely falls on merchants taking adequate security measures, according to the experts we spoke to — but you can take steps to secure your data. You should use different username and password combinations for each of your online accounts. Do not save your card information with retailers — it might mean a speedier checkout, but also puts you at risk if that merchant is breached. If your account offers two-factor authentication, be sure to opt in, and always make sure to log out of accounts on your computer or mobile browser, especially if you’re using a shared device. Even shared accounts between friends and family members can be risky, Pandey says. Sharing identifying information online can increase your risk, too. “Think about what people post,” says Angie White, senior manager of global fraud solutions at TransUnion. “They might post about a high school reunion, and now you have their high school and their high school mascot. That could be the answer to a question to reset the password and get into an account. There’s a lot of nuggets that people leave out there that can be used to socially engineer and take over an account.” Be mindful of what you’re posting, sharing, and tweeting, especially if your posts can possibly relate back to a potential security question.2. Social Media Scammers
Reports of scams originating on social media have tripled this year, according to a recent report from the Federal Trade Commission. The most common scams (28%) were orders shoppers placed but never received, often after seeing an ad on social media. You might have seen these yourself: Attractive, slick, and highly targeted ads start to appear on your Facebook News Feed or Instagram Stories featuring brands you’ve never heard of. “These scam ads look real and can be carefully targeted to reach a particular audience,” states the FTC report. “The scammers can delete comments on their ads or posts, so that negative responses don’t show up and alert people to the con.” “It’s never been easier for someone to start their own business, but it’s never been easier for fraudsters to do that, too,” Pandey says. “Awareness is important. Don’t leave your payment credentials anywhere. Don’t just click on something if it seems too good to be true.”How to Prevent Social Media Scams
If the price or photos listed on an e-commerce social media ad seem suspicious, beware. Do your holiday shopping with online retailers you trust, or have reliably purchased from before. There is some good news. Generally, your money is protected if you use a credit card to purchase from a fraudulent seller on social media. Credit card issuers have robust security measures and you’ll likely have the option and ability to get your money back, easily lock your card, and ensure that any money spent fraudulently won’t come directly out of your account. Using a debit card doesn’t offer the same protections, which is why you should primarily use a credit card when making online purchases.3. Gift Cards
When you’re unable to travel to see your loved ones, an e-gift card can seem like a great present. Your gift is delivered straight to their inbox without worrying about shipping or inventory delays. Digital gift cards have also become popular throughout the pandemic as a way to support your favorite businesses like restaurants or fitness studios, even if you can’t visit them in person right now. But, experts say, fraudsters are more often turning to gift cards — and e-gift cards specifically — as sources for theft. They test out numbers constantly, trying to figure out if there’s a balance on the card, Pandey says. So by the time the actual cardholder goes to redeem the balance, it’s already been wiped out. Because gift cards are their own form of currency, fraudulent transactions can be difficult for security systems to catch. It’s virtually untraceable, according to Pandey.Pro Tip: Always use a credit card when shopping online. When your debit card information is stolen, money can be withdrawn directly from your account and take longer to recover. Credit cards often have more robust purchase protections and act as a buffer between fraudsters and your cash.The information you share while purchasing the gift card, such as your email, credit card number, name, and address, can be a goldmine, too. “Digital gift cards, like any digital interaction, are susceptible to all the fraud and security threats, from account creation to account takeover to transaction fraud,” Sevounts says.
