Here are some tips to help you reduce your chances of becoming a victim of identity theft or fraud.
Choose Trusted Online Retailers and Apps
Always shop with trusted online retailers. If you find a new store you'd like to do business with, but are unsure about its reputation, try to find reviews from trusted sources such as the Better Business Bureau. It's important to stick to trusted review sources because there are several ways to fake online reviews, and there are places where cybercriminals can pay other criminals to post positive reviews. Even though an untrusted site might have the best prices, it's worth it to use a trusted online store that is known to safeguard your information and purchases.
The same advice applies when downloading any types of apps to help with your online shopping - it's important to stick to trusted apps from known developers. Unfortunately, fake apps appear in the app stores, pretending to be from a trusted source, while other apps exist to capture your data without providing the services they claim to offer. You can avoid many malicious apps by downloading yours from Google Play, Apple App Store, Microsoft Store, or another trusted platform, and making sure you carefully read the permissions and app reviews.
Secure your Device, Connectivity & Accounts
Never use a public computer when shopping or banking – Using a public computer, like those found at libraries, can expose you to greater risk. It's best to use a trusted home device and network for anything involving financial transactions.
Keep your devices up-to-date, especially those you shop and bank with – Simply updating the device that you use for conducting your online shopping is a key cybersecurity practice. By keeping the device up-to-date with current patches and software, you ensure you have the manufacturer’s latest security fixes in place.
Never shop or conduct banking on unencrypted or public Wi-Fi – It's best to always conduct financial transactions or log on to sensitive accounts via a trusted Wi-Fi network. Ideally, this should be from your home network, which should require a password and use WPA2 encryption.
Look for the lock icon on your browser - When a site has a lock icon on the browser window, or in the URL bar, it indicates that your communications with the site are encrypted. If you do not see a lock, look for “https” at the beginning of the URL, as this is the same thing as the lock.
Never give out your online banking user name and password - If you share your login information, you are authorizing another person to access the money in your account. This could allow fraudsters to steal money from you or cause you to become a victim of identity theft.
Check out as a guest – By checking out as a guest, you prevent the online retailer from storing your personal account and financial information. This minimizes the amount of information that could be lost if the retailer is compromised. If you have or need an account with a retail website:
- Use a strong password – Be sure to use a strong, unique password. Always use more than ten characters, with numbers, special characters, and upper and lower case letters.
- Don’t save your payment information with retailers – If you have an established account with a retailer, do not store your payment information with them. In the case of an account compromise, stored payment information may allow a criminal to make purchases using your financial information.
Be Wary of Fraudulent Emails and Advertisements
Look out for suspicious or unexpected emails – A common tactic of cybercriminals is to send fraudulent emails to try to get you to click a link or open an attachment. When it comes to this time of year, they may make an email look like it contains tracking information for a shipment or a promotion for a store. The link or attachment might download malware or try to get you to enter your user credentials in a convincing, yet fraudulent login screen, so they can steal your password. Always avoid clicking direct links in emails, and if you receive an email with a tracking number in it, head to the shipping carrier’s website in your browser and copy and paste the tracking number itself into the site.
Avoid clicking advertisements or pop-up windows of any kind – Advertisements embedded in social media sites, websites and pop-ups have been known to be compromised by cybercriminals to distribute malware. It's best to avoid clicking them altogether. To close pop-ups, press Control + F4 on a Windows computer and Command + W on a Mac.
Gift cards are a great way to give a gift. But did you know they are also a favorite way for scammers to steal money? According to the Federal Trade Commission, more scammers are demanding payment with a gift card than ever before – an incredible 270 percent increase since 2015. Here’s some information on what kind of scams are out there, how to protect yourself, and what to do if you’re caught in one:
Fake checks drive many types of scams, like those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales and others. In a fake check scam, a person asks you to deposit a check – usually for more than what you are owed – and wire some of the money back to that person. The scammers always have a good story to explain the overpayment – they’re stuck out of the country, they need you to cover taxes or fees, they need to buy supplies, or something else. By the time your bank discovers you’ve deposited a bad check, the scammer already has the money you sent, and you’re stuck paying the rest of the check back to the bank.
Over the last several years, the number of complaints has steadily increased, and so have the dollars lost. Remember - you can’t win a prize drawing you didn't enter, a buyer will never send you more money than the selling price you agreed upon, and if you've won a lottery, you will NEVER be asked to pay for anything up front... Ever.
Here's some information developed by the FTC and the American Bankers Association on fake check scams, and what to do if you get a check from someone you don’t know:
Social Security Administration Calls
The FTC is warning of a new phone scam in which the caller impersonates an official from the Social Security Administration and tries to trick you into giving up your personal information, much like the IRS scams of recent years. In fact, the AARP reports that it has had more complaints to its helpline in the past few months from consumers targeted by Social Security impostors than the old IRS scam.
The IRS scam – which has enabled scammers to steal more than $73 million from almost 15,000 victims - has seen some successful crackdowns recently, so it's not surprising that criminals are changing their tactics and their scripts.
Here's some information from the AARP about Social Security scams, including how to identify and avoid them:
Federal Trade Commission, Paying scammers with gift cards, https://www.consumer.ftc.gov/articles/paying-scammers-gift-cards
Federal Trade Commission, Fake Check Scams Infographic, https://www.consumer.ftc.gov/articles/fake-check-scams-infographic
American Association of Retired Persons, Social Security Scams, https://www.aarp.org/money/scams-fraud/info-2019/social-security.html?intcmp=AE-FWN-LIB3-POS5