The holiday shopping season is here and, as recent trends show, more Americans are likely to engage digitally when buying gifts for friends, family and co-workers.
Increasingly, shoppers are skimming through social media sites like Meta Platforms' (META) Facebook , Instagram, TikTok, and Twitter to rack up some holiday sales discounts.
While most social media shopping ads are legitimate and do offer good discounts, there are disturbingly increased incidents of bad actors out to scam shoppers who use social media to buy goods and services.
“This time of year has always been the busiest for online shopping, which has grown exponentially during the past decade,” said University of Phoenix cybersecurity expert Stephanie Benoit-Kurtz. “And that was before the coronavirus outbreak caused e-
commerce sales to rocket further. It all adds up to malicious online criminals having many more opportunities to steal valuable personal information.”
This scenario isn’t entirely new, especially with shoppers who browse social media for deals.
About 47% of Americans have already been victimized by social media shopping scams, according to a study by Atlas VPN.
In the study, 37% of surveyed social media users reported being victims of phishing link scams, while the same share of users has also fallen victim to gift card scams. Other non-shopping related grifts include job scams (30%), targeted advertising scams (27%), cloned and hacked account scams (23%), and investment scams (17%).
Yet given the robust holiday shopping season activity, it’s retail scams and thefts that should concern social media users.
“Social media sites offer an easy and low-cost way to set up fake online shops,” the Atlas VPN study reported. “With the help of social media ads, these scam schemes can reach millions of consumers worldwide.”
Avoiding Social Media Fraud During the Holidays (and After)
While social media fraudsters have multiple tools to use to separate holiday shoppers from their money, there are plenty of effective ways to keep fraudsters at bay while shopping online.
Try these tactics to keep social media shopping cyberthieves out of your Christmas stocking.
Do your homework. If you’re purchasing gifts via social media from a linked online store that is new to you, be sure to do your due diligence before clicking “buy now.”
“Check for complaints made to the Better Business Bureau,” said Benoit-Kurtz. “Look at online reviews, checking specifically to see if there are challenges concerning refunds or processing cards. Visa and Mastercard have publicly available registries listing service providers that comply with rules and industry security standards.”
Install a firewall software application on your computer (or, if you already have the software, make sure it is turned on.) “While firewalls are generally used to prevent malicious cyberattacks coming from the outside, you should look for software that can protect your data in both directions — both incoming and outgoing data — to make sure the private information you provide when you make a purchase is secure,” Benoit-Kurtz noted.
Look for ‘red flags'. Holiday shoppers should be vigilant about vetting all retailers under consideration for the holiday season.
“Sketchy sites taking preorders for hot, in-demand items then disappearing,” said Cybrary senior director of threat intelligence David Maynor. “Gift card scams are still popular but they are evolving into things like cheap gambling sites that require Americans to pay upfront in gift cards. Phishing also remains strong with messages of “correct your address” or “final attempt to deliver a package” which drives FOMO (fear of missing out) into overdrive.
Buy from well-known retailers. If a deal is too good to be true then it probably is, Maynor noted.
“Buy from trusted vendors and be wary of cheap deals on community sites like Nextdoor or Craigslist,” he said. “Also, check your account daily for signs of fraud.”
Make fighting social media shopping fraud a numbers game. It’s unfortunate, but the more hooks that bad actors put into the water, the more fish they catch.
“Don't be a victim,” said Modulus chief executive officer Richard Gardner. “Check the website URL you're visiting to make sure it isn't a spoofed site --- this is where a letter might be added or subtracted from a legitimate, well-known website URL.”
Also, if a mobile app is available, shop via the app and never utilize public wifi. “If you do use a URL, be sure that it has HTTPS at the beginning, alongside a lock, which indicates that the website is encrypted,” Gardner advised.