Whether you stay home and shop in your PJs or go out and battle crowds, now is the time for a refresher on how to shop safely
November 17, 2021
While it seems like we just finished handling out Halloween candy and, depending on when you read this, may not yet have had Thanksgiving dinner, now is a good time for a refresher course on how to stay safe when shopping – online or in person -- this holiday season.
Online shopping from home certainly can be more convenient than getting dressed, finding the car keys, and heading out to battle elbow to elbow with a bunch of strangers. But it also is a much easier way for scammers and identification thieves to victimize you. If they are successful, these online crooks can use your personal and/or financial information to buy things for themselves or sell your info to someone else. And not for any good purpose.
According to the National Retail Federation (NRF), more than half of consumers (57 percent) plan to buy holiday items online this year, which is about the same percentage seen before the 2020 pandemic. NRF states that the top in-person, brick-and-mortar businesses consumers plan to visit are department stores (47 percent), discount stores (44 percent), grocery stores (43 percent), clothing/accessories stores (30 percent), and 24 percent at local or small businesses.
Given that online shopping and in-person shopping are both still quite popular, let’s look at some important safety tips for both methods.
ONLINE SHOPPING TIPS
The Cybersecurity and Infrastructure Security Agency (www.cisa.gov) lists these three common ways online shoppers can be taken advantage of:
Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites or email messages that appear to be legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is transmitted.
Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
CISA also provides these important tips on how to protect yourself while shopping online:
Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks and Understanding Web Site Certificates for more information.) Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the "issued to" information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
Make sure your information is being encrypted – Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. (See Avoiding Social Engineering and Phishing Attacks.) Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, debit cards draw money directly from bank accounts, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases. Also, use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
Check your shopping app settings – Look for apps that tell you what they do with your data and how they keep it secure. Keep in mind that there is no legal limit on your liability with money stored in a shopping app (or on a gift card). Unless otherwise stated under the terms of service, you are responsible for all charges made through your shopping app.
Check your statements – Keep a record of your purchases and copies of confirmation pages and compare them to your bank statements. If there is a discrepancy, report it immediately. (See Preventing and Responding to Identity Theft.)
If you believe you are a victim of a scam, consider the following actions:
-- Report the incident to your local police or sheriff’s department, and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI's Internet Crime Complaint Center (IC3) page.
-- Watch for unexpected or unexplained charges to your account. If any appear, contact your financial institution immediately and close any accounts that may have been compromised. See CISA’s Preventing and Responding to Identity Theft Tip for more information.
-- Change any passwords you might have revealed immediately. Avoid reusing passwords. See CISA’s Choosing and Protecting Passwords Tip for more information.
IN-PERSON SHOPPING TIPS
If you are a shopper that prefers to be out there with other shoppers enjoying all that in-person shopping brings with it, here are some safety tips for you:
When heading to the store or mall
-- If shopping at night, park in an area that is well lit.
-- Avoid parking right next to large vehicles where an attacker can be hidden or next to cars with tinted windows.
-- When finding that elusive parking spot, try to park as close to the store as you can and take note of where you park so you can return to your vehicle more quickly and directly.
-- As always, be aware of your surrounding as you walk to your vehicle.
-- If you see anyone or anything suspicious, don’t go to your vehicle alone.
-- Don’t leave your purchases or other items of value easily seen on the seat of your vehicle; try to store it in the trunk if you leave the vehicle unattended.
-- You may be able to ask mall or store security for an escort to your vehicle if you feel you need one.
Once at the store or mall
-- Avoid wearing expensive jewelry.
-- Stay alert of your surroundings and the people around you. Thieves and attackers may try to distract you so they can take advantage of you or steal from you.
-- Avoid carrying a lot of cash.
-- When possible, pay with a credit or debit card.
-- If your card is lost or stolen, notify your bank or credit card company as soon as possible.
-- Don’t carry a lot of packages at one time, if possible, so you have the best visibility you can.
So, no matter how you prefer to shop, please do so safely and the Riverside County DA’s Office wishes all of you a very safe and happy holiday season.