Holiday Shopper's Beware: Not all on-line “bargains” are actual bargains

It’s that jubilant holiday shopping season again, and along with greetings of peace and joy, we wish you the very best of luck avoiding the countless scammers that await you on-line. Last year, they got away with over $12.5 billion from unsuspecting victims (1); and this year, it is expected to be much higher.

Let’s look at a few of the big retail platforms and the sneaky tactics you may encounter over the holiday shopping season: brand impersonation (fake websites), smishing (fake text messages), and malvertising (fake advertising).

1. Brand impersonation scams using fake websites

With the introduction of Artificial Intelligence (AI), scammers are finding it easier to simulate big name brands. Here are a few fakes recently reported.

A. Facebook has thousands of promotions advertising unbelievably low prices for high-demand items (like PS5s). Unfortunately, some of these advertisement links take you to a company in China where your personal information is stored by the communist government, privacy and trademark laws are non-existent, low-quality counterfeits are promoted as original product materials, and customer service is non-existent. A company called TEMU is a good example, and I highly suggest you avoid it.

My Advice: If you see an ad on Facebook that looks interesting, find the item on-line through an independent search and investigate the seller before providing any personal information.

B. Amazon lets people sell hard-to-find items in its marketplace. Some are companies selling new items, some are individuals selling used items, and then there are “re-sellers” who position themselves as an unnecessary middleman to sell other people’s inventory. With Amazon’s relatively wide-open policies, on-line scammers will slip through the cracks. Here's some tips on how to spot them.

My Advice:

a. If the price is too good to be true, it’s probably bogus.

b. Extra-long shipping times may indicate an international seller which increases the chance the item is counterfeit.

c. Seller reviews on Amazon are easy to fake, so check them carefully. Multiple identical or single-word user responses with 5 stars are a red flag.

C. Walmart websites seem to pop up quickly when searching on-line for most holiday gifts; so make sure the one you use is authentic. A scammer’s favorite fake website is “walmartgift.com”; notice the word ‘gift’ added to the word ‘Walmart.’ Although these prefix or postfix words appear legitimate, they are a popular method of tricking shoppers into thinking the site is real. While this example has been reported and taken down, be on alert for more to appear.

My Advice: Go directly to their website, www.WalMart.com, instead of doing a search.

2. Smishing (fake texts)

Everything from airline flight arrivals to pizza deliveries are communicated by text messaging these days, and after a successful day of Black Friday and Cyber Monday holiday shopping, one can understandably lose track of all the vendors they’ve contacted. Scammers will often take advantage of this confusion and send fake delivery texts, prompting you to click on a link that asks you to pay additional money or enter personal information they will resell to other criminals.

In the example below, the phone number is from a foreign country, the grammar is horrible, and the website URL has a fake extension: “usps.com-wsed.top”.

My Advice: “Report Junk” on your iPhone and block anything else sent from that number. If you aren’t sure if a text is legit, go to the provider’s website directly to check the tracking number provided by the seller on your purchase receipt.

3. Malvertising (fake advertising) increases in line with gift shopping

Malvertisers are scammers who use fake identities and hijacked accounts to look like a legitimate brand website (like Google, Amazon, E-Bay, Walmart, and Lowe’s to name a few.) One click on the counterfeit site can infect your computer with malware. The proliferation of this tactic increased 42% month-over-month last fall (2) and grows more frequent during the holiday shopping season. No brand is safe. Even the most popular websites have been spoofed, and with the popularity of AI, we will certainly see more.

My Advice: To avoid fake sites and malware ads, verify the website name before clicking. It’s not always easy to tell a real ad from a scam, so it’s best to avoid clicking on sponsored ads at all. Navigate directly to the site yourself.

Additional tips on how to purchase safely:

· Remember: If it’s too good to be true then it probably is. Discounted items are tempting but these offers often amount to nothing.

· Don’t get rushed into making decisions. Scammers will use a sense of urgency to pressure you into performing quick actions before you can properly think things through.

· Keep an eye on your financial statements: An uptick in online shopping deserves an uptick in vigilance, double checking your online bank accounts and credit card statements.

Melody Lee Koenig, CISM

FirsTrust, LLC

(1) Internet Crime Complaint Center (IC3.gov).

(2) Malwarebytes, Inc., Santa Clara, CA.