Experts warn shoppers to protect themselves this holiday season


This year, as Black Friday online, Cyber Monday, and holiday online sales ramp up, consumers are warming up their fingers for some serious transacting. And wherever buyers travel in the e-verse, criminals are either close behind or already waiting.

In 2020, as consumers turned to the internet in record numbers to do their holiday shopping, criminals were also there in record numbers. And “cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree,” the FBI reported in its 2020 Internet Crime Report.

The 2020 Internet Crime Report found 791,790 complaints of suspected Internet crime, an increase of more than 300,000 complaints (about 69 percent) from 2019.

This year, the FBI is on pace to receive more than 1 million complaints, according to Unit Chief Donna Gregory of the FBI’s Cyber Division.

Although about 82 percent of the attempted crimes failed, losses from successful crimes exceeded $4.2 billion, and $1.8 billion (about 43 percent) was from unsuspecting older shoppers.

Whether from phishing (not to mention variants such as vishing, smishing, and pharming), spoofing, masking, sham sites or typo-squats, or extortion, the consumer world can be a digital minefield.

And that doesn’t factor in the countless phone trolls and robocall thieves out there, or porch pirates on the back end.

In conjunction with Ready OC and Safe OC, which are part of a national safety campaign that asks if you “see something, say something,” we talked to cyber crime experts about the current climate in cyber crimes and some solutions to protect holiday shoppers.

 What to do

The simplest advice is “be wary,” says Detective Sonny Lim with the Fraud and Economic Crimes Unit at the Santa Ana Police Department. “There are so many variations of these scams.”

Lance Larson, a Cyber Investigator and law enforcement officer assigned to the Orange County Intelligence Assessment Center and has 12 years of experience with cyber crimes and says, “I’ve seen almost every scam you can think of.” 

The best way to protect yourself, Larson says, is to practice what he calls “cyber hygiene.”

A simple mantra Larson offers is, “Think three times, click once.”

Gregory suggests, “Do a little research, it doesn’t take that long.”

And if you have been taken, Gregory says, “please report it to the Internet Crime Complaint Center.  You may help prevent others from being victimized.”

Before going into the holiday shopping frenzy, here are a few warnings and suggestions from cybercrime experts:

  • If you are being solicited by a company or business you didn’t expect to hear from, especially via email, be careful. Usually it is best just to delete those emails.
  • Phishing is the most common scheme, with crooks posing as legitimate companies sending out mass fake emails, sometimes hundreds of thousands at a time. Many now come via social media. Although many consumers are savvy enough to ignore such emails, during the holidays such entreaties may have enough of a whiff of truth to lure in victims.
  • In general, don’t open attachments or enter unknown sites. Hackers often place malware in email attachments. Retailers and shipping companies won’t send offers, promo codes, and tracking numbers in attachments. 
  • Check for a physical address, a customer service phone number, and a professional-looking site. Be sure tracking numbers are offered.
  • Only buy from secure sites with SSL encryption. These are URLs starting with https (rather than http) and contain a lock icon in the upper left corner of the toolbar. Even these can be spoofed, so remain vigilant.
  • If a site from a purported trusted retailer seems “off,” step back. Warning signs of sketchy sites include poor spelling, odd design, and slow loading. Scammers often hastily post bogus sites, and international scammers may have poor English-language skills.
  • If a seller requests funds be wired directly to them via a money transfer company, prepaid card, or bank-to-bank wire transfer, it’s a big red flag. Money sent these ways is virtually impossible to recover, with no recourse for the victim. 
  • A credit card is generally the safest way to pay for an online purchase because it usually has built-in protections. Alternatively, use a reputable third party vendor such as Paypal or Venmo. Do this independently rather than using a vendor’s link. Never give a seller direct access to your savings or banking accounts.

Flocking to the internet

In the last decade, there has been roughly a tenfold increase in Cyber Monday shopping, according to Business Insider, as buyers have opted for the ease of shopping at home over making the trek to brick-and-mortar stores.

The COVID-19 pandemic and personal health concerns have only accelerated the trend.

And while cyber-shopping certainly is easier, it carries its own risks.

In recent years, as major brick-and-mortar retailers have fought to defend their territory, many offer online deals similar to in-store offers. Cyber Monday and Black Friday have become almost synonymous.

Black Friday, notwithstanding the stock market crash of 1869, was originally coined by Philadelphia cops referring to the hordes of crowds and traffic downtown to shop or attend the annual Army-Navy game the day after Thanksgiving. Retailers adopted the phrase to refer to the day when they went from red to black on their profit ledgers.

The term Cyber Monday was started in 2005 by the National Retail Federation. Online retailers, seeking to grab a piece of the consumer pie that was gobbled up by brick-and-mortar retailers as the holiday season kicked off, helped spur the movement..

In 2020, Cyber Monday shopping crested at $10.84 billion, according to one metric. Other metrics put spending as just under $10 billion. Regardless, that is a staggering jump since 2010, when sales first crested the $1 billion plateau. 

Maintain proper hygiene

As Larson says,  “cyber hygiene” is critical for those who engage on the internet.

“We suggest people have good cyber hygiene, or best practices to protect your computers and devices,” he said.

First on Larson’s to-do list for computer owners is to invest in a respected antivirus and malware detection system. Many are commercially available and easy to download. Often these products can alert users if they are going into unknown or suspicious sites. They can also scan your computer to check for malware, an umbrella term for various malicious forms of software such as viruses, trojans, worms, and spyware, which can not only affect computer performance, but extract data, such as passwords, user IDs and more.

Whenever possible, use two-factor authentication (2FA) or multi-factor IDs. These add a layer of protection beyond your username and password. Most commonly this is done in the form of a one-time security code sent to your device that you have to enter to continue.

If a hacker or scammer doesn’t have physical possession of your device, they cannot gain access to the code.

“There are tons of data breaches in 2021,” Larson said, and since most are password related, extra layers of protection are recommended.

Larson said, as aggravating as it can be, computer users need to be vigilant about having different and strong passwords on every account they own, and especially on personal email. A number of companies provide “vaults,” where passwords can easily be stored and retrieved.

If hackers get into your email and password, they have the “keys to the kingdom,” according to Larson.

Often, hackers, hackers will try your passwords and close variations on shopping sites like Amazon. Hackers also will access “sent” emails, where they can often find personal information going back years.

According to Larson, if you fear you have entered a “bad” site, “stop clicking.”

“If nothing’s happening, run a malware scan,” he says. “If it’s still acting up, turn it off and call an IT pro.”

The supply chain

This year, a new wrinkle may be caused by the ongoing supply-chain issues that could make popular items hard to find and late in arriving.

As a result, experts say to be cautious toward online ads showing availability and low-price deals on hard-to-find items. Inevitably, 2021 holiday scammers will prey on the desire to snag a coveted gift.

“This season people are scared because of the crisis at the ports that they might get panicked,” Larson said, “and may give up good cyber hygiene.”

Gregory concurs, saying when people see good deals on hard-to-find items they’re “more apt to hurry and order and not check out the company.”

When it comes to this year’s holiday cyber crime, she predicts, “the threat of the supply chain will be a big piece.”

A rule of thumb: If you are shopping and find a deal that sounds too good to be true, it often is.

Gregory says it shouldn’t take long to do a search of a company you suspect by looking for reviews or checking with the Better Business Bureau.


According to the FBI’s Internet Crime Complaint Center (IC3), the two most prevalent scams are non-delivery and non-payment: either a customer pays for an item that is never delivered, or a seller is never paid for a product.

This year, Gregory says many companies are promising one thing and delivering a lot less. She says it is a good idea to take a screenshot of the offer and keep track of documents in case you need to dispute a charge.

At worst, victims can have savings wiped out, identities stolen and find themselves in a morass of fraudulent purchases, credit hits, debt collectors and other unseen headaches. 

Lim says, while many of the scams remain the same, the dramatic increase in shoppers boosts the number of potential victims.

Extortion or threats via e-mail have become more prevalent, though are not necessarily seasonal. Often these take advantage of people’s instincts to “do the right thing.” Anyone demanding payment immediately is likely a bad actor. You can always request that bills be sent via the post office. If a person uses threats or coercion to keep you on the phone, hang up.

“No one should force you to pay or stay on the phone,” Lim said. “Those are key indicators (of a scam.)”

There are no simple solutions to protecting oneself. Wariness and savvy go a long way. For most consumers, holiday buys go off without a hitch. For others, however, to use a line from a John Cheever story, “Christmas is a sad season.”