As we are getting through the holiday season and the public wraps up any post-holiday purchases, crime experts warn to be vigilant and wary of those who would take advantage as the clock winds down.
While retailers and cybersecurity are always working on ways to protect consumers and shut out thieves and scammers, the game of cat and mouse never ends.
In conjunction with SafeOC, a localized version of the national “See something, Say Something,” safety campaign, Behind the Badge spoke to cybercrime experts about ways to protect online shoppers.
While individual safety and the security of purchases are of immediate concern, they are just a part of the threats posed by internet interactions.
“Criminals and adversaries target U.S. networks, attack our critical infrastructure, hold our money and data for ransom, facilitate large-scale fraud schemes, and threaten our national security,” according to the FBI’s annual Internet Crime Report.
“Cyber-enabled crime has been around for many years, but methods used by perpetrators continue to increase in scope and sophistication emanating from around the world,” stated FBI Springfield Field Office Special Agent in Charge David Nanz in a press release. “When individuals and entities report incidents to the IC3, they provide valuable information that helps fill gaps crucial to advancing our investigations.”
The Internet Crime Complaint Center (IC3), a kind of FBI clearinghouse where the public can report internet complaints and crimes issues, received 800,944 complaints in 2022. That was a 5 percent decrease from 2021; however, the potential total loss grew from $6.9 billion to more than $10.2 billion.
This mirrors last year’s trend. Chris Elverson, a Unit Chief with the FBI Cyber Division, told Behind the Badge, “the only difference is the dollar loss values are higher.”
Since IC3’s inception in 2000, the center has recorded more than 7.3 million complaints, and more than 3.26 million, or about 45 percent, in the past five years. In the past five years, losses are about $32.6 million.
The holiday season remains an acute time for seasonal crime. During the 2022 holiday shopping season, the IC3 received reports from almost 12,000 victims reporting non-payment/non-delivery scams resulting in losses over $73 million.
An estimated 75 percent of U.S. adults shop online during the holidays, and about 14 percent shop only online, according to e-commerce website Tinuiti. As a result there is a massive pool of potential victims.
Hooks in the water
Although it declined slightly in 2022, “phishing” — the fraudulent practice of sending emails or other messages allegedly from reputable companies, seeking personal information, such as passwords and credit card numbers — remains the overwhelming method used by online crooks to target victims.
The more than 300,000 reports to the FBI of losses to phishing were about 40 percent more than the next five most common complaints and crimes combined. Given that an overwhelming number of phishing attempts are discarded without being opened or reported, the actual number of phishing attempts is exponentially larger.
According to a report by internet security and IT support company AAG, updated in December, 2023 saw ”an estimated 3.4 billion spam emails sent every day.”
What to do
The simplest advice, as hard as it may be to follow, is to maintain healthy doses of skepticism and common sense.
According to a 2022 study by Norton, a cybersafety company, one in three American adults admit to taking more risks shopping online during the holiday.
And if you have been taken, officials say it’s important to be proactive. The faster a person reports a suspected crime, the better the chance of blocking the theft. Victims should contact the FBI’s IC3 as well as local law enforcement. Many cities have cyber crime details. Because of the sheer volume of cases the FBI investigates, local agencies may offer more personal interaction.
What to look for
Before diving into online shopping, cyber crime experts suggest:
- If you are being solicited by a company or business you didn’t expect to hear from, especially via email, be careful. Usually it is best just to delete those emails.
- In general, don’t open attachments or enter unknown sites. Hackers often place malware in email attachments. Legitimate retailers and shipping companies won’t send offers, promo codes, and tracking numbers in attachments.
- Check for a physical address, a customer service phone number, and a professional-looking site. Be sure tracking numbers are offered.
- Only buy from secure sites with SSL encryption. These are URLs starting with https (rather than http) and contain a lock icon in the upper left corner of the toolbar. Even these can be spoofed, so remain careful.
- If a site from a purported trusted retailer seems off, step back. Warning signs of sketchy sites include poor spelling, odd design, and slow loading. Scammers often hastily post bogus sites, and international scammers may have poor English-language skills.
- If a seller requests funds be wired directly to them via a money transfer company, prepaid card, or bank-to-bank wire transfer, it’s a big red flag. Money sent these ways is virtually impossible to recover.
- A credit card is still the safest way to pay for an online purchase because most have built-in protections. Alternatively, use a reputable third party vendor such as PayPal or Venmo. Do this independently rather than using a vendor’s link. Never give a seller direct access to your savings or banking accounts.
Maintain proper hygiene
“Cyber hygiene” is critical for those who engage on the internet.
- Invest in a respected antivirus and malware detection system. Many are commercially available and easy to download. They can alert you if you are going into an unknown or suspicious site. They can also scan your computer to check for malware, an umbrella term for various malicious forms of software such as viruses, trojans, worms, and spyware, which can not only affect computer performance, but extract data such as passwords, user IDs, and more.
- Use two-factor authentication (2FA) or multi-factor IDs. These add a layer of protection beyond your username and password. Usually they involve a one-time security code sent to your device that you must enter to continue. Unless a hacker or scammer has physical possession of your device, they cannot gain access to the code.
- Have different and strong passwords on every account you own, and especially on personal email. A number of companies provide “vaults,” where passwords can easily be stored and retrieved.
- When your device alerts you to an update, by all means, install the update.
There are no simple solutions to protecting oneself, but wariness and savvy go a long way.
Sign up for the SafeOC newsletter to receive local updates, public safety alerts, and tips.