Are you worried that your email account or bank/credit card information was compromised? Are you getting emails and text messages from financial institutions, online payment platforms, and delivery services that have typos and odd attachment links? With holiday shopping and travel in the near horizon, it is important to know how to keep your information safe and avoid being victimized by online fraud. Dr. Jin R. Lee of the Department of Criminology, Law and Society at George Mason University provides five important tips to avoid online fraud this holiday season and beyond.
1. Know what you’re up against. The most common online threats experienced during the holiday season are phishing and identity theft crimes. These behaviors are often a result of interacting with socially engineered emails where offenders claim to be legitimate retailers (e.g., BestBuy, Apple, Target), online payment platforms (e.g., Venmo, PayPal), banks and financial providers (e.g., Bank of America, Chase, Wells Fargo), or delivery services (e.g., UPS, FedEx, USPS). Offenders tend to use the same logos and symbols used by these legitimate vendors to convince unsuspecting recipients. They will also stress things as being time-sensitive and urgent as a way to encourage individuals to click on a fraudulent link or input their private information. It is important to know that nothing urgent or time-sensitive will be communicated to you via email. Legitimate vendors and service providers will typically send you notice of sensitive matters through the postal mail.
2. Carefully read and examine emails before interacting with them. Most fraudulent emails and phishing scams will have odd looking subject lines/titles and email addresses. For instance, a fraudulent email from FedEx may contain a subject line/title comprised of a collection of nonsensical numbers (e.g., “No. 17283”) or include language that emphasizes a time-sensitive matter (e.g., “URGENT: PERSONAL INFORMATION WAS SENT TO YOU”). The email address may also be hosted on a public email domain such as G-mail. It is important to know that organizations will not send emails using public email domains—not even Google will send organizational emails using a “@gmail.com” account. Large organizations tend to have their corporate name within the email domain itself (e.g., @paypal.com), so even if their legitimate corporate name is listed in the front end of the email address, it is good practice to check if their domain name has it as well. If you’re unsure of certain organizational emails, a quick Google search of the company will retrieve their legitimate email address.
Another thing to look out for is the quality of writing. Spelling and grammar mistakes in the email are standard red flags that we can identify rather quickly as fraud. Fraudulent emails will also likely address you using generic terms and labels such as “Dear Customer,” “Greetings [INSERT EMAIL ADDRESS],” or a simple “Hello” without a particular name following the greeting.
Lastly, fraudulent emails often contain links or attachments for you to click on. Avoid interacting with these links and attachments as they either contain malware (i.e., malicious software such as viruses) or bring you to a bogus website asking you to insert your payment information or private data (e.g., social security number, date of birth, legal name, usernames and passwords).
3. Avoid making purchases from retailers/vendors you have never heard of before. In addition to carefully inspecting the emails you receive, you should also be mindful of fraudulent websites posing to be any of the aforementioned vendors and service providers. If you are unsure of whether a particular retailer or vendor is legitimate, do a quick Google search to see if they have a dedicated customer page and/or customer feedback section. You can also verify with the Better Business Bureau to assess the information about a business. Additionally, you can check the Federal Trade Commission’s website, or the Internet Crime Complaint Center (IC3) for more information about recent scams.
Many fraudulent vendors also advertise their goods and services for costs well below their usual asking price. These are good signs to look out for, as price tags that seem too good to be true may in fact be an indicator of fraudulent behavior (i.e., counterfeit versions of legitimate products).
Relatedly, be cautious of both buyers and sellers you meet on public online marketplaces, such as Craigslist or Facebook Marketplace. Offenders will often pretend to be legitimate buyers or sellers on these platforms and ask if you can send the product via postal mail as opposed to meeting in-person. Similarly, if the individual refers to an online payment platform (e.g., Venmo, Cash App, Google Pay) and insists they can’t meet in-person to complete the transaction using cash, you should: (1) stop interacting with the individual, (2) take a screenshot of the conversation/chatlog, (3) block them on the platform, and (4) delete the chat/conversation.
4. Avoid making purchases on unknown or unsecured Wi-Fi networks. You would be wise to avoid making purchases on unsecured Wi-Fi networks such as those offered at public coffee shops, bars, and shopping malls. Open and unsecured Wi-Fi networks may be observable to motivated cybercrime offenders who could steal your information as it moves through the Wi-Fi network.
5. Monitor your bank account and credit card statements for any suspicious transactions. A quick way to identify whether you’ve been victimized by online fraud is to track your bank and/or credit card statement for any suspicious transaction. Typically, offenders will take a small amount of money from your account to verify that it is active. This is usually done before major transactions or large sums of money are moved. Smaller amounts of money are taken out because these items and amounts are easier to gloss over and will likely be undetected by your bank or credit card provider. If you notice small amounts or suspicious transactions on your bank or credit card statement, notify your provider immediately and report the incident. They will reverse the transaction and issue you a new card.
Dr. Jin R. Lee is an Assistant Professor of Criminology, Law and Society at George Mason University with expertise in cybercrime, cybersecurity, cyberpsychology, and online interpersonal violence.
December 12, 2022