'Tis the season to be fraud-y: It's a holiday for hackers too

Ruin a cybercriminal's Christmas by shopping smart, even at the 11th hour.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

The holiday rush attracts online-shopping newbies and prompts old pros to lower their guard. Cybercriminals know this only too well, and they're ready to slip a lump of coal into your credit card statement.

Davor Pavelic/Ikon Images/Corbis

Still got shopping to do? You're probably feeling just as rushed as Santa's elves. It's the last weekend before Christmas, after all.

To make sure your loved ones get their gifts in time, you might pay a fortune in shipping, cough up $99 for an Amazon Prime membership (with free two-day shipping) or take other frantic measures. While you hurry to order those last presents online, don't step right into a fraudster's trap.

There's lots of tricks and traps out there. Researchers at Zscaler discovered a malicious smartphone app that posed as Amazon but was actually trying to steal data. The app did its dirty work after users thought they'd already deleted it.

That's just one example. A whopping 40 percent of each year's online fraud happens during October, November and December, according to Rurik Bradbury, a marketing executive at e-commerce security company Trustev.

Why so much? The holiday shopping season creates the perfect combination of ingredients. Take a heaping helping of shoppers online, which means a lot more credit card and other personal information available for stealing. Add a generous number of those shoppers throwing caution to the wind by clicking links that promise fabulous deals. Now sprinkle a dash of passwords that people reuse for their Facebook, bank and work accounts.

All hackers have to do is cook up an app or set up fake deal websites and then attract you with an email promising a bargain. Click the link and -- bam! -- you've downloaded malicious software. Your computer or phone is now compromised by hackers. You don't even have to hand your credit card number over to the criminal. Though if you do, it's even worse.

Enlarge Image

Psych! This fake log-in page for eBay, found by security specialists at Webroot, could have tricked you into handing over your credentials and potentially your credit card number. The Web page pictured is no longer active.

Screenshot courtesy of Webroot

While hackers are getting better at tricking us, we're also using the Internet much more for shopping. Cyber Monday sales exceeded $3 billion in the United States this year, according to Adobe Digital Index. The National Retail Federation said this week that 90 percent of holiday shoppers still have gifts to buy. The group projects total e-commerce holiday sales could tally as high as $105 billion.

What's more, criminals might be more driven this year to take their fraud online. That's because, with the introduction of new chip technology in the US that's already popular overseas, it's getting harder to steal credit card information from in-store computers. Experts say that will squeeze more fraud into the e-commerce realm, rather than eliminating it altogether. Online fraud could increase as much as 106 percent, according to Trustev research.

But Santa, I'm trying to be good

The good news is you can protect yourself by keeping in mind the same tips that keep you safe year round. Visit established retailers' Web pages by typing the Web address into your browser or by using a trusted search engine. Don't go to the website from a link in an email or your second cousin Lisa's Facebook post.

You should also monitor your credit card statements after purchases. Oftentimes scammers who've reaped your information will test your card with small purchases to make sure it's valid. They usually do it pretty quickly.

Credit card issuers also suggest signing up for transaction alerts that will send you a text message for all transactions over a certain amount. Some credit card companies also let you tie the location of your smartphone to your credit card. If someone makes a purchase in Albuquerque, New Mexico, and you're with your phone in Bangor, Maine, the fraudster will have no joy.

Do all that, and you'll be prepared. Just remember, hackers have been preparing for the holidays for months. Just like you, they want goodies, Erlin said, and that's why they go to so much trouble.

If you're a fraudster without a scam, he said, "then you won't get the presents."

Editor's Note: An earlier version of this story was published on November 29.