You're probably already looking for the best Cyber Monday online shopping deals. Here's another recommendation, from the Federal Bureau of Investigation: Keep your eyes peeled for an uptick in cyber scams, too.
Ahead of this year's holiday shopping sprees, the FBI and Department of Homeland Security issued a warning to shoppers and businesses alike: Be vigilant against attacks that cyber criminals use to steal your money and personal information.
"Malicious cyber actors aren't making the same holiday plans as you," the FBI and DHS's Cybersecurity and Infrastructure Security Agency (CISA) said in a joint press release last week. "Recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends."
Cyber Monday is the country's biggest online shopping day. Last year, Americans spent a record $10.8 billion online during the holiday. That makes this year's edition a particularly attractive day for cyber criminals to target shoppers and businesses with a variety of tactics, ranging from phishing scams to fake e-commerce websites, according to the government agencies.
Here are three of those tactics, along with advice from CISA, the FBI and other top experts on how to identify and defeat them:
In phishing scams, cyber criminals pose as trustworthy organizations — like a charity or one of your favorite retail brands — and send you emails that encourage you to download attachments or click on hyperlinked text or photos in the email. In June, credit reporting agency TransUnion found that digital fraud attempts like phishing attacks were up 25% in the U.S. from 2020.
You might be able to detect illegitimate emails based on the sender's email address, which often look very similar to a trustworthy one, but with altered or missing characters. Another red flag: a generic greeting alongside spelling or grammatical errors in the body of the email.
The FBI and CISA said you should always be suspicious of unsolicited emails — and you can protect yourself by always double-checking the sender's address, never following hyperlinks in the email's body and never replying with any personal information.
Sometimes, cyber criminals create fake websites meant to look like real ones that would normally attract hordes of holiday shoppers.
CISA recommends always double-checking the website's URL. "Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain," the agency's website notes.
A fraudulent website could use a ".net" domain instead of ".com," for example. CISA also recommends making sure the website you're surfing features a URL starting with "https" — "an indication that sites are secure," the agency says — as opposed to "http."
On Tuesday, CNBC reported that fraudulent websites could be particularly popular during this year's holiday shopping season. Many popular gifts are expected to be sold out, and a false promise of availability could be enticing for many shoppers.
As of last month, the Federal Trade Commission said it had fielded nearly 58,000 Covid-related consumer fraud reports from online shopping scams dating back to January 2020, more than any other category of fraud.
The FTC also warns holiday shoppers to keep any eye out for social media scams, where scammers could advertise discounts or prizes on platforms like Instagram, Facebook or Twitter — only to lead you to a malicious website where they can harvest your personal data.
Make sure you buy from online vendors that encrypt your information. Otherwise, hackers can snoop on your purchase and potentially steal your information when you send it to the retailer by clicking "Buy."
Look for websites that have "https" in the URL, and a padlock icon next to the URL in your web browser. "If the padlock is closed, the information is encrypted," CISA notes. Without both, you shouldn't make that purchase from that website — even if the website itself isn't fraudulent.
If you believe you are the victim of an online scam or crime, the government agencies recommend you report the incident to your local police station, while also filing online reports with the FTC and the FBI's Internet Crime Complaint Center.