Online security experts said shoppers should be very careful when reading through e-mails and browsing the web.
They gave News On 6 tips on how you can protect yourself and your money while shopping this holiday season.
Just three and a half weeks away from Christmas, experts said they’re seeing a surge of online shopping as people finalize their holiday lists, but they recommend staying alert as scammers are in full force.
Teresa Moore is the senior director of Integrated Account Protection for Arvest and said crooks are crafty. She said Arvest sees an increase in fraudulent and unauthorized activity cases around the holidays.
She warns against using unsecured public Wi-Fi while online shopping and recommends updating your security software. Moore suggests using trusted sites and being cautious of pop-uplinks. She said if you want to order from somewhere new then you should research that business. Moore said never give more information than is necessary, and that shops shouldn’t need your SSN, User ID, or password.
She said you should also get in the habit of using the same ATM or gas pumps, so you'll become a familiar face to those working and they can notice if something is out of the norm.
"That old saying 'if it's too good to be true it's probably not' really holds true with this,” Moore said.
Arvest attempts to alert a customer of suspicious activity and verify the activity in question. Moore said if they’re unable to reach the person then they would take additional steps to mitigate future loss, like blocking the card and even disabling online banking.
"Monitor your accounts,” said Moore. “That's so important because you may detect something that we're not seeing on the bank side. You're the best protection. You yourself."
She said when shopping in store use your hand to cover your pin at checkout.
Nathan Means is the VP of Technology at American BitPower, which he said consumes the third largest amount of power in the county. He said the nation is already seeing a rise in scam emails. Means said you can look for typos in emails, but some emails might look almost identical to official emails from businesses. He said you should click on the sender's name and look at their entire email address with a keen eye.
“A lot of times it’ll be a bunch of jumbled up letters and you’ll know that it’s a fake email, but more and more now, it’s gonna be ‘firstname.lastname@example.org’ and people don’t see that net in the middle, and they think, ‘Oh, it’s from Amazon. This is legit. I’m gonna click this link,” Means said.
He said, oftentimes, emails use incorrect grammar and are trying to prey on the vulnerable.
“The email is just phase one of them trying to extract information from you,” Means said.
Means recommends using a Gmail account as your personal address.
“A lot of email hosting sites do not let you kick off active session users. Gmail does allow that,” Means said.
When online shopping, he said shoppers need to look at the URL, as well as check to see if a website's encrypted.
“So, if you look at the top left corner your browser is going to tell you the website is not trusted. So, it’s the difference between http and https. That’s the first indication. That doesn’t mean that if it’s https that it’s not a bad website,” Means said.
Means also discourages using the same password for multiple accounts and said easy-to-remember passwords include phrases and favorite song lyrics.
"Use, say, the first letter out of each of those words,” said Means. “So, you can be singing it in your head as you type out the first letter of each word."
Moore said you can even do a passphrase. Means said the problem with using the same password is that once the scammer has entry into one website, they have it into all other websites that share that password. He said they run a script to see which website you use and then reset your passwords, so you’re locked out. If you have trouble remembering passwords, Means said there are several good password lockers that store them, but he did say that creates a vulnerability if someone gets into that.
“So, you really have to set up two-factor authentication,” Means said.
Means told News On 6 you need to remember spoofers can pose as a company or bank number.
"A lot of people try to play along and try to waste the scammer’s time,” said Means. “They're actually recording you. So, they're picking up little sound bites of you saying yes, you saying no. You stating your name, birthdate.”
Means said they can call your bank and use the recording, pretending to be you. He believes it's best to tell them you’re going to call back, then hang up and call the number on the official website for verification.
Moore said a red flag includes a caller asking you to send money or sending you a check and telling you keep a portion before sending the rest back.
Arvest said their customers who experience debit card fraud will receive credit within four to five business days and within 10 business days for unauthorized use. She said it does take them additional time to work the dispute out on the backend.