'Tis the seaons for holiday deals ---and loads of scams'
Cyberthieves are out in force this year, but they won't be sounding alarms or dressing up in red santa suites. Instead, they will be trying to lure you to fake shopping online sites in order to steal your personal information, (PII).
According to DomainTools.com, a threat intelligence company, "2 in 5 consumers fall for phony Web sites that they think is connected to a national brand." These sites are set up to "phish" or steal your personal information.
But beware! There's always a new crop of scam sites that prey on consumers. Last year, according to the Anti-Phishing Working Group (APWG), "nearly 119,000 unique phishing sites were detected during November 2016, with over 300 individual brands targeted that month."
So how do you avoid these scams? Here are some tips, according to DomainTools:
Avoid Poorly constructed sites. They may have typos or just look sloppy. That's always a tip-off. Big companies spend a lot of money on designing attractive and easy-to-use sites.
If something doesn't look quite right, then avoid it. And certainly don't give them any information.
Be paranoid. Assume links are dangerous until decided otherwise. I always avoid email solicitations to "click on this link." Just don't go there.
Navigate directly to a company’s website instead of clicking on links in emails or social media.
-- Eye the URL. Closely examine URLs and email senders for typos. Examples could include: Extra added letters in the domain, such as Yahooo[.]com; "rn" disguised as an "m," such as modem[.]com versus modern[.]com; 1’s disguised as l’s, such as wa1mart[.]com; added affixes, such as starbucks[.]com-latte[.]us.
-- Know How Phishers Operate. They will do anything to get you to enter a banking account, Social Security or other identifying number.
Once they have this information, they will either sell it to other scammers or simply steal your "indentity" to open lines of credit and start charging in your name.
"Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies," advises the Federal Trade Commission.
The bottom line: Be skeptical. If someone wants your information badly, they will be aggressive and assertive. They may even call you on the phone -- often posing as IRS agents (the agency doesn't call, they send snailmail).
Want to report a suspected phisher? Here's what the FTC says you can do:
1) Forward phishing emails to email@example.com – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information.
To ensure the header is included, search the name of your email service with “full email header” into your favorite search engine.
2) File a report with the Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
3) You can also report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group uses these reports to fight phishing.
Source: John Wasik, Forbes, Domain Tools, Shutterstock
Allyson White, CEO Alde Security Solutions