The time has come: Malls will open, prices will drop and web traffic will skyrocket. Millions of customers will flock to online stores, buying everything from smartwatches to televisions, and the parcels will flow.
Most customers will use familiar retail sites like Amazon, Target and eBay. But others will scavenge the internet for less-popular gifts and unbelievable bargains.
Buyer beware: The holiday season is also phishing season. As online transactions balloon over the next few weeks, cybercriminals will have a field day trying to nab credit card and personal data.
A recent study demonstrated that in 2014 and 2015, phishing scams at the end of the year rose by 9 percentage points. Normally, about a third of phishing attacks are "financial," but around the holidays those kinds of attacks rise to nearly half.
Share of financial phishing in overall number of phishing attacks 2013-2016.
In this case, financial phishing usually refers to credit card information, but cybercriminals may have their sites on other personal data as well, such as your PIN numbers, your social security number and your home address. Most banks will sort out fraudulent purchases in a few weeks, but identity theft can haunt you for a long time.
Here are three ways that hackers try to trick you into parting you with data, and what you can do about it.
1. Phishing scams
Phishing techniques usually come in the form of spam emails advertising special sales and phony gift cards. The most recent example was a massive email scam purporting to be from Amazon. But more sophisticated con artists will set up realistic-looking online shops. To put it mildly, if one of these merchants receives your payment information, you will get more than you bargained for.
2. Counterfeit items
Counterfeit and resold items from major retailers have become very popular in recent years. Online shoppers can’t hold an object and assess its quality, and conmen love to sell fake products for big markups. Counterfeiting and resold products have been a particular struggle for Amazon, and there is a growing number of eBay flippers who repackage sold-out products for outrageous prices.
Unless you’re the kind of person to get into a fist fight over a Cabbage Patch Doll, you should probably wait until just after Christmas to secure that perfect gift, since most companies restock hard-to-find items once the shopping craze is over.
You’ll also see prices dropping throughout January, especially online. Resold items are usually a rip-off, and it’s worth waiting a few weeks for these predatory vendors to fizzle out.
Counterfeit items are hard to spot, but your best guide is the rating system available on most sites. If a store has a 55-percent approval rating and has only made 30 transactions, that’s a very bad sign. Customers are usually quick to criticize a bogus company and report faulty products.
3. Data breaches
When scammers create fake websites, they’re often seeking more than your credit card information: They may want to steal your identity as well. If an unfamiliar website is asking for more information than you would normally enter, you should probably stop your purchase until you’re sure the website is safe.
One way to protect yourself from a breach is to shop from dependable merchants, but that doesn't necessarily mean you're 100 percent safe. As we've seen from the past, hackers focus on large companies such as Target, Wendy's, and Yahoo to steal logins, passwords and credit card information.
But even if a company name and logo are familiar, keep an eye out for fake emails, shopping apps and URLs that imitate real companies. Be suspicious of any mysterious gift cards and offers for free gifts from retailers you have never dealt with. Most importantly, never give out personal information on the internet unless you are 100 percent confident that the site is real.