Watch out for these 4 common online shopping scams

·5 min read

Yahoo Life is committed to finding you the best products at the best prices. Some of the products written about here are offered in affiliation with Yahoo. We may receive a share from purchases made via links on this page. Pricing and availability are subject to change.

Even you're not safe from common online shopping scams. (Photo: Getty)
Even you're not safe from common online shopping scams. (Photo: Getty)

Unfortunately, where e-commerce goes, e-criminals come rushing in. How can you keep the cyber baddies from rubbing their hands together as you enter your credit card info online? One useful tool is having a program like Malwarebytes on your side. Additionally, you need. to know what warning signs to be on the lookout for. Let's start by exposing how the criminals operate:

Bogus order confirmations that could lead to identity theft

“We’ve received your order” is typically a welcome message to find in one’s inbox. Sometimes, though, the sender is not someone you’ve actually done business with, but a scammer looking to give you the business.

Clicking the fake link will lead to a request for personal/financial information that can help hackers steal your identity or make purchases in your name. “We’re seeing more of these type of bogus messages given the time of year and the climate we’re living in right now,” Tom Spring, editor-in-chief of the tech blog Threatpost tells Yahoo Life.

“These order confirmations can come from any number of different mainstream companies and then criminals will take advantage of the most well-known brands.”

If it seems suspicious, go to the retailer’s official site, log into your account and verify that there hasn’t been any unexpected activity. If keeping track of these faux emails seems like a neverending task, consider a tech stack like Malwarebytes. The program works to send warning signs to you before you click through to malicious phishing sites and email links directly.

Try Malwarebytes for 30 days, free!*

Hackers know that consumers are expecting shipping delays (photo: Getty)
Hackers know that consumers are expecting shipping delays (photo: Getty)

Sham shipping notices: “Your package is running late”

The FTC reports a new trend in online scams...receiving what seems to be a notice from a store notifying you that your package is running late, and you are entitled to a refund. The email includes a link to track the package...but it’s a scam. One fateful click and you’ve wound up with a virus or worse on your hard drive.

Scammers will try this trick in 2021 because it's been all over the news that the pandemic-stressed job market has slowed the global supply chain to a crawl — people expect shipping delays. “This is a perfect time to do it, because most people are either anticipating the packages they sent or anything that might be sent to them—a surprise gift from Aunt Betty—might be delayed,” says Spring.

Don't click on that coupon link. It could be a scam. (Photo: Getty)
Don't click on that coupon link. It could be a scam. (Photo: Getty)

Lookalike websites and fake coupon links

Another classic way to go on a phishing expedition: scammers send an email or text offering a coupon link that brings you to a mock retail website whose URL is almost exactly the same as the one you have used.

But if you click on that link, it’s too late, and your username/password and/or credit card info could be compromised. One useful precaution, says Spring, is to take a close look at any links you receive and make sure they include “https” in their URL. Those five letters he says, represent, “an encryption technology that ensures that the information that you send from your device to the webserver cannot be intercepted by a bad guy.”

Donate to people or organizations you know personally (photo: Getty)
Donate to people or organizations you know personally (photo: Getty)

Heartbreaking stories on social media: don’t donate unless you've met the person in real life (face-to-face)

The holidays can put people in a generous mood—which can result in hackers creating nonexisting fundraising organizations or posting sad stories about made-up people going through imaginary hardships.

“The emotions that the bad guys take advantage of are: fear, hate and sympathy,” says Spring. “Unfortunately, as compassionate, good human beings, we respond to sympathetic pleas.” Spring’s advice: don’t donate to online charitable fundraising pages from strangers and double-check that any fundraising links lead to bonafide charities.

But Spring would like to suggest that we check our emotional responses, too. “Just like you wouldn’t want to send an angry email out or do something impulsive in a bad way, you don’t want to do something impulsive in a good way without some sober reflection on who you’re doing business with.”

A notice that "an unauthorized purchase has been detected on your account" 

The FTC reports a new trend in online scams...receiving what seems to be a notice from a store notifying you that they've detected a bogus purchase on your account. In the body of the email, scammers offer to “refund” you for an unauthorized purchase but through "an unintentional error" transfer more than promised into your account. They then ask you to send them the overage. But here's the problem: the scammer hacks into your bank account and moves your money from one of your bank accounts to the other (like from savings to checking, or vice versa) in order to make it look like you were refunded. Any money you send back to the scammers pretending to be the retailer is your cash and not an overpayment.

Scammers can also use a version of this scam to get you to purchase a gift card and read the card number (including the PIN) to them over the phone. The hackers claim this is the only way the retailer can verify that you are the correct account holder. Unfortunately, if you follow your instructions, you'll be out of cash (and quite possibly, locked out of your account). Safeguard you (and your bank accounts) with a program like Malwarebytes, which offers multi-layered, advanced security real-time protection against a variety of significant existing and emerging threats like these newest scams uncovered by the FTC.

Try Malwarebytes for 30 days, free!*

An offer to accept alternative forms of payment

Similar to the scams above, the FTC also warns that you should not do business with anyone who wants you to pay outside the marketplace’s payment system or to pay in gift cards. If you attempt to make a purchase off a well-known marketplace, you won't be protected under the site's warranties or refund policies. Using a program like Malwarebytes will alert you to websites that aren't what they appear to be. The tech stack leverages AI to help protect you from sophisticated cyberthreats that other programs may miss.

Try Malwarebytes for 30 days, free!*

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting