Online shopping safety: Are those websites fake or for real?
Nov 22, 2023, 7:00 PM | Updated: May 29, 2024, 10:53 am
(Storyblocks)
SALT LAKE CITY — Before you start clicking on websites that offer “great holiday shopping deals,” take a breath and consider whether they’re fake. Do some research. Maybe move to a computer with a large screen.
In other words, pour cold water on one of the ways scammers hope to take advantage of you this shopping season. Just as they send fake texts and emails, they create fake websites.
“These malicious criminals, they’re looking to catch you,” said Matt Beaudry, a security advisor with the Cybersecurity and Infrastructure Security Agency.
Luckily, Beaudry told KSL NewsRadio, the type of language they use to catch us is recognizable. And there are a lot of other “tells,” too.
Yadda yadda, I’ve heard all this before
It’s true that warnings about fake websites, texts, and emails pop up every time people are expected to be shopping in droves. And there’s a reason for that.
“This type of message during the holiday season makes cybersecurity intuitive and natural. Just like when you get in your car you put on your seatbelt,” Beaudry said.
Or like when you look both ways before crossing a street. Both of these are examples of safety skills we’ve developed over the years, in many cases by sheer repetition. Being aware of how to stop scammers should be considered a new safety skill.
What to watch out for, and do, to protect your cash
Urgency
Think of those corny advertisements that loudly and repetitively tell you to “call now!” or that “time is running out!” That kind of language is used to appeal to your sense of urgency.
“They’ll use urgent language. They’ll use words that emotionally appeal to you taking action, like ‘donate’ or ‘great deal,'” he said.
Tune them out. No deal on crab legs can be that good.
Attention
Scammers assume you are multi-tasking while shopping. That’s why they think you won’t notice the name of the business is spelled wrong. But you know that Amazon isn’t spelled Amazun, and you’ll see that right away if you take the time to look.
They’re also hoping you won’t look too closely at that shortened link.
“Don’t trust shortened URLs, you know, those are convenient, but they can lead you down a bad rabbit hole,” Beaudry said. Instead, search for the company name and navigate your own way to the website.
Known security features
There are two things you should look for when determining if a website is legit: the letters ‘https’ at the beginning of the URL, and a lock.
“HTTPS means the site is secure and has security features,” Beaudry told KSL NewsRadio. “So look for that in the address. And also that lock icon.”
Secure your devices and apps
If you have enrolled in automatic software updates for your computer, you’re already going a long way toward securing your devices. “Software updates are where they patch vulnerabilities,” Beaudry said. What you might not know, however, is that updating your applications is important too.
For example, if you have downloaded the KSL NewsRadio app, delete it from your phone’s screen, and then download again from wherever you get your apps. By doing so, you’ll have the latest version of the app, along with all of the latest safety updates.
Passwords
“Longer is stronger,” said Beaudry. “Make a long password, make it unique … make it creative. Mine would be something like cat blue, bacon hockey, you know, no one’s going to know. And get creative with inserting symbols and other things into that passphrase.”
Multi-factor authentication
Multi-factor authentication is one of the newest security features in our consumer security tool kit. You may have already encountered it in email or money transfer applications.
“It so extremely difficult for an impersonator to pretend that they’re you because that authenticating factor comes back to you,” he said. An application using multi-factor authentication won’t operate until a code, texted to your phone or email, is provided to the app. If someone is pretending to be you (but they don’t also have your phone) the app simply won’t work.
Other reading: