Move over ‘Black Friday.’

Hello month-long spending sprees promoted by deals and steals (emphasis on the ‘steals’ part for obvious reasons).

What was once a single day dedicated to in-person shopping where we grab big savings has turned into a wave of online purchasing.

With all of the great offers out there digitally, there’s cause for pause in the phishing awareness game.

Hackers and scammers are looking to capitalize on the greatest human weakness: getting a deep discount and free delivery.

As you open the stream of emails in the coming weeks stating “SAVE BIG” and “BLACK FRIDAY EXTENDED!,” remember there’s a chance a look-alike hacking attempt is lying in wait between legitimate sends.

So how can you avoid falling victim to those who are definitely going to be on the naughty list?

The best rule to live by to keep you merry and cheery, holiday season or not, when shopping online:

  • You know the saying, “If it’s too good to be true, it probably is.”? Well, assume it ALWAYS is. That free present won’t be so free when your device is hacked, credentials are compromised, and hard-earned paychecks are stolen.

There are two main types of shopping scams: non-delivery and non-payment. Let’s examine how each works so you can be ready to spot a potential problem before you get phished.

Basically, a non-delivery scam is when you, the buyer, pays for goods or services, but never receives what you paid for.

A non-payment scam occurs when the vendor ships the goods, but funds are never processed.

The FBI Internet Crime Complaint Center’s (IC3) 2021 report noted these two types of scams cashed in more than $337 million!

Talk about getting a lump of coal in your stocking. That’s why the FBI puts out holiday shopping guidance as a reminder to be aware and be prepared.

With all of the focus on those two main threat types, don’t forget credit card fraud is still prevalent and accounted for another $173 million in losses last year alone.

Third-party auction sites can be easy targets for unsuspecting holiday shoppers looking for deals too.

You’ve likely seen an item in a photo with the listing and description matching what you’re looking for only to be noted later in the details buried deep within the listing it’s really just an empty box.

Misrepresented products on sites like eBay, Mercari, and the like can lure you in and leave you more than just empty-handed holding an empty wallet.

The ever-popular gift card scam continues to wreak havoc during the holidays too. Be leery of a seller asking you to pay for the product, goods, or services with a pre-paid gift card.

If you do “fall for it” and get scammed, there are avenues you can seek out help and potentially keep others from making the same mistake.

Here are the steps you need to take to mitigate potential losses:

  • Call your credit card company / bank and lock your accounts immediately so you can dispute any fraudulent charges.
  • Contact local law enforcement and make them aware of the matter so they can warn others.
  • Report the scam to the FBI’s Internet Crime Complaint Center (IC3) at

The Naughty List: Telltale Scam Tricks

You know the main attack threats now, but what are some of the tactics being used to execute these devious plans? How can you avoid becoming a victim this holiday season and beyond?

Good hygiene is just as important online as it is in your daily life!

  • If you don’t know where a link may be leading you, DON’T CLICK! Always roll over or check the link destination before you commit to clicking. If there’s an attachment in an email with an offer, chances are, it’s fake. We see it all the time and create the templates ourselves to recreate these exact types of tactics so our customers are ready to spot them with ease. Phishing scams work when you let you guard down. If you submit personal information (name, login credentials, passwords, banking / payment information) thinking you’re purchasing through a legitimate source only to be duped, you’re losing a lot more than your time. Stay alert!
  • Updating your credentials is a classic phishing attempt tactic. If you’re not forced to when logging in through a credible link, don’t do it.
  • If the link or extension isn’t secure, don’t give out your information. It could be a trap. Secure sites can be identified by having “https://” at the beginning of the website address. If that secure link isn’t present, you don’t need to present your payment information.
  • Small businesses and startups you may be purchasing from for the first time should be checked with legitimate review resources and the Better Business Bureau. Do as much homework as possible to avoid being phished!
  • When you’re on auction sites, reviews can be your best friend. If others have had bad experiences receiving the product they’ve purchased, stay away and report suspicious activity.
  • If it’s phishy, it’s probably phishing. If you’re being asked to provide banking or shipping information to a certain freight forwarder or a quote to include shipping via a particular freight forwarder, it should be a red flag.

Payment methods should be a main focus. If it’s not traditional, chances are, it’s not right.

  • Direct wire transfers are a big no-no. Just don’t do it!
  • We mentioned the pre-paid gift card gimmick earlier. It’s worth noting again here. Do not provide a gift card number and PIN to a seller. They’ll drain the funds without ever providing you a product or service in return. And there’s no way to recover those lost funds. There’s a reason it’s popular and often leaves no trace to catch the scammer.
  • Credit card payments are the safest way to purchase through secure online retailers. It provides you the opportunity to check your statement afterward and report any suspicious activity and dispute fraudulent charges if you are phished or credentials are stolen.

If you buy it, expect it to ship and stay on top of the tracking process for your items.

  • If you have a legitimate tracking number and know the method the items will ship, you can keep tabs and more likely to know it’s a legitimate business when these things are provided.
  • Plenty of people purchase gifts around the holidays and ship directly to their family and friends. That said, if you’re the seller, it’s a good practice to confirm with the cardholder before processing any payments and shipping to a different address that’s not the same as the billing location.