This is the start of the season. No, I am not talking about the Christmas season or the shopping season. I am referring to the phishing season. These are the biggest shopping days of the year, and these criminals know that the sales ads and offers will soon start pouring in. Buried among those offers will be phishing messages offering fake deals from these cybercriminals. Use these tips to stay safe this year.
The first thing you can do is verify deals on the retailer’s website. If you receive a deal from a website, go to the site and verify the same deal there rather than trusting the email alone. Do not click the links contained in the email to access the site as these might take you to an attacker site first or direct you to an entirely different site. Please note that phishing sites may look exactly like legitimate sites such as Best Buy or WalMart. Type the address for the site you wish to validate in your browser instead.
Sometimes retailers send out deals only to those who subscribe to their mailing list. In such cases, you will not be able to verify against the retailer’s site. If you still believe think the message might not be a hoax, you can verify the addresses in the email links. Hover over links in the email to see the address. Make sure the address displayed matches the address in the link. Make sure that links attached to images are going to the retailer’s website address. For example, if the email has a picture of a Dell laptop and it says it is from Dell, make sure that the address is Dell.com.
Also, make sure that there are no additional names following the .com. Dell.com.dealsexpress.fr will not take you to Dell.com. The address is composed of a few elements. Items before the site name are subdomains, so support.dell.com is a subdomain of Dell.com. Items listed before the .com, .org, or another top-level domain name in the address direct you to a specific site while items following a / will take you to a particular location on that website. For example, Walmart.com/toys/lego.html would bring you to a page called lego.html in the toys folder on the Walmart.com website.
If you do click a link and your browser displays a warning, close the browser window or tab and do not proceed to that link. Browser warnings might include “There is a problem with this website’s security certificate” or “This connection is untrusted”. These messages indicate a problem with the web site’s certificate.
Certificates are used by websites to prove their identity, and they are purchased through a trusted certificate authority. Certificate authorities are companies that computers are configured to trust. When a company wants to validate the identity of their site and encrypt data over the Internet, they go through a validation process and then purchase certificates from a certificate authority. The certificates are installed on their website and then your browser verifies that the certificate was issued for the site you are visiting and that the certificate came from a certificate authority that you trust.
Take these warnings seriously and do not proceed to sites with invalid certificates. While there are some instances where a legitimate site could have a certificate problem, it is likely a fraudulent site set up to impersonate another site or set up to scam as many people as possible before getting shut down. So if you see a certificate error, it is generally not worth the risk to proceed.
General phishing signs
You should also watch out for other phishing messages in addition to the holiday specials. Some other signs for spotting these messages include bad spelling, the request for personal information or a detailed sad story that asks you to send money.
I hope you stay safe this holiday shopping season. Catch the Black Friday and Cyber Monday deals without getting pillaged by following the tips above. Above all, remember if a deal sounds too good to be true, it probably is a hoax or a scam.