Shopping online? FBI says beware of these holiday scams and phishing threats

The FBI expects a rise in complaints and losses to scams as shoppers hunt out bargains.
Written by Liam Tung, Contributing Writer

With the holiday shopping season in full swing, the FBI has warned consumers to be wary of online-shopping scams and phishing attackers using big brands to steal online credentials. 

The FBI is expecting a rise in complaints and losses during the 2021 holiday season "due to rumors of merchandise shortages and the ongoing pandemic", it says in a public service announcement

Global supply chain problems have affected everything from online fashion sales to smartphones, games consoles and the auto industry. Sony earlier this month cut its PlayStation 5 production outlook due to component shortages and the games console remains hard to buy in many parts of the world. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

During the 2020 holiday season, the FBI received 17,000 complaints over goods that weren't delivered, resulting in losses over $53 million. 

In particular, the FBI warns consumers to be cautious of deals that are too good to be true in email, on websites, in social media posts, and in ads on social media. It highlights the risk of online surveys that aim to steal personal information or debit and credit card details. 

For those purchasing a new pet this holiday season, the FBI recommends meeting the animal and owner in a video chat before buying to reduce the chances of being scammed by sellers of a non-existent pet. 

The FBI recommends consumers to only purchases from HTTPS websites and to beware of online retailers who use, for example, a free email account instead of an address with the company's domain. 

Also, consumers should pay for items using a credit card dedicated for online purchases, checking statement activity, and never saving payment information in online accounts. Never use public Wi-Fi to make a purchase, and look up reviews about the online seller and check with the Better Business Bureau to see if they're legitimate. 

Victims of fraud can report incidents to the FBI's www.ic3.gov website. 

Another risk for consumers this holiday season are various online techniques and tools that scammers use to harvest account credentials of brand-name companies. 

The FBI issued another PSA warning of "recent spear phishing email campaigns" targeting consumers. One of the key goals of scammers is to bypass two-factor authentication (2FA). 

At risk are consumers of big brands in technology, banking, shipping, and retail industries.

SEE: Dark web crooks are now teaching courses on how to build botnets

The spear-phishing campaigns aimed at bypassing 2FA target accounts where consumers have used their email address as their user ID. 

"Once detected, the consumer is redirected to an email scampage of the same email domain to steal their email account login and password information," the FBI warns.  

"When cyber criminals gain access to a consumer's online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware," the FBI notes. 

Credential scam pages are moving to an 'as-a-service' model, where criminals sell their scam pages to others, the FBI warns. 

Among important piece of advice from the FBI: "Do not store important documents or information in your email account (e.g., digital currency private keys, documents with your social security number, or photocopies of a driver's license)." Also, it urges users to enable 2FA. 

Editorial standards