Steven J.J. Weisman, JD
Steven J.J. Weisman, JD, attorney in private practice and senior lecturer at Bentley University in Waltham, Massachusetts. He is author of Identity Theft Alert and founder of the scam-information website Scamicide.com.
Online shopping combines two things that scammers love to exploit—access to victims’ credit card numbers and the anonymity of the Internet. Here are five online shopping scams to watch out for—plus two package-delivery scams…
Scammers have been creating fake shopping websites—versions of legitimate shopping websites—for years, but there’s something different about their latest efforts—the quality. These days many fake shopping websites are astonishingly accurate reproductions of real retail sites, with none of the clunky graphics and grammar errors that helped online shoppers identify fake sites in the past. Scammers haven’t become more skilled…they just have a powerful new tool—artificial intelligence—that can replicate real shopping sites faster and better than scammers ever could on their own.
Self-defense…
Before clicking on or buying from an online shopping site, take a close look at its web address. Scam sites often have addresses that are subtly different from the real thing, perhaps with a few letters reversed or zeros in place of the letter “o” or extra words added.
Check the letters that appear before the web address as well. These should be “https” not just “http”—that “s” stands for “secure,” and if it’s missing, then either the shopping site is a scam or it’s legit but has inadequate digital security. Either way, don’t trust it.
Copy and paste the web address into Google Transparency Report Safe Browsing (TransparencyReport.google.com/safe-browsing/search), which provides warnings about unsafe sites…and/or Who.is, which lists when the domain name was registered—scam sites often are suspiciously new.
Some scammers are using a new trick to rob victims twice. When the victim enters a credit card number into the scammer’s shopping site, he/she receives a message that the site couldn’t process the transaction and that the victim should try a different card. If the victim complies, the scammer gains access to not one but two of the victim’s credit cards.
Self-defense: Instead of getting double-dipped…
If your credit card is rejected when shopping online, don’t immediately enter a second card number. Instead make a second effort to confirm that the site is legitimate, as described above.
If you discover reasons to be suspicious, quickly call the issuer of the credit card that you already entered into the site to report that the account is at potential risk for fraudulent transactions. If you realize that your card or cards have been compromised, don’t wait to see if they are misused. Have the cards canceled and new cards issued.
The fake-invoice scam isn’t new—for years scammers have sent out e-mails and texts with invoices that appear to be from online merchants confirming recent purchases. These e-mails and texts contain links that recipients can click or phone numbers they can call to report problems. But when a victim calls or clicks to report that he/she didn’t make the purchase, he ends up loading a virus onto his computer or reaches a scammer posing as a “phone rep” who likely will try to obtain the victim’s credit card info. The latest generation of these fake invoices often list purchases that are remarkably similar to items that the victim actually has purchased—the scammers use AI to gather information about victims and create fake invoices for appropriate products. Example: If there’s information online that links someone to a specific hobby, the scammer might send an invoice for products related to that hobby. This specificity helps convince victims that the invoice is real.
Self-defense…
Never click links or call phone numbers found on inaccurate texted or e-mailed invoices, regardless of these invoices’ plausibility. Instead use a search engine to locate the retailer’s legitimate website and contact the customer service number you find there. A legitimate customer service employee should not ask you for your credit card number if you’re complaining about a purchase you didn’t make.
Post as little as possible about yourself online, including on social media—the more AI can learn about you, the more precisely scammers can target you.
The victim is contacted via e-mail, text or phone by someone claiming to be a customer service agent for a large online retailer, such as Amazon. The apologetic agent is sorry to report that there’s a problem with the victim’s recent order—perhaps there’s a shipping delay or the item is out of stock. The customer service agent not only intends to process a refund, she is going to add a bonus to that refund to compensate for the inconvenience. All she needs is the victim’s credit card number to process the bonus. Many consumers buy from major online sellers like Amazon so there’s a reasonable chance that they have a shipment on its way when the scammer makes contact, lending credibility to the scam…and the scammer’s seemingly heartfelt apology makes her seem trustworthy.
Self-defense…
Be extremely wary if you’re asked for a credit card number to process a refund and/or if you’re promised a refund that’s larger than the amount you paid. A legitimate retailer should already have your payment information…and refund “bonuses” are much more likely to be scams than real offers. The best a real company is likely to provide is a gift certificate or discount for use on a future purchase.
A victim receives a text that appears to come from an online merchant. This text reports that someone is logging into the victim’s account, and the victim must act immediately to prevent the transaction if it’s not legitimate. The text instructs the victim to click a link or call a provided phone number to report fraud. But the message is actually from a scammer. When people are warned about this scam, they often think, “I’d never fall for that,” but anyone can become victims. The “you must act immediately” element activates the part of the brain that prioritizes reacting with speed, not with logic.
Self-defense…
Prioritize caution over speed. If you receive a message from an online retailer—or any other business—warning that you must act immediately to prevent fraud…don’t. The message is probably from a scammer.
Locate the retailer’s actual website online and contact its real customer service department rather than follow the directions you have been given.
Reassure yourself that there are consumer protections that almost certainly will protect you from significant financial losses even if the message is real, which it probably isn’t.
Watch out for these two scams involving the shipping of online purchases…
In some areas, porch pirates routinely steal recently delivered packages off front stoops—but there’s now a more advanced version of porch piracy to worry about. Thieves have found a way to snatch iPhones off porches just moments after FedEx drops them off. Precisely how they’re doing this isn’t yet clear, but it seems likely that the pirates have inside info about the deliveries.
Self-defense…
Have iPhones and other valuable online purchases delivered to secure locations—perhaps to your workplace rather than your home.
Pick up the delivery yourself. If a delivery is being made by the US Postal Service, you might be able to have it held for pickup at your local Post Office…or if it’s being made by UPS, it might be possible to have it shipped to a nearby UPS Store, though the UPS Store might charge a fee for this service.
Require a signature for the delivery. It is sometimes possible to require the delivery driver to obtain your signature rather than simply leave the package outside your home.
Track the package. Most delivery services offer digital package tracking via an app or website, so you can find out almost immediately when a package is dropped off—if you’re not home, you could quickly contact a neighbor and ask him/her to secure the package for you.
Choose a secure location for the delivery. With Amazon packages, for example, it might be possible to choose “In-Garage Delivery” if you have a smart garage door.
A victim finds a missed-delivery notice from UPS, USPS, FedEx or another delivery company on her door…or receives a text or e-mail regarding a missed delivery. This message provides instructions about how to arrange a second delivery attempt. Reality: There is no package, and following the provided instructions likely will lead to identity theft, malware on the victim’s computer or phone, or other unwelcome outcomes.
In a variation of this scam, the victim is informed that the sender didn’t pay quite enough for shipping so the victim must provide a credit card number to cover the remaining amount. The amount cited will be so small that some people go ahead and pay it…but by providing credit card info to the scammer, the victim opens the door to much larger charges.
Self-defense…
Don’t trust instructions in missed-delivery notices, texts or e-mails. Use a search engine to locate the delivery company’s actual website, then contact its customer service department and/or use its online package tracking tools to determine if the package is real.
