A monthly Information Security publication for the WPI community.

This month's focus is ONLINE SHOPPING SCAMS, when people use the anonymous nature of the internet to deceive unsuspecting buyers.

Text: "If it sounds too good to be true it probably is. My Dad's favorite"

In this issue:

  • Common Online Shopping Scams
  • How to Stay Safe During Online Shopping
  • Learning with Laughter
  • InfoSec Drop In
  • Meet the Cyber Security Club
  • Online Shopping Scam Videos
  • Online Shopping Scams in the News
  • By the Numbers
  • Diversity in Cybersecurity
  • WPI Hub Resources
  • Coming Next Month...

Common Scams

Watch out! During the holiday shopping season scams increase in social media shopping, package delivery confirmation, asking new employees to buy holiday gifts, and charity scams.

Social Media Shopping Scams

Social media is flooded with advertisements, so it can be hard to differentiate the legitimate ones from the scammers.

One way to stay safe is not tapping on social media ads. Instead use a search engine to find the business's online store. Top search results are often sponsored or sites made to look similar, so check carefully for the actual business site. If the sale or product is a legitimate offer then it will be easy to find there.

Think Twice Before Buying from These Social Media Ads (Better Business Bureau)Online Shopping Guide (Better Business Bureau)

Package Delivery Confirmation Scam

At this time of year, many people are expecting packages to arrive, and numerous surprise packages are en route. Scammers claim to be from the US Postal Service or other major delivery companies. They trick victims into revealing personal information saying it must be confirmed in order to deliver the package.

Avoid being victimized with these tips from the US Postal Inspection Service:

  • Never give out personal information in a phone call you did not initiate
  • Contact the USPS directly about package delivery questions
  • Report package delivery scams to the Postal Inspection Service.
Submit a Report to the US Postal Inspection ServiceUS Postal Inspection Service - Fake USPS Phone CallsFDIC Consumer News - Avoid Scams While Shopping Online for Bargains

Asking New Employees to Buy Holiday Gifts

When you start a new job, be wary of emails from your new boss asking you to help with buying holiday presents for the staff.

Scammers find out who the new hires are from LinkedIn, other social media sites, and employers' public announcements. The scammers rely on the new employee's unfamiliarity with that workplace.

If you receive a brand new request through email, do not click any links and use a different method to get confirmation from your boss before taking any action.

Why Hackers Target New Employees - Forbes.com

Charity Scams

The holiday season is a popular time to give monetary donations to charities; unfortunately scammers exploit people's desire to help those in need. Online businesses may claim that a percentage of the product sales will be donated to charity.  Phishing emails may imitate a charity, but are trying to gather your information or funds. Here are some helpful hints for safe donations. 


  • Take your time selecting a charity.
  • Research the charity on a third party website like Charity Navigator.
  • Donate directly to the charity.
  • Pay by credit card or check.


  • Make a donation via an unsolicited phone call.
  • Use hard to trace payment options, such as wire transfers, gift cards, or cryptocurrency.
  • Assume a crowdfunding website is legitimate or gives 100% of donations to the cause. The safest way to give on social media or through crowdfunding is to donate to people you know.
Before Giving to Charity - FTC Consumer AdviceCharity Navigator

How to Stay Safe During Online Shopping

  • Use your personal email for personal shopping. Please do not use your WPI email.
  • Do not reuse your passwords for multiple accounts. More details are in Password Safety below.
  • When using a search engine, skip the sponsored links that appear first in the search results.
  • Avoid sites without a lock or https in the address bar
  • Before ordering from an unfamiliar company, do an online search of the business name and terms such as: complaints, reviews, or scam.
  • Make sure to review the online store's privacy and return policies before placing your order.
  • Watch the short videos in Online Shopping Scam Videos.
Password Safety - Hub ArticleHow to Tell if an Amazon Webpage is Authentic (amazon.com)How to Identify Fake Websites by digicert

Learning with Laughter

Cat staring at a laptop. Text: "I ordered a book online called, 'How to Scam People'. It's been three months and still no book."
Title: Online Shopping. Picture of Captain Jack Sparrow labeled What we order. Aside is an imposter labeled What we receive.

InfoSec Drop-in

Find Information Security and Cyber Security Club members in the Morgan Wedge on Friday, November 17 from 11am - 1pm

Come learn about the types of online shopping scams that target college students.

Safely Shopping Online Table Sitting

Meet the Cyber Security Club 

Cyber Security Club logo

The Cyber Security Club at WPI aims to educate those interested in cyber security and to facilitate an informative environment where students from all educational levels and backgrounds can master safe practices. The club hosts cyber labs and competitions locally and nationally where members can practice what they have learned. Members are not required to attend these competitions, but they are encouraged to continue learning.

Cyber Security ClubCyber Security Club Events

Online Shopping Scam Videos

Example of Fake Amazon Website - YouTube (2 min)Beware Online Shopping Scams - AARP (1 min)How to Stay Safe While Shopping Online - KGW News (2 mins) 

Online Shopping Scams in the News 

In this scam someone on social media claims to be unjustly fired from a high end store. As revenge they're sharing the employee discount code for an AMAZING price cut!

Social Media Discount Code Shopping Scam (whnt.com)

By the Numbers 

Online Shopping

- Nearly 32% of scams reported to the BBB were from online shopping. About 74% of respondents reported money loss.

- 38% of people aged 18-34 experienced fraud when purchasing through an online ad.

Graph on Purchasing via Online Ads from AARP Research 

- 63% of people think online retailers like Amazon or eBay will request your username and password to provide customer support.

NEVER share your password with customer support.
If staff ask for it, end the conversation immediately.


76% of US consumers have experienced some type of fraud. (aarp.org)

81% of people aged 18-34 have experienced fraud compared to 69% of people age 65+. (aarp.org)

BBB Scam Tracker Report 20222022 Holiday Shopping and Scams Article (AARP.org)Holiday Shopping and Scams PDF Report (AARP.org)Holiday Shopping and Scams Survey of U.S. consumers age 18-plus (AARP Infographic)

Diversity in Cybersecurity

Dr. Paul Judge, Cofounder of Pindrop Security

A professional portrait of Dr. Paul Judge wearing a light, collared shirt and dark blazer.
Dr. Paul Judge

WPI Hub Resources

Shopping Online - Buyer BewareBe Aware of Holiday Scams

Coming Next Month...

Direct Deposit Scams


Is there a cybersecurity topic that you would like to know more about? Please contact WPI Information Security using Get Support below.