A monthly Information Security publication for the WPI community.
This month's focus is ONLINE SHOPPING SCAMS, when people use the anonymous nature of the internet to deceive unsuspecting buyers.
In this issue:
- Common Online Shopping Scams
- How to Stay Safe During Online Shopping
- Learning with Laughter
- InfoSec Drop In
- Meet the Cyber Security Club
- Online Shopping Scam Videos
- Online Shopping Scams in the News
- By the Numbers
- Diversity in Cybersecurity
- WPI Hub Resources
- Coming Next Month...
Watch out! During the holiday shopping season scams increase in social media shopping, package delivery confirmation, asking new employees to buy holiday gifts, and charity scams.
Social Media Shopping Scams
Social media is flooded with advertisements, so it can be hard to differentiate the legitimate ones from the scammers.
One way to stay safe is not tapping on social media ads. Instead use a search engine to find the business's online store. Top search results are often sponsored or sites made to look similar, so check carefully for the actual business site. If the sale or product is a legitimate offer then it will be easy to find there.Think Twice Before Buying from These Social Media Ads (Better Business Bureau)Online Shopping Guide (Better Business Bureau)
Package Delivery Confirmation Scam
At this time of year, many people are expecting packages to arrive, and numerous surprise packages are en route. Scammers claim to be from the US Postal Service or other major delivery companies. They trick victims into revealing personal information saying it must be confirmed in order to deliver the package.
Avoid being victimized with these tips from the US Postal Inspection Service:
- Never give out personal information in a phone call you did not initiate
- Contact the USPS directly about package delivery questions
- Report package delivery scams to the Postal Inspection Service.
Asking New Employees to Buy Holiday Gifts
When you start a new job, be wary of emails from your new boss asking you to help with buying holiday presents for the staff.
Scammers find out who the new hires are from LinkedIn, other social media sites, and employers' public announcements. The scammers rely on the new employee's unfamiliarity with that workplace.
If you receive a brand new request through email, do not click any links and use a different method to get confirmation from your boss before taking any action.Why Hackers Target New Employees - Forbes.com
The holiday season is a popular time to give monetary donations to charities; unfortunately scammers exploit people's desire to help those in need. Online businesses may claim that a percentage of the product sales will be donated to charity. Phishing emails may imitate a charity, but are trying to gather your information or funds. Here are some helpful hints for safe donations.
- Take your time selecting a charity.
- Research the charity on a third party website like Charity Navigator.
- Donate directly to the charity.
- Pay by credit card or check.
- Make a donation via an unsolicited phone call.
- Use hard to trace payment options, such as wire transfers, gift cards, or cryptocurrency.
- Assume a crowdfunding website is legitimate or gives 100% of donations to the cause. The safest way to give on social media or through crowdfunding is to donate to people you know.
How to Stay Safe During Online Shopping
- Use your personal email for personal shopping. Please do not use your WPI email.
- Do not reuse your passwords for multiple accounts. More details are in Password Safety below.
- When using a search engine, skip the sponsored links that appear first in the search results.
- Avoid sites without a lock or https in the address bar
- Before ordering from an unfamiliar company, do an online search of the business name and terms such as: complaints, reviews, or scam.
- Make sure to review the online store's privacy and return policies before placing your order.
- Watch the short videos in Online Shopping Scam Videos.
Learning with Laughter
Find Information Security and Cyber Security Club members in the Morgan Wedge on Friday, November 17 from 11am - 1pm.
Come learn about the types of online shopping scams that target college students.Safely Shopping Online Table Sitting
Meet the Cyber Security Club
The Cyber Security Club at WPI aims to educate those interested in cyber security and to facilitate an informative environment where students from all educational levels and backgrounds can master safe practices. The club hosts cyber labs and competitions locally and nationally where members can practice what they have learned. Members are not required to attend these competitions, but they are encouraged to continue learning.Cyber Security ClubCyber Security Club Events
Online Shopping Scam VideosExample of Fake Amazon Website - YouTube (2 min)Beware Online Shopping Scams - AARP (1 min)How to Stay Safe While Shopping Online - KGW News (2 mins)
Online Shopping Scams in the News
In this scam someone on social media claims to be unjustly fired from a high end store. As revenge they're sharing the employee discount code for an AMAZING price cut!Social Media Discount Code Shopping Scam (whnt.com)
By the Numbers
- Nearly 32% of scams reported to the BBB were from online shopping. About 74% of respondents reported money loss.
- 38% of people aged 18-34 experienced fraud when purchasing through an online ad.
- 63% of people think online retailers like Amazon or eBay will request your username and password to provide customer support.
- 76% of US consumers have experienced some type of fraud. (aarp.org)
- 81% of people aged 18-34 have experienced fraud compared to 69% of people age 65+. (aarp.org)BBB Scam Tracker Report 20222022 Holiday Shopping and Scams Article (AARP.org)Holiday Shopping and Scams PDF Report (AARP.org)Holiday Shopping and Scams Survey of U.S. consumers age 18-plus (AARP Infographic)
Diversity in Cybersecurity
Dr. Paul Judge, Cofounder of Pindrop SecurityDr. Paul Judge
WPI Hub ResourcesShopping Online - Buyer BewareBe Aware of Holiday Scams
Coming Next Month...
Direct Deposit Scams
Is there a cybersecurity topic that you would like to know more about? Please contact WPI Information Security using Get Support below.