A monthly Information Security publication for the WPI community.

This month's focus is ONLINE SHOPPING SCAMS, when people use the anonymous nature of the internet to deceive unsuspecting buyers.

Text: "If it sounds too good to be true it probably is. My Dad's favorite"

In this issue:

  • Common Online Shopping Scams
  • How to Stay Safe During Online Shopping
  • Learning with Laughter
  • From Our CISTO: Using Approved Software
  • Online Shopping Scam Videos & News
  • By the Numbers
  • Diversity in Cybersecurity
  • WPI Resources
  • Coming Next Month...

Common Scams

Watch out! During the holiday shopping season scams increase in social media shopping, package delivery confirmation, asking new employees to buy holiday gifts, and charity scams.

Social Media Shopping Scams

Social media is flooded with advertisements, so it can be hard to differentiate what's legitimate and what's fraudulent.

One way to stay safe is not tapping on social media ads. Instead use a search engine to find the business's online store. Top search results are often sponsored or sites made to look similar, so check carefully for the actual business site. If the sale or product is a legitimate offer, then it will be easy to find there.

6 Things to Look for When Buying Online (bbb.org)

Package Delivery Confirmation Scam

At this time of year, many people are expecting packages to arrive, and numerous surprise packages are en route. Scammers claim to be from the US Postal Service or other major delivery companies. They trick victims into revealing personal information saying it must be confirmed in order to deliver the package.

Avoid being victimized with these tips from the US Postal Inspection Service:

  • Never give out personal information in a phone call you did not initiate
  • Contact the USPS directly about package delivery questions
  • Report package delivery scams to the Postal Inspection Service.
Submit a Report to the US Postal Inspection ServiceUS Postal Inspection Service - Fake USPS Phone Calls

Charity Scams

The holiday season is a popular time to give monetary donations to charities; unfortunately scammers exploit people's desire to help those in need. Online businesses may claim that a percentage of the product sales will be donated to charity. Phishing emails may imitate a charity, but are trying to gather your information or funds. 

There are scammers who are trying to exploit relief efforts for the recent hurricanes and devastation. If you want to donate to hurricane disaster relief, then research the charity before you donate.

Here are some helpful hints for safe donations.

DO

  • Take your time selecting a charity.
  • Research the charity on a third party website like Charity Navigator, Charity Watch, or GuideStar.
  • Donate directly to the charity.
  • Pay by credit card or check.

DON'T

  • Make a donation via an unsolicited phone call.
  • Use hard to trace payment options, such as wire transfers, gift cards, or cryptocurrency.
  • Assume a crowdfunding website is legitimate or gives 100% of donations to the cause. The safest way to give on social media or through crowdfunding is to donate to people you know.
Before Giving to Charity - FTC Consumer AdviceCharity NavigatorAfter Storms, Watch Out for Scams (FCC.gov)

Asking New Employees to Buy Holiday Gifts

When you start a new job, be wary of emails from your new boss asking you to help with buying holiday presents for the staff.

Bad actors find out who the new hires are from LinkedIn, other social media sites, and employers' public announcements. They rely on the new employee's unfamiliarity with that workplace.

If you receive a brand new request through email, do not click any links and use a different method to get confirmation from your boss before taking any action.

Why Hackers Target New Employees - Forbes.com

How to Stay Safe During Online Shopping

  • Use your personal email for personal shopping. Please do not use your WPI email.
  • Make sure the device you’re using to shop online is up-to-date.  
  • Do not reuse your passwords for multiple accounts. Make sure your accounts have strong passwords, and use multifactor authentication where it's available. More details are in Password Safety below.
  • When using a search engine, skip the sponsored links that appear first in the search results.
  • Avoid sites without a lock or https in the address bar
  • Before ordering from an unfamiliar company, do an online search of the business name and terms such as: complaints, reviews, or scam.
  • Make sure to review the online store's privacy and return policies before placing your order.
  • Watch the short videos in Online Shopping Scam Videos.
Holiday Online Safety Tip Sheet (CISA)Password Safety (help.wpi.edu)How to Tell if an Amazon Webpage is Authentic (amazon.com)How to Identify Fake Websites by digicert

Learning with Laughter

Cat staring at a laptop. Text: "I ordered a book online called, 'How to Scam People'. It's been three months and still no book."
Title: Online Shopping. Picture of Captain Jack Sparrow labeled What we order. Aside is an imposter labeled What we receive.

From Our CISTO:  Why is using approved, WPI ITS-supported software so important?

It contributes to our network and data security! Information Security vets numerous security details about the software we make available.

Unauthorized software can introduce risk and vulnerabilities to the environment and may violate our Acceptable Use Policy (AUP). 

Please remember we each play a role in safeguarding the security and integrity of our systems and data. Following the AUP is essential to maintaining a safe, productive environment for everyone.

Always check with Information Security before downloading or using any unofficial or unauthorized software. Thank you for your cooperation and dedication to upholding these standards. 

Please use resources in the WPI Software Library, Windows Software Center, Mac Self Service, and AI Resources site. If you can’t find what you are looking for, contact the IT Service Desk.

- LeeAnn LeClerc, CISTO

Acceptable Use Policy (AUP)About Software at WPIAI Resources

Online Shopping Scam Videos & News

Online Scams are More Sophisticated than Ever - NBC News (4 min)Example of Fake Amazon Website - YouTube (2 min)

News reports scams where someone on social media claims to be unjustly fired from a high end store. As revenge they're sharing the employee discount code for an AMAZING price cut!

Social Media Discount Code Shopping Scam (whnt.com)

By the Numbers 

According to Imperva Threat Research:

Matrix background and text says, "Retail websites experience an average of 569,884 AI-driven attacks each day."

AI improves bot site traffic, when automated software visits a site. While positive impacts include customer service chatbots and enhanced indexing, unfortunately cybercriminals also take advantage. Their bots use stolen credentials, credit card numbers, and take over accounts, among other malicious acts.

Bot Traffic (Humansecurity.com)
Text: "Advanced bad bot traffic has increased by 58% compared to last year." 

Harmful Traffic Targeting Retail Sites

70% of the harmful traffic targeting retail sites are evasive bad bots. 


AI-Driven Cyberattacks Increase Risks to Online Retailers

Fraud

76% of US consumers have experienced some type of fraud. (aarp.org)

81% of people aged 18-34 have experienced fraud compared to 69% of people age 65+. (aarp.org)

NEVER share your password with customer support.
If staff ask for it, end the conversation immediately. It is likely fraudulent!
BBB Scam Tracker Report 20222022 Holiday Shopping and Scams Article (AARP.org)Holiday Shopping and Scams PDF Report (AARP.org)Holiday Shopping and Scams Survey of U.S. consumers age 18-plus (AARP Infographic)

Diversity in Cybersecurity

Dr. Paul Judge, Cofounder of Pindrop Security

A professional portrait of Dr. Paul Judge wearing a light, collared shirt and dark blazer.
Dr. Paul Judge

WPI Resources

Shopping Online - Buyer BewareBe Aware of Holiday Scams

Coming Next Month...

Financial and Banking Scams

  

Is there a cybersecurity topic that you would like to know more about? Please contact WPI Information Security using Get Support below.