While best practices for staying safe when shopping online are usually perennial, here are some updated threats and tips to note

With the holiday season just around the corner, scammers are turning to increasingly sophisticated tactics, techniques, and tools to snare victims. As cybercrime continues to evolve, staying vigilant and protecting oneself online is more important than ever.

According to Lee Hui Li, Managing Director, Microsoft Singapore: “More and more scammers are using advanced technologies like AI to take advantage of shoppers’ excitement for deals. To stay safe, it’s important to take some simple precautions like verifying that online stores are legitimate, being cautious of deals that seem too good to be true, using trusted payment methods, checking reviews, and using unique passwords and multi-factor authentication to safeguard your personal information.”

The firm has offered the following factoids and tips to help consumers at large stay safe whenever they are shopping online.

Four advanced e-commerce threats

While the year-end festive e-shopping period is a key period for scammer activities, shoppers should be vigilant to the following threats at all times:

  • Deepfakes: With AI software, scammers can create realistic fake videos and audio that impersonate trusted individuals. They could use fake video calls or voice messages from familiar sources like potential victims’ friends or family members, tricking their quarry into sharing sensitive information or making unauthorized payments.
    To stay safe from deepfake scams, always verify unusual requests by contacting the person involved in any urgent request directly. Be cautious with links and attachments from unknown sources. Look for signs of manipulation, such as unnatural facial gestures or glitches in videos, and consider using multi-factor authentication for added security.
  • Tech support scams: Beware of fake tech support pop-up warning messages onscreen, or calls that appear after you visit certain shopping sites or clicked on any shady ads that could have impersonated well-known brands. Such tech scams convince potential victims that something is wrong with their device/computer, and they have to share sensitive information or pay for fake services to “fix” the non-existent issues.
    Other tech scams create fake shopping deals or impersonate well-known retailers, luring shoppers to fraudulent sites where they unknowingly enter payment details or make purchases that never arrive.
  • QR code phishing: While QR codes are a convenient way to share and access information, scammers can create fake codes that lead consumers to fake websites designed to steal personal information. These sites look like the legitimate payment page of the vendor or payment service, but are actually designed to capture consumers’ credentials, potentially bypassing security measures like multi-factor authentication. To avoid these threats, be cautious with QR codes from unknown sources, and always verify requests for personal information.
  • Shady new vendors on an e-commerce platform Beware of new vendors on your e-commerce haunt that do not have any user satisfaction ratings or feedback; offer ridiculously low prices for almost everything they list; are located in China or non-local countries; and tend to copy product feature illustrations and even other vendor’s logos for their own ads. If you purchase anything from them, they will go through the usual shipping advisory messaging, pretend to have shipped your item, but at any point in the transaction, they just cancel your order with scant information to justify the act.
    E-commerce platforms such as Lazada, Aliexpress and Shopee are usually helpless, and just offer shoppers a full refund, but are unable to clamp down on these new vendors or unwilling to ensure stricter onboarding of new vendors even when users complain. The time wasted, and the unnecessary anxiety caused to purchasers (especially of high-value items) are two factors that really ruin the e-commerce experience. Consumers should not hesitate to watch out for such bad vendors and issue formal complaints to their e-commerce platforms to step up vigilance and due diligence. The rogue vendors could be engaged in money-laundering, information gathering or numerous other fraudulent activities even if they do eventually fulfill some of their orders.

General e-shopping safety tips

  • Avoid clicking on third-party advertising links or suspicious email attachments: During the holiday season, scammers capitalize on our search for good deals. If an email or text offers deep discounts, tight timeframes to take an offer up, or unusual availability of an item that is sold out everywhere else (such as Labubu collectibles), it could be a scam. Play it safe: do not click on links or open attachments in SMS or email messages. Instead, go to the retailer’s website or social media channel directly and see if the offer checks out.
  • Be skeptical, even with familiar contacts: Phishing messages are more convincing and harder to identify than ever. Be cautious with unexpected messages from friends or family members asking for money, or an email from your bank asking for your personal details. Always apply additional scrutiny and double check directly with the sender before doing what is requested. This could involve opening or downloading an attachment, or even just replying back to the message. Fake invoices are another common trick used to prompt unauthorized payments or downloads.
  • Use unique passwords and multi-factor authentication: Always use strong, unique passwords securely for each e-commerce site you frequent. Also, enable multi-factor authentication wherever possible. If necessary, use a trusted password manager or more-advanced passkeys and biometric features to secure your accounts. However, be wary of unexpected multi-factor authentication alerts, as these could indicate an attempt to breach your account.
  • Report suspected scams to authorities: Do not try to hide the embarrassment of being scammed. Notify the relevant authorities and also your contacts in case any sensitive information stolen is used to target them.

    • Other perennial e-commerce shopping tips featured previously in CybersecAsia.net and DigiconAsia.net are also available for your reference:

    1. Be paranoid about e-commerce safety this year-end shopping season
    2. Top five e-shopping scams to watch out for
    3. Scams galore this Black Friday and Cyber Monday: tips for staying safe!
    4. Protecting transactions and payments in the age of AI
    5. Black alert: Black Friday and festive shopping season scams