Beware of holiday shopping scams

CCIT Staff , Office of Information Security
November 8, 2023

The holiday shopping season can be filled with different kinds of scams, so the Office of Information Security wants to ensure you have the reminders and awareness you need to navigate the coming weeks.

Online shopping scams

Don’t be tempted by an email promising amazing prices or deals on popular holiday items. If a deal looks too good to be true, then it probably is. These types of email scams will use a link to a fake website that may look real. Do not click on website links within emails because they can be misleading. A better practice is to open a browser yourself and navigate to a specific website. When shopping online, ensure the URL of the website begins with HTTPS and not just HTTP. The HTTPS websites use encryption to help protect your confidential data such as your credit card information. Also, carefully examine any website before you make a purchase. Verify that the design looks right, and the information seems legitimate. If anything is suspicious, you may be on a fake copy of the website. And don’t forget, if you get something that looks like an email scam in your Microsoft Outlook, report it to CCIT with our button or email.

Charity scams

This scam is usually initiated through an unsolicited email. Cybercriminals are hoping you will want to help with whatever the charitable event may be, and they will encourage you to send funds. Although there are legitimate charities to support during the holidays, it is safer to browse to the official website of a charity yourself, rather than using a link within an email. So, always investigate before you donate.

Sharing content scams 

The holiday season is also a time when people want to share more articles, pictures, and videos with their friends and family. Cybercriminals know this and will try to infect shareable content with malware. It may be a file attached to an email message, direct message, or it could be a link to a website that prompts you to update software to watch a video. Files shared by friends and family are believed to be safe, but they could have been infected with malware before it even reached someone you know as content is passed around. You should always be cautious when opening email attachments or clicking on links.

Package delivery scams

This scam begins with an email or text message claiming that a company such as FedEx or Amazon was unable to deliver a package to your address. The message will typically provide a website link where you are asked for personal information such as your home delivery address. They may claim there is a “redelivery fee” and ask for your credit card information. They may also want you to “verify” your purchase or delivery. These can be scams that allow cybercriminals to steal your personal and financial information. Some of the fake websites even provide a means for the cybercriminals to install malware on your device. If you receive an email or text notification about a delivery issue, do not use the link in the message. Instead, directly contact the delivery company yourself to verify that there really is a delivery issue.

Here are some tips and best practices we encourage each online shopper to follow:

Shop at secure websites that you trust

Play it safe by doing online business with trusted retailers you have shopped with before.  If you are tempted to buy from a new website, research the company name before providing your payment information.  When making credit/debit card payments look for website addresses that start with HTTPS and have a lock icon, which indicate a secure website.

Avoid public Wi-Fi

You might be tempted to shop online at a coffee shop or other location with free Wi-Fi.  Browsing the websites may be acceptable, but do not make credit/debit card payments from a public Wi-Fi unless you have started a VPN (Virtual Private Network) session from your device.  VPN creates a secure tunnel, making your data safer from interception by nearby hackers. Clemson has a free VPN you can use with your Clemson username, password and Duo authentication. You can find more information in our Services section, and if you’re using a computer, you can find step-by-step instructions in our Knowledge Base.

Create strong, unique passwords

Use a unique pass phrase for each website, and keep it private.  Do not use your University password when creating accounts with online merchants.

Don’t give out too much information

Merchant websites should never prompt for your social security number.  Other than your shipping address and phone number, be very wary when asked for personal information. Call the customer service line when in doubt.

Check your financial statements and take action immediately

Regularly check your bank and credit card statements for unauthorized transactions and set up account activity alerts wherever possible.  If you suspect a fraudulent transaction has occurred, immediately contact your bank or credit card company to report the unauthorized activity.

Remember, your personal security is always important. For more tips about staying safe online (and beyond), visit our Cybersecurity page at ccit.clemson.edu/cybersecurity.