Cyber Shoppers Beware

Even though Cyber Monday is long past, the procrastinator in some may push them to 'get it online' to save time. Free shipping; next day delivery; it's all very tempting. However, don't let the pressure lead you into a careless decision.

According to Lt. Dave Constantineau with the Muskego Police Department, "malicious actors will take advantage of the increased volume of online consumers and try to exploit those who are unaware of cyber risks and gain access to their personal information. Public and private sector organizations and individuals should remain vigilant when purchasing online." 

He shared tips from the Wisconsin Statewide Information Center on how to avoid holiday phishing and online cyber scams: 

• Phony profiles on social networking sites such as Facebook and Twitter are claiming to be legitimate businesses. These fake profiles will look like their legitimate counterparts but clicking on links in these profiles could allow malicious code to be installed on the victim’s computer compromising the victim’s security and privacy. 

• Emails from hotels claiming that a “wrong transaction” has been charged to a credit card have also been reported. The hotel will claim to offer a refund if the victim downloads and completes a refund form. Unfortunately, the form is embedded with malicious code and downloading it installs malware onto the victim’s computer. 

• Emails which are actually phishing scams involving bogus courier services during the holidays. The fake courier will send an email saying there is a package waiting for the victim and ask for personal information in order to retrieve it. 

• Non-legitimate websites claiming to have the “hot” gift of the season when most legitimate retailers are sold out. The non-legitimate websites will tempt the victim to order from them when they actually do not have the item and will steal their personal information and charge their credit card. 

Preventative Strategies 

The following preventative strategies are intended to help our public and private partners proactively look for emails attempting to deceive users into ‘clicking the link’ or opening attachments to seemingly real websites regarding holidays season ‘deals’. The following represents some best practices to follow, but it is not an exhaustive list: 

• NEVER click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on. 

• NEVER open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them. 

• DO NOT give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!