Avoid cyberscams as you shop for the holidays

The more consumers open up their pocketbooks this holiday season, the more opportunities they grant thieves and hackers to ply their illicit scams.


From fake gift cards to spoof Web sites, there are countless ways cybercrooks are taking advantage of unwitting holiday shoppers. Just ask Jim Galpin, manager of Canadian Consumer Sales for McAfee Inc., a provider of anti-virus and anti-spyware software. In an interview with CreditCards.com, Galpin offers these tips for safe cybershopping during the holiday season.

Creditcards.com: Typically, consumers think of e-tailing sites as posing the greatest security risks, but in what way do social media tools such as Twitter and Facebook threaten to harm consumers as well?

Jim Galpin: People are not always careful about what data they post on Facebook or Twitter. Listing your home address or indicating when you are away from home can lead to identity theft or robbery. Information on Facebook and Twitter is often made available to anyone who wants to view it, so putting personal information such as credit card numbers, social insurance numbers or other important details online is definitely not a good idea. Learn the privacy settings available to you and make sure you're not sharing information unilaterally.

CreditCards.com: There's been a lot of talk lately about 'smishing' in which hackers use cell phone text messages to trick consumers into divulging their personal information. How common are such attacks and how can they be avoided?

Galpin: We do not get regular reports of such attacks. That said, it is always important for people to be on guard and to think twice before acting on a text message. Rules similar to other forms of messaging such as e-mail and instant messaging apply. For example, it is not typical for a financial institution to send you a message and ask you to click on links and update personal information or to confirm a particular transaction. Think twice before you act and if you suspect foul play, call your bank using the number on the back of your card, not the one you may find in the text message.

CreditCards.com: What steps can a consumer take to ensure that an organization is actually legit and not out to steal one's credit card information?

Galpin: If you are concerned, contact the organization directly by phone or through a listed e-mail address that you find on its Web site before purchasing, in order to confirm the details. Buy from a reputable online store that is widely recognized. Be sure to have a safe search tool such as McAfee Site Advisor which will advise you if Web sites are potentially dangerous. Make sure that the domain from the e-tailer is a recognized domain such as .com or .ca. And shop at secure Web sites that display "https" and not "http."

See related: Card scams don't deter online shoppers, Most travel rewards points go unused

Published December 17, 2010

Most recent Legal, regulatory, privacy Stories