carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Nov 30, 2018

Shopping and returning in the new year? Top shopping scams and how to avoid them

By putting a holiday spin on old tactics, crafty cybercriminals have proven remarkably successful at manipulating consumer buying behavior for ill-gotten gains. This year, we want to help you avoid these common holiday shopping scams and stop these modern-day Grinches before they steal your holiday cheer.

One of the unfortunate consequences of shopping and returning merchandise in the new year is the proliferation of scams targeting innocent shoppers. Crafty cybercriminals have proven remarkably successful at manipulating consumer buying behavior for ill-gotten gains. This year, we want to help you avoid these common shopping scams and stop cybercriminals from getting in the way of your new year’s resolution to spend wisely.

Site spoofing

Is that your favorite online retailer you’re shopping at or an imposter? Even amateur web designers can fake company logos and branding elements, creating a site that looks exactly like a trusted e-commerce site. You can–and should–scrutinize the URL, but even then, determining whether a site is legit or a well-designed fake can be tricky. 

Cybercriminals often create subdomains that appear as if they roll up to the main site. So, instead of “,” it may say “” or “” Fake domains based on common misspellings of popular brand names are also common. When a shopper inadvertently misspells a retailer’s name, the fraudulent site loads in the web browser as expected. You can go through an entire e-commerce transaction and never realize you’ve surrendered your personal information.

First, be certain that you are on the merchant’s main site and not a subdomain. Second, make it a practice to bookmark the sites where you normally shop. This reduces the likelihood you will mistype a URL and wind up on a fraudulent landing page. Third, stay away from sites beginning in “http” rather than “https,” which indicates that the site uses extra security to prevent eavesdropping and tampering. Scams of this nature go by several names, including site spoofing, form-jacking and typo-squatting. Mobile browsers are particularly susceptible to spoofing since most devices can’t display the complete web address of a domain.

Fake apps 

In addition to site spoofing, cybercriminals often create fake mobile apps that mimic those from easily recognizable brands. Downloading the app introduces malicious viruses to your device. Other fraudulent apps ask you to log in using your social media credentials, which exposes confidential information to nefarious actors. Only download apps from official vendors like Google and Apple. Also, be suspicious of requests for access to your personal information, contacts, login credentials and credit card information. Finally, be on the lookout for poor grammar and misspellings in the app description—those can be a tip-off of a malicious app.

Gift-giving scams

Cybercriminals often seek to exploit victims’ generosity by creating gift-giving scams. Beware of “secret sister” gift exchanges, which are nothing more than an online version of a pyramid scheme. Here’s how it works: You receive an invitation to send one gift, with the promise of receiving more in return for enrolling others in the scheme. According to the Better Business Bureau and the U.S. Postal Service, online gift exchanges and similar invitations are illegal. Avoid them at all costs. And report them if you encounter them on social media.

Phishing emails

Phishing scams are another pernicious year-round threat that spikes, as cybercriminals take advantage of shoppers on the lookout for discounts. They often appear to be from a reputable merchant and promise deals that are too good to be true. The aim is to get victims to click on a link. Once they do, they open the door to malicious code that locks the device and its contents unless the user pays a ransom. Another variant solicits consumers to enter their personal information, which is then sold to criminal networks. Make sure you recognize the sender before clicking on any links to those winter party invitations.

Shipping scams

The desire for timely delivery of packages creates an opportunity for cybercriminals to trick shoppers into giving up their personal information. Shipping scams start with an email containing a link to download a new shipping label, arrange a delivery time or reroute a package. Always look closely at the “from” line in emails. If you don’t recognize the sender, hover over it with your cursor and see where the link will take you. If you don’t recognize the URL, don’t click on the link. Contact the vendor and shipping provider separately to track the progress of your delivery. These types of scams happen all year round, not just over the holiday season.

Back up your systems

Aside from educating yourself about common shopping scams, your best defense against cybercriminals is to protect the important data on your computer with a secure backup solution, such as Carbonite Safe or Carbonite Endpoint. Carbonite saves you from having to deal with cybercriminals to get your files back. If your computer becomes infected, a reliable backup solution will allow you to retrieve clean copies without paying a ransom. With backup, not only do you protect what’s important to you, but you also deprive cybercriminals of their primary source of revenue.


Steve Jurczak

Product Copywriter

Steven Jurczak is a Product Copywriter on the Corporate Marketing team at Carbonite. He blogs about backup and recovery technology, information security and IT industry trends.

Related content