REGION — Cyber Monday is around the corner and with the recent email scam that affected 300 million Amazon customers, it’s important to know how to safely navigate shopping online.
Mark Cristobal, who with his wife Mary Ann, owns CMIT Solutions, which serves Encinitas, Carlsbad, Solana Beach and Rancho Santa Fe, said last month’s Amazon swindle was a fresh spin on the tried-and-true email scam.
“Phishing messages that appeared to be legitimate notifications from the online retail giant attempted to trick users into sharing their account credentials, private logins, and financial information,” Cristobal said. “The fake requests required a response within 24 hours, threatening to permanently disable access to Amazon if they weren’t met.”
Cristobal said that extra push worked, tricking thousands of unsuspecting users into clicking an “Update Now” button embedded in the email. That then led to a convincing simulation of Amazon’s login page, which asked for account name and password followed by name, address, city, state, ZIP code, phone number and date of birth. From there, users were prompted to enter their credit card or bank account information as a final form of identify confirmation, which led to an automatic logout and redirect to the real Amazon website.
“It’s a classic phishing scenario, one that is repeated time and time again with minor variations on different platforms and websites,” he said. “But it’s also one that you, your colleagues, and your company can avoid with planning, communication, and cybersecurity education.”
Cristobal said he recommends the following tips to help avoid getting scammed. First, use caution with any automated message from an unknown or suspicious contact, whether it’s an unsolicited email, suspicious text message, or customer service contact.
“Look for typos or bad grammar, along with misspellings in email senders and domain names,” he said.
Cristobal said when in doubt, mark anything unwanted as junk or forward it to a trusted IT provider to assess the threat before you click, respond, or accept.
Second, he said to beware of time-sensitive requests, such as the Amazon scam’s 24-hour limit to act or be locked out of an account. Third, navigate to the website or account in question manually, so you can ensure you’re in the right place, and check for notifications. Cristobal said in the case of the Amazon phishing scam, stepping away from the illicit email and typing www.amazon.com into your browser, then logging in and checking for any notifications related to the email, would have informed many users of the issue.
“In other words, think before you click any link in an email you’re not sure about,” Cristobal said.
Cristobal said some other things to look out for that might indicate a scam are emails, online ads or websites offering heavily discounted or free items; websites requesting personal information; fake apps — you can make sure it is a real app by verifying it on the brand’s website before entering in any information; and shopping on websites that don’t have security features in place, for example check that the website has “https” not just “http” as the “s” signifies that there is a special level of security in place for transmitting private information on the Internet.
Also, he said, avoid shopping online with a debit card. Using credit cards limits personal liability in the case that it is a scam or the data gets stolen.
Cristobal said CMIT Solutions takes computer scams seriously.
“We work hard to identify ongoing threats, alert our clients about the problem and mitigate any consequences before they wreak havoc on computers, mobile devices, networks and business data,” he said.