Safe Shopping and Mindful Cybersecurity

The annual holiday shopping season is upon us, again. Some of us find we are in a rush to find a perfect, or perhaps obligatory, gift for family, friends, or acquaintances. With these times also comes the regular reminder to be protective of your personal and financial information. Experience is a wonderful teacher. Here is mine.

First, a tip-sheet:

https://www.cisa.gov/shop-safely

Online shopping has its benefits. For me it is the ability to avoid crowded malls and time saved driving. Sometimes I find online the ideal gift that is otherwise impossible to find at a local shop. Not that I am averse to shopping at local stores. There are nearby shops where I like to peruse and purchase for the perfect product. The hard-to-find gifts, however, are well suited to online sleuthing.

A couple of years back I thought I had found the ideal, limited release LEGO® set. This is where I fell for the scammer trifecta: A rare item, a constrained supply, and an urgent deadline (i.e. Christmas). My attempt to purchase was through a large, respected online retailer. Fulfilment, however, was not.

An online thief hacking credit card information, #MidJourney

With the order placed, a few hours later I received the expected tracking number, and my credit card charged. It is a customary practice to charge for an order when ready to ship. This coincides when the items are boxed, shipping labels printed, and tracking numbers are created. It does not mean the shipping purveyor has the packages. After a few days with no additional information, no delivery date, and no indication the shipper even had the product, I became suspicious.

Attempts to contact the company fulfilling the order were first met with automated form-letter email responses, then silence. The company was a ghost.

Now I am faced with having to contest the purchase, wondering how much personal information has been revealed, reissuing my credit card, and proactively monitoring my accounts. In this case, while I did not lose any money, I never received the desired gift, and I was left scrambling at the last minute for something to fill the void.

What did I learn from this?

Make your purchases with a credit card. This makes it easier to dispute transactions. Do not use a bank-backed debit card, where the money is paid directly from a personal account. The funds are directly removed from your account and much more difficult to dispute and recover.

Check online reviews and details of the seller. Fulfillment may not be from the site where the order is placed. Amazon, for example, will display the company completing the order. How long the fulfilling company has been partnering with the hosting site and customer reviews are informative. If something seems off, it is.

Be cautious of rush and rarity. Messages like, “Hurry, only three items left!” are explicitly designed to create a sense of urgency with the customer. Similarly, a deadline to complete an order in which to receive a package by a specific date is also intended to increase the pressure to order.

Have a second credit card in reserve. For me, this is an account I rarely use, or only for specific reasons. Over the years I have saved myself by having a second credit card available when my preferred card was compromised. You may not get a replacement card or account number immediately. In one case, my preferred card had bogus charges made the night before I left on a lengthy trip. There was no way to get a replacement card in time. I relied on my secondary account for the trip.

Monitor your bank and credit accounts regularly. In another event, I only detected an account was compromised when I saw a small charge by popular vender that I did not use. If you make frequent, small purchases, like those for online music or movie orders, one more charge slipped into the mix may be hard to spot.

In writing this I almost feel like I have had an unusual number of account compromises and hacks. I would like to think I just had a few unlucky events. I can say I am a lot more vigilant and cautious.

May all your holiday, and year-round, purchases all be safe and secure.