You can now do all of your holiday shopping from the comfort of your home, but it comes with its own risks.
Americans are expected to spend an estimated $90 billion on Black Friday and Cyber Monday this year, according to personal finance-comparison site Finder — up $30.57 billion from a projected spend of $59.6 billion last year. The average American will spend $483 between these two days.
Online, shoppers can easily be scammed out of that money. Some 5% of mobile apps out of 4,331 in the Apple AAPL, -3.96% app store advertising “Black Friday” deals are potentially malicious, meaning they could expose shoppers to hackers, according to an analysis from San Francisco, Calif.-based security firm RiskIQ. (Apple did not immediately respond to request for comment.)
With 53% of shoppers planning to buy products via mobile device or tablet this year, according to a survey from review platform Influenster, many people stand to be targeted by scammers.
Here are some of the best ways to protect yourself while buying products for your loved ones:
The ‘s’ in ‘https’ adds a layer of security
Be sure to use websites that are known to be secure, said Dave Baggett, co-founder and chief executive officer of Washington, D.C.-area anti-phishing startup, Inky. You can best ensure this by typing in a URL directly into the browser, ensuring it is spelled correctly, and making sure it says htttps:// instead of http://. (The “s” adds a layer of security.)
Consumers can also best avoid phishing scams — emails that trick users into visiting malicious web pages — by just typing in a URL directly, he said. It is getting increasingly difficult to determine which emails are real, so don’t click an ad directly from your inbox.
Beware of bad spelling. A scammy email advertisement could, for instance, direct a user to a website for “Sacks” Fifth Avenue instead of Saks Fifth Avenue. The victim will click the wrong address and input data without noticing. Again, to avoid this, just type the address into your browser directly.
Also see: Beware of this smartphone scam on Cyber Monday
In many cases, a company’s app will be more secure than its site, said Elad Shapira, head of research at New York security firm Panorays. Be sure to download the official app — this can often be verified by reading the reviews of the product. Be wary if it has no reviews in the app store.
“Recent data breaches involved the tampering of Javascript code that can often be found on websites,” Shapira siad. “It’s much less likely, however, that hackers will create a dedicated attack for specific applications.” In other words, apps are much less likely to be compromised.
If it sounds too good to be true, it probably is
Scammers often entice would-be victims with headline-grabbing deals. Be sure to check reviews on discounted items to make sure they do not have major problems, said Scott Grissom, chief product officer at legal-resource site LegalShield.
“Online scammers often set up dummy websites, auction listings or ads that offer popular items far below market value,” he said. “These scammers will kick into high gear for Cyber Monday. Trust your instincts and beware of scam sales.”
Avoid alternative payment methods
If a website asks you to pay in bitcoin BTCUSD, -6.57% or a Western Union WU, -0.95% transfer, you’re likely being scammed, Baggett said. “Almost always these payment methods are used for money laundering and theft,” he said.
Don’t use any third-party payment platforms unless it is widely-considered to be safe like Apple Pay or Paypal PYPL, -5.80% he said.
In fact, Apple Pay is safer than other forms of payment, said Steven Andres, management information systems lecturer at San Diego State University. That’s because it sends a one-time credit card number to a vendor rather than allowing it to process your payment without saving your payment information on file forever.
Lock down your login
Use a password manager to log into websites and never save your passwords in the site itself, Russ Schrader, executive director of National Cyber Security Alliance, said. Don’t ignore those pesky “an update needs to be installed” pop-ups, especially before the holidays.
Make sure the products themselves are secure
The holidays also brings the risk of being hacked by the very products you buy. Toys and smart devices with poor security can lead to more problems at home.
The tech company Mozilla released a holiday season review of a number of products this month, flagging products like this baby monitor as being at risk. Look up security reviews before buying a product and always be sure to change your default password.
Don’t miss: Your child’s Wi-Fi-connected toy may be spying on them — here’s how to prevent it
You aren’t safe even after you check out
Your guard may be down after Black Friday and Cyber Monday. Baggett said a scam where hackers send out a fake UPS UPS, +1.09% tracking alert with phishing links is on the rise. “The attacker assumes you’ve gotten a lot of things for Christmas and will use this to pull you in,” he said.
Instead of clicking on the link, just search the number noted in the email to see if it is truly a tracking number. You should have a copy of that number and be able to cross-check. If it is, then Google GOOG, -3.91% will recognize it and pull up the proper channels to look into the UPS tracking.
Get a daily roundup of the top reads in personal finance delivered to your inbox. Subscribe to MarketWatch's free Personal Finance Daily newsletter. Sign up here.
