How likely is it to fall victim to fraud? As far as I’m aware, I personally have not purchased from a fraudulent site, but I have had my card details stolen in the past. Additionally, I remember years ago that while attempting to find a flat, I found a ‘rental company’ who turned out to be one person attempting to rent out flat 13 that due to superstition didn’t actually exist.
In the case of the 13th flat, I asked to view it, and it was easy to identify the scam due to the lack of a physical location. Note: this didn’t stop the scammer, who attempted to present multiple accents and claim it was being cleaned.
However, when purchasing online, it’s not that easy to spot a scam.
60% of Canadians Fear Falling Victim to Fraud this Holiday Season
In an online survey funded by Scotiabank and provided by Maru/Blue, of the 1,519 Canadians (18+) surveyed between 25 and 26 November 2019, forty-seven percent (47%) responded with having been targeted by fraud. According to this survey, of those targeted, almost all (76%) did not report it.
In the 2019 e-commerce report by Canada Post, 80% of Canadians are purchasing online. Of these purchasers compared against the statistics found by the Scotiabank report:
- Scotiabank’s report says 49% of millennials (18-35) do not know how to report fraud and are more likely to be victims of fraud (55%)
- Canada Post’s report puts millennials as the second largest purchaser of online goods (32%) and Baby boomers (53-72) as the highest group (35%).
- Scotiabank also found that 70% of millennials shred personal documents, while 84% did so within the 55+ age range.
In a society that is constantly growing within the e-commerce market, (See eTrail Canada’s 2019 Directors report for these grow statistics.) I find it discouraging that not only are victims not reporting fraud, they simply don’t know how, and even more likely don’t practice online safety due in part to a lack of knowledge.
How can consumers protect themselves online?
“While the results are staggering, it’s not surprising that financial fraud is still so widespread. As consumers, we should be extremely diligent when shopping. A good rule of thumb is that if it is too good to be true, it probably is. Be sure to also use a password manager to ensure that passwords are not reused between accounts. Furthermore, always enable multi-factor authentication where available.” Irfahn Khimji, Country Manager, Canada at Tripwire
- Identify the seller from which you are looking to make a purchase: Are they well-known and reputable, or are they a seller that is on a reputable site? Consider Amazon, where you can buy directly from the site, as opposed to a website like eBay, where auctions proceed through independent sellers.
- Have you searched online for this seller? When receiving fraudulent voice calls, I know of many people that immediately search online to see if others have received calls from that number. Unfortunately, this practice isn’t as common when looking at the online seller. Try searching for their email and/or username online. When investigating phishing emails, I always check the sender to see if it’s a known campaign/sender. I do this by typing into Google (including quote marks) “emailAddress@domain.com” or “Email subject line” and even searching parts of the email body in quotes. In general, I receive quite a few responses.
- What reviews does the site/seller/product have? No matter where you are purchasing from, I always take the time to read reviews and focus on the negative reviews. If someone has hundreds of positive reviews that say essentially the same thing and appear to be submitted around the same time, but a variety of poor reviews claim they never received the product, I would be more inclined to believe these negative reviews. If I am looking to purchase a product with negative reviews that complain about a trait that is noted to not exist within the product description, I mark that up to confused purchasers and am more willing to believe the product’s legitimacy. It is also important to note, a website that uses https and shows a padlock of security does not in any way indicate authenticity of the seller. It can still be a malicious site!
- Secure your devices: Keep your devices and apps up to date, install anti-virus software, and when using mobile, secure it as well. If purchasing through an app, use apps that are reputable. Canada Post estimates in its report that by 2021, mobile e-commerce will account 34% of all purchases. Start your learning on how to do this safely now.
- Secure your accounts: Practice personal security foundations when creating and using online accounts. This includes secure passwords and multi-factor authentication but also strong not-easily-guessable security questions. If you purchase through a well-known provider, do not make payments outside of this website, do not share private information outside of the account settings page, and be suspicious if the seller tries to ask for more information or money. If you are unsure on the website’s security but trust its legitimacy, you can use other reputable sources such as paying via PayPal instead of entering card details.
- Make a report if something happens: Almost all websites have a customer support chat or phone number, but that’s not the only place to report. If you have purchased a product and later find out the website was either malicious or had been tampered with, contact your bank to notify their fraud team. Whilst I can’t say they will refund you, they can initiate monitoring activities from that provider and potentially stop further attacks against your account and/or others.
According to the statistics, Canadians are only going to continue to make purchases online and use newer but not always well understood technologies to do this. Throughout this transition, I challenge the e-commerce retailers and financial institutions to continue educating themselves and sharing knowledge on how to protect others in the future.
Consumers can make a difference by proactively taking steps to protect themselves and loved ones by practicing the safety steps above and making sure to report when something does happen. Seventy-six percent is not an appropriate statistic.
About the Author: Zoë Rose is a highly regarded hands-on cybersecurity specialist, who helps her clients better identify and manage their vulnerabilities and embed effective cyber resilience across their organisation. Zoë is a Cisco Champion and certified Splunk Architect, who frequently speaks at international conferences. Recognised in the 50 most influential women in cybersecurity UK for the past two years, and the PrivSec 200, Zoë is quoted in the media, has presented on National News, has been featured in Vogue Magazine, and was the spokesperson for Nationwide’s Over Sharing campaign that had a reach of 306 million citizens.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.