SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Increase in scams expected for NZ and Australia during holiday shopping season
Fri, 27th Nov 2020
FYI, this story is more than a year old

New Zealand and Australian shoppers are being warned to look out for scams during the November sales season, with cybercriminals likely to increase their activity targeting shoppers to direct digital cash flow their way, according to Avast.

With Black Friday and Cyber Monday getting bigger in Australia and New Zealand every year and COVID-19 still a potential threat, more people are expected to do their holiday shopping online this year.

Netsafe revealed last week that New Zealanders reported a loss of NZD $3.3 million dollars from online scams around products and services from 1 July 2019 to 30 June 2020.

Scamwatch data shows that Australians have lost close to AUD $7 million to online shopping scams alone this year, with the busiest period of online shopping just starting.

“The internet is filled with amazing offers around this time of the year and people are overwhelmed by trying to catch the best products," says Luis Corrons, Security Evangelist at Avast .

"As a result, they spend less time researching the seller, which is where cybercriminals can take advantage," he says.

“Getting a great deal during Black Friday or Cyber Monday is a thrill for many shoppers, however knowing you are doing so with no surprises from scammers is the gift that keeps on giving.

Corrons says treacherous cybercriminals can appear anywhere you turn, from fake mobile shopping apps and phony brand websites posing as real businesses, to emails or texts pretending to be your package's shipping info with malicious links.

One of the biggest scams to be aware of this shopping season are phishing attacks.

CERT NZ's Quarter Three Report that was just released found that there were 1,064 reports of phishing and credential harvesting from 1 July – 30 September 2020 in New Zealand, with Avast expecting this wave of phishing to continue over Christmas with online shoppers in their sights.

According to recent research from Avast, half of Australians (49.76%) have encountered a phishing scam this year, with the most prevalent phishing scam encountered being email phishing scams (78%), followed by phone call scams (55%) and smishing scams (41%).

“Be on the watch out for phishing emails and texts offering deals or shipping information which persuade you to click a link or download an attachment, which could be malware like ransomware that holds your files hostage until you pay a ransom, or even lead you to a fake website where it asks you to sign in with your personal information or gets you to complete an actual payment,” says Corrons.

Australia Post and the Te Tari Taiwhenua Department of Internal Affairs have both recently warned Australians and New Zealanders to be aware of scam messages about unpaid “customs charges” for a package delivery coming from an Australian mobile, and Avast expects that these types of scams will continue following Black Friday and Cyber Monday with scammers likely to try and take advantage of shoppers who are expecting package deliveries.

To help Australians and New Zealanders have a safe online shopping experience this holiday sales season, Corrons has these six top tips:

  • Watch out for fakes and always go ‘official' – This is important for both apps and websites. For apps, only download apps from official app stores.  When it comes to websites, always type the URL into the address bar so you know you are on the official page. Note that almost all official sites will use ‘https' to ensure an encrypted connection between the retailer and consumer.
  • Avoid phishing scams – Look at every deal-themed email in your inbox with a suspicious eye, and never click on links inside them as they could lead to an email phishing scam. Instead, if you see something in an email that is enticing, follow tip 1 and type the URL into a web browser yourself.
  • Do not store payment info – As you visit site after site, and as you make purchase after purchase, you will be peppered with requests to start new accounts and save your credit card info. We strongly suggest you deny these requests, particularly during holiday shopping. You want to share, save, and store as little personal info as possible on the internet.
  • Put a layer between your credit card and scammers – Third-party payment services such as PayPal, Apple Pay and Google Pay can give you an extra layer of protection, if you want the best assurance. These virtual payment services can also be very handy on mobile sites. However, remember to only shop from your home or cell network, never on public Wi-Fi so you can protect your sensitive information, like passwords, from being stolen.
  • Stay anonymous – When you use a VPN, you cruise the cyber highway in a rental car with tinted windows. It's an encrypted connection that hides your IP address and keeps predators from seeing any personal data about you, which prevents them from profiling you. Your login credentials, your banking details, and your identity stay protected. But make sure you select your preferred country in the VPN application, so the website displays the currency you want to use. 
  • Compare prices – Before you hit the digital checkout line, open a new tab and look up that same item in other stores to see if the price is similar. If you haven't heard of the brand before, look up comparable products by leading brands to see if the prices are similar. If your item is drastically lower than the others, you need to wonder why. If a deal seems too good to be true, it probably is.