PORTLAND -- Online crooks planning on targeting shoppers on cyber Monday were hoping consumers would let their guards down on the popular shopping day.
Retailers expected billions of dollars to be spent and online crooks were counting on careless online shoppers.
A new scam popped up just in time for the busy online shopping season. It involves an email sent after shoppers make a purchase, similar to an online receipt. But it comes with a big risk.
Richard Scott is an online shopper who knows about risks.
“I've had problems with my credit card, the number being stolen and things like that,” he said.
And with a lot of attention to cyber safety, it appears shoppers are getting smarter.
“I normally stay on the sites that are you know, the original sites,” Sarah Koplin told KGW.
But now, the experts said it’s after consumers make a legitimate, secure purchase when they can get targeted.
Mark Eisenhart found out the hard way. “I got burned, where I had a tablet that I had purchased and I was charged duplicate times,” he said.
It’s not money that many crooks are after. It’s identities.
Because in the world of cyber crime, an identity is as good as money.
The latest scam is an email sent out to millions of people. It is to confirm a purchase, called an order confirmation. It’s not uncommon to receive one after you buy something online.
But this one is fake. It looks like a purchase confirmation from Amazon.com, but it’s actually a scam to collect information.
It’s difficult to spot, because most people trust Amazon’s website. And that’s what the cyber criminals are exploiting.
Iovation, based in Portland, is one of the largest online fraud prevention companies in the world.
Iovation’s Chief Technology Officer, Scott Waddell, said a legitimate online retailer will not ask you for your information in a confirmation email.
“Anything that says I want you to confirm your log-in credentials, that's a dead giveaway for phishing right there. They're going to send you to another site, the link in this email just says "click here" if you hover your mouse over it you'll see that's not going to Amazon.”
Instead, it’ll take you to a site that looks like Amazon.com that will steal your personal information and subsequently take over your account.
Waddell said not to respond to links in emails sent from online retailers.
“Instead, you should open your web browser and manually type in Amazon.com and log-in and see what's up.”
Eisenhart agrees, but admits it’s hard to spot a real website from a fake one.
“You have to be really careful because it looks really authentic,” he said.
The fake email is not limited to Amazon.com. Experts said the email can be made to look like any major online retailer.