The holiday season is the best time of the year. Many of us spend quality time with our families, enjoy delicious food and even go on vacations. For many, it’s also a time to indulge in shopping. And why not? This is when you find the best deals on your favorite products, whether it’s a new electronic gadget or a household essential.

However, the holiday season also comes with an increased risk of mobile fraud while shopping online. Scammers often target online shoppers in more ways than you might imagine. Fortunately, with some awareness and precautions, you can protect yourself. Below, I’ll discuss the rise in mobile shopping scams and how you can stay safe.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

The rise in mobile fraud

According to Appdome’s latest U.S. Consumer Survey, 60.6% of Americans say fraud is their biggest concern. More than 40% of global consumers reported that they or someone close to them had been directly affected by mobile fraud, malware or a cyberattack. With mobile apps now being the main way people interact with brands, skepticism among users is growing. In fact, 24% of consumers believe developers don’t care about app security, a massive jump of 258% since 2021. 

Social engineering has become a major worry, as people are becoming more aware of the many ways mobile fraud can happen. This includes things like location spoofing, scams that manipulate users and account takeovers. Almost half of the survey respondents this year said they or someone they know personally had dealt with fraud, scams or similar issues.

Such scams also affect your online shopping experience. I spoke with Tom Tovar, CEO of Appdome, regarding what consumers need to know when they are shopping on their mobile devices this holiday season. 

“Consumers should be aware of phishing, smishing and vishing scams, which exploit fake emails, deceptive SMS messages and fraudulent phone calls to steal sensitive information. More sophisticated threats include FaceID bypass attacks, such as those carried out by the GoldPickaxe malware, which uses AI-enhanced techniques to bypass biometric authentication,” Tovar said.

“Other significant risks include banking trojans, which infiltrate apps to steal login credentials or financial data, and accessibility malware, which exploits device accessibility features to take control of mobile interactions. The rise of these sophisticated threats highlights the need for robust in-app security.”

A woman shopping on her smartphone (Kurt “CyberGuy” Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

4 steps to take to protect yourself while shopping on your phone

Shopping scams are becoming harder to detect, but it’s easy to stay ahead of them. Here are some steps you can take to protect yourself while shopping on your phone.

1) Shop on a safe mobile app

This might seem obvious, but sticking to trusted apps can help keep you safe while shopping. By trusted apps, I mean platforms like Amazon, eBay and Walmart.

“With the growing sophistication of mobile threats, it’s becoming increasingly challenging for consumers to identify risks independently. Threats like phishing, accessibility malware and banking trojans are designed to mimic legitimate functions, making them nearly impossible to detect at a glance. Instead of relying solely on spotting issues, consumers should look for apps that clearly communicate their commitment to security through visible privacy policies, transparent security practices and updates addressing new threats. Choosing apps from trusted sources and reading user reviews can also provide reassurance,” Tovar said.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

2) Watch out for phishing, smishing and vishing scams

When shopping on your phone, be cautious of phishing, smishing and vishing scams, as they are common tactics used to steal your personal and financial information. Phishing involves fake emails that look like they are from trusted retailers, tricking you into sharing sensitive details like passwords or payment information. Smishing is a similar tactic but delivered through text messages, often containing links to fake websites or malicious downloads. 

Vishing, on the other hand, involves scammers making phone calls pretending to be customer service representatives from well-known brands, attempting to gain access to your private information. Always verify the authenticity of emails, texts or calls before clicking links or sharing details to ensure a safe shopping experience.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Be cautious about the permissions you grant to apps

When shopping online on your phone, it’s important to be careful about the permissions you give to apps. A lot of apps may ask for access to things like your camera, contacts or location, even if it’s not necessary for the shopping experience. Always think twice before granting these permissions.

“These permissions are often abused by malware to collect sensitive data or perform unauthorized actions. Before granting permissions, consider whether they align with the app’s purpose. Developers can mitigate these risks by incorporating protections from Appdome’s anti-fraud offering, which protects against the many abuse methods used by malicious actors to abuse mobile app permissions,” Tovar said.

A woman shopping on her smartphone (Kurt “CyberGuy” Knutsson)

BEWARE OF ENCRYPTED PDFs AS LATEST TRICK TO DELIVER MALWARE TO YOU

4) Protect your financial information

Protecting financial information is crucial, especially when shopping online. It’s important to use secure websites, indicated by “https” in the URL, and avoid saving payment details in apps or on websites unless they are trustworthy.

While consumers should stay vigilant – by using trusted apps, downloading only from official app stores and monitoring for suspicious activity – there’s only so much they can do, Tovar said.

“The sophistication of modern threats often makes it impossible for users to identify or prevent all risks on their own,” he said. “Consumers have a better chance of keeping their personal information secure by choosing brands that prioritize security and back it up with tangible actions, such as automating robust protections and delivering proactive, built-in security measures.”

Kurt’s key takeaway

The holiday season is a prime time for shopping and, unfortunately, for scams. As mobile shopping continues to grow, threats like AI-driven scams and advanced malware are expected to increase. However, you can keep yourself safe by staying informed about potential threats, choosing apps with robust security measures and practicing good mobile hygiene. It’s also the responsibility of app developers to ensure users don’t fall prey to scammers.

Do you think app developers are doing enough to keep people safe from scams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Google Home is testing a new feature that will allow friends and family members to help manage smart devices around your home. Two access levels are available: “Admin” which provides full control over account and device permissions, and “Member” for people who require more limited access.

Google says that Admin access is for “trusted partners or people who co-manage the home with you.” Admins can add, remove, and manage users, add and remove devices, and link subscriptions to the home account. Members can manage basic device controls like viewing live security camera feeds, and adjusting personal settings like voice and face match assistant features.

Two further permission tiers are available for Members: “Settings” to fully control devices and home-wide settings like automation and Nest Wifi device network features; and “Activity” to authorize access to device and home-wide history for things like cameras, locks, and sensors.

Participants can add someone as an Admin or a Member by opening the Google Home app settings, tapping “Household and access,” and selecting the plus icon to invite a new home member. Those you invite don’t need to be enrolled in public preview themselves, but will need to be running the latest version of the Google Home app.

Using a virtual private network (VPN) can significantly enhance your online security, especially when accessing sensitive information like banking apps. However, it can also lead to complications, such as being blocked from accessing your bank’s services.

Melissa from Dallas wrote to us asking, “How can I use a VPN without getting locked out of my banking app? It’s very frustrating, and I worry about my security when I have to turn off the VPN. Are there any specific tips to ensure I stay both secure and connected?”

Melissa, we totally understand how that can be aggravating. We’ll guide you through the steps to use VPNs effectively while ensuring your banking activities remain secure and accessible.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What is a VPN?

A VPN encrypts your internet traffic and reroutes it through a server in a different location than your own. VPNs make it appear that you are connecting to the internet from whichever location the server is hosted in rather than your actual location.

When you first connect to a network using a VPN, your device will establish a secure connection with the VPN server and your device’s IP address will appear as the VPN server, meaning that only your internet service provider will see that you’re connecting to a VPN server. Normally, when you connect to a website, the website or any online services you visit can see your device’s technical information, including location-sensitive data such as IP addresses.

A VPN on a laptop (Kurt “CyberGuy” Knutsson)

BEST VPNs FOR BROWSING WEB IN 2024

Understanding VPNs and their benefits

A VPN creates a secure tunnel between your device and the internet, encrypting your data to protect it from prying eyes. The three key benefits of using a VPN for online banking include:

1) Enhanced security: Encrypts your connection, making it difficult for hackers to intercept sensitive information.

2) Privacy protection: Masks your IP address, helping you maintain anonymity while browsing.

3) Access to geo-restricted content: Allows you to access banking services when traveling abroad.

Illustration of how you can use a VPN worldwide (Kurt “CyberGuy” Knutsson)

HOW VPNs SHIELD YOUR IDENTITY, SECURE YOUR FINANCIAL TRANSACTIONS FROM THEFT

Steps to use a VPN safely with banking apps

1) Choose the right VPN

Select a reputable VPN service that prioritizes security and privacy. Look for features such as:

• Military-grade encryption (256-bit AES)
• No-logs policy to ensure your activities are not tracked.
• Kill-switch functionality to prevent data leaks if the VPN connection drops.
• Servers in your home country to avoid triggering alerts from your bank

2) Install the VPN software

Download and install the VPN application on your device. Most VPN services offer user-friendly interfaces compatible with various operating systems, including Windows, macOS, Android and iOS.

3) Connect to a server

Before accessing your banking app:

• Launch the VPN application.
• Connect to a server located in your home country. This helps prevent your bank from flagging your access as suspicious.

4) Log into your banking app

Once connected:

• Open your banking app or website.
• Log in as you normally would. If you encounter issues, consider clearing browser cookies or switching servers within the VPN.

5) Monitor for any issues

If you experience difficulties logging in:

• Disable the VPN temporarily and try accessing the app again.
• Change the VPN city/location to match the city where you live or are currently located.
• When traveling, be sure to change the VPN to the city where you live to avoid issues.
• Contact customer support for both your bank and the VPN provider if problems persist.

A woman logging onto her VPN on her tablet (Kurt “CyberGuy” Knutsson)

CAN YOU BE TRACKED WHEN USING A VPN?

What to do when your VPN gets blocked by your bank

Now, some websites, especially banking sites, might get a little suspicious when they see you’re using a VPN. They might even block you out. So, what do you do if your bank’s website won’t let you in with your VPN on? Don’t panic. Here are a few quick fixes:

• Try contacting your bank’s customer support. They might have a solution or be able to white-list your VPN, which basically means allowing your connection to bypass security blocks.
• Change the VPN city/location to match the city where you live or are currently located.
• If all else fails, you can always temporarily disable your VPN when accessing your banking app. Just remember to turn it back on when you’re done.

Now, you might be wondering, “Is it safe to turn off my VPN for banking?” Well, as long as you’re on a secure, private network (not public Wi-Fi), you should be OK. Just make sure to enable it again as soon as you’re done. Remember, while VPNs can sometimes be a bit of a hassle, the privacy and security they provide are totally worth it.

Choosing the right VPN for banking security and safety tips

Securing your financial information with reliable VPN services and following these practical safety tips are important.

1) Choose a reliable VPN: Select a reputable VPN service with strong encryption protocols. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

2) Always use VPN on public Wi-Fi: Never access financial accounts on public networks without activating your VPN first.

Are there any misconceptions about VPNs and online banking that you’d like clarified? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.