Merchandise scams are expected to increase as Canadians turn to online shopping during Black Friday, Cyber Monday, and the upcoming holiday season. Officials warn COVID-19 adds a layer of vulnerability.
Jeff Thomson, a senior intelligence analyst at the Canadian Anti-Fraud Centre (CAFC), said in an interview that a lot more scams are taking place because there are more first-time online shoppers.
“There are more people shopping online to buy goods because, for a while, everybody was in lockdown, they couldn’t go out,” he said. “People who’ve never shopped online before, it’s their first-time experience shopping online, and there’s an increased risk.”
As of Sept. 30, the CAFC has received 2,846 merchandise scam reports, of which 2,354 are victims of $7.3 million in total reported losses, the CAFC said in an email. In all of 2019, the CAFC received 3,034 reports of merchandise scams, of those, 2,305 were victims involving $2.9 million in total reported losses.
“The big jump in dollar loss can be attributed to some victims that placed large orders for [Personal Protection Equipment] that was never received,” the CAFC said.
The Canadian Centre for Cyber Security said in its 2020 National Cyber Threat Assessment report that over the next two years Canada will “continue to face online fraud and attempts to steal personal, financial, and corporate information.”
How to avoid getting scammed online
Scott Jones, head of the Centre for Cyber Security, said in an interview that those fraud attempts will continue because cybercriminals “understand our psychology.”
“They understand what drives us. With COVID-19 they were really playing off on fear, trying to get people to click. They’re really playing off of those types of emotions that we all feel,” he said. “When we get closer to the holidays, a lot of us are feeling financial pressure. So we are looking for better deals and that’s a great way of drawing in people because you know that they’re feeling that pressure.”
Jones emphasized that if a deal is “too good to be true, it probably is.” He added that if you see a deal in an ad, try to go back to the origin of where the product is sold to see if it is a legitimate deal. Jones also said looking for legitimate sellers is a better route than paying attention to ads that could be fake.
“If they’re asking you to pay in an abnormal way, I would question it,” he said, adding that if you find that you are scammed, then to not feel embarrassed and to report it immediately.
Small businesses will be targeted: Bhatia
Sumit Bhatia, director of communications and knowledge mobilization with Ryerson's Cybersecure Catalyst, said in an interview that cybercriminals are not only targeting and scamming Canadians with enticing offers but are also targeting small businesses that have opened online shops for the first time.
“A lot of smaller businesses that have now had to adapt themselves to selling online have not thought about cybersecurity and thought about compliance around payments. They don’t have that same infrastructure that a larger provider has,” he said.
Bhatia said more needs to be done to help improve the cybersecurity infrastructure of small businesses, which face a greater threat. He added that the Cyber Centre’s report is an example where the focus on small businesses is “quite minimal.”
“We talk about the exposure to enterprises because the dollar figure impact, the volume that we will see, is much greater, but small-to-medium-sized businesses are over 50 per cent of the total threat landscape and yet we’re not really giving them due attention,” he said. “If anything we have to do more on that side.”
Justin Lie, CEO of Shield, an online fraud protection company, said in an interview that because everything is more “mobile-first” it’s easier for cybercriminals to take advantage of Canadians.
“Three to five years ago... the majority of the transactions or purchases made online was predominantly based on laptops and desktops. It’s only recently where you see a huge surge of mobile-first purchases,” he said.
Lie said there’s a big difference between cybersecurity on laptops versus mobile phones. Laptops have more sophisticated backend systems, whereas mobile phones are less complicated and therefore require the user to install more robust cybersecurity to make it harder for criminals to attack.
“There’s a huge migration of traditional hackers and criminals that are going towards mobile applications, and mobile applications still have a huge gap in accessible cybersecurity solutions,” he said. “Hopefully that will change.”