Are Your Employees Shopping for Trouble with Online Scams?

Fraudulent Products: Definitely Fake and Possibly Fatal

In 2018, the U.S. Government Accountability Office found that two out of every five products purchased online were counterfeit. Getting ripped off is bad enough, but fake products can actually harm your employees’ health. A Business Insider story cited studies showing counterfeit products can contain harmful substances, like cyanide and rat droppings. One buyer even reported getting counterfeit car brake pads that failed within a month of installation. In addition to fake and harmful products, your employees need to keep an eye out for “phishy” shipping scams.

HR to the Rescue White PaperDownload Now

“Phishy” Shipping Scams

With this type of scam, criminals pretend to be a representative of a shipping company, so they can steal a customer’s personal information to commit identity fraud. How it works: a criminal will send a phishing email that looks like it’s coming from a shipping company. The email contains what looks like “package tracking” links but are really malware that downloads to your employee’s personal computer. Or the links direct them to a website designed to steal personal information. Below is an example of a very credible-looking phishing email:

Appearing to come from a reputable shipping company (UPS), it looks like a legitimate shipping notification. At first glance, you wouldn’t think anything “phishy” was going on here, but after a closer review, you will notice that it doesn’t give a delivery address, shipper’s name, or even the recipient’s name. Also, if you were to hover over the link, you’d find that it goes to OneDrive.com, Microsoft’s online file-sharing service. Hackers now use file-sharing sites such as OneDrive and Google Drive to deliver malware. Any of these email red flags should cause a shopper to hesitate.

Data Breach—The Bargain Nobody Wants

Shopping and shipping scams can also impact your business. Thanks to BYOD policies, employees could easily click on that “tracking link” in the phishing email while they are connected to the company’s network. The hacker’s malware could then infect company systems and data, potentially causing a breach.

This scenario illustrates one of the many ways employees are a top cause of breaches. In fact, Forrester Research found that 44% of the breaches reported in a recent study were caused by employees who exposed sensitive information to hackers or data thieves.

So while your employees—and you!—certainly deserve a little retail therapy now and again, getting conned into a “must-have” deal can have serious consequences. Teaching your employees to practice safe online shopping helps avoid these risks. You can also help by providing identity and privacy protection benefits that alert your employees to suspicious activity. They can act quickly to stop identity fraud or privacy compromises in their tracks, and you add another layer of defense between your business and cyber-criminals. Now that’s a bargain that you can have confidence in, any time of the year.

Download the HR to the Rescue white paper to learn more about defending your employees’ privacy and identity.