MENU

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

As Christmas season is fast approaching, Christmas shoppers should be cautious when looking for gifts online. During and after Christmas, it is noticeable that there is an increase in number of reports on fake online sellers.

The internet offers convenience which is not available from other shopping outlets. From the comfort of your home, you can search for items from multiple vendors, compare prices with a few mouse clicks, and make purchases without waiting in line. However, the internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

Unlike traditional shopping wherein it is actually the store it claims to be, attackers can create malicious websites or email messages that may appear to be legitimate. Attackers may also misrepresent themselves as charitable entities, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to lure the victim to provide personal and financial information.

 When you do your online shopping, you will have to provide financial information most likely in the form of the credit card details. No matter how secure a site may be, it is important to realize that putting credit card information on the internet is inherently risky, therefore, it is important to minimize that risk.

 The way to determine the level of security on a website is to search the domain name on a domain search website to check the date creation. Older websites tend to be more reliable than newly formed ones, which can easily fake online shopping sites that usually deactivates after a short period of time.

 No legitimate online shopping website will require information such as your mother's maiden name or your Social Security number. Credit card companies also do not ask for your password over the Internet or the phone.

 An online retailer does not provide adequate information about privacy, terms and conditions of use, dispute resolution or contact details. The seller may be based overseas, or the seller does not allow payment through a secure payment service such as PayPal or a credit card transaction.

RECOMMENDATION

The public are advised to follow the tips in order to avoid the risk of Online Shopping Scam, to wit:

  • Look carefully at the domain name to see check if it is the site that you wanted intended to visit;
  • Check the contact page to find the name of the owner and use a lookup service on the URL to find additional information about the site;
  • Never send money or give credit card or online account details to anyone you don’t know or trust; and
  • Never engage in any financial transaction, bitcoin or otherwise, via direct message on social networks.

For additional information, please refer to the following websites:

  • https://www.salehoo.com/blog/how-to-avoid-online-shopping-scams;
  • https://www.us-cert.gov/ncas/tips/ST07-001;
  • https://www.scamwatch.gov.au/types-of-scams/buying-or-selling/online-shopping-scams#more-information;

POINT OF CONTACT

Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.