Online shopping scams: Protect yourself against fraud and identity theft

As the digital marketplace continues to expand, so do the risks associated with online shopping and identity theft. At Orbit Insurance Services, we’re committed to helping Canadians navigate the online world safely, whether you're browsing social media for holiday deals or scanning QR codes at your favourite café. Cybercrime is evolving, and awareness is your first line of defence.

Online shopping scams are on the rise

Online shopping scams are becoming increasingly sophisticated resulting in 36,228 victims of fraud in 2024¹. Fraudsters are setting up fake websites and social media storefronts that mimic legitimate retailers. These sites often advertise deep discounts or limited-time offers to lure unsuspecting shoppers into entering their personal credit card information or downloading malware.

What to watch for:

• Unusual URLs that look similar to trusted brands but include subtle misspellings or extra characters are an indication of a scam. Scammers often create fake websites that mimic well-known brands by using URLs that are almost identical to the legitimate ones. For example, instead ofwww.amazon.com, a scam site might use www.amaz0n.com or www.amazon-shop.com. Always double-check the URL address before clicking any links, especially if you received them through unsolicited emails or messages.

• No contact information included in e-mails or other online communications. When you receive an email or message from a company, look for their contact information. Reputable companies will always include their physical address, phone number, and email address in their communications. If you can't find any contact details or if the provided information seems suspicious, it's a red flag. Scammers will avoid providing contact information to prevent you from reaching out to verify the legitimacy of their offers.

• Pressure tactics like “Only 2 left!” or “Offer ends in 10 minutes!” are common ploys to pressure you into a decision. Urgency and scarcity tactics are used to create a sense of panic and rush you into making a quick decision. Always take your time with online purchases and don't let websites pressure you into making hasty decisions.

• Unsecure payment pages can be an indication of a scam. When making online purchases, it's crucial to ensure the payment page is secure. Look for "https://" at the beginning of the URL and the padlock icon in the address bar. These indicators show that the website uses encryption to protect your payment information. If these security features are missing, do not enter your payment details, as it could be a sign of a scam.

Social media scams

Social media platforms are particularly vulnerable to fraud and identity theft scams⁷. Sponsored ads on social media platforms may lead to fraudulent sites and fake accounts can impersonate real businesses. Before you click, take a moment to pause and verify an account’s authenticity and read reviews from other users.

What to be aware of while shopping on social media:

• Short links with random characters on sponsored ads. Scammers often use shortened URLs with random characters in sponsored ads to disguise the true destination of the link. These links can lead to fraudulent websites designed to steal your personal information or install malware on your device. Always research the account that posted the ad to ensure it’s a legitimate brand. Look for verified badges, check the number of followers and read reviews from other users to verify the authenticity of the account.

• Improper grammar and spelling mistakes in a reply you receive on social media from a business. Legitimate businesses typically maintain a professional standard in their communications. If you receive a reply from a business on social media that contains improper grammar or spelling mistakes, it could be a sign of a scam. Scammers often operate from countries where English is not the first language, leading to poorly written messages. Be sure to scrutinize the quality of the communication and be wary of any messages that seem unprofessional.

• Requests for personal or banking information while communicating through a social media account. Sharing personal or banking information through social media is risky and should be avoided. Legitimate businesses will never ask for sensitive information through social media platforms. If you receive such a request, it’s likely a scam. This type of information should only be shared through secure methods, such as encrypted websites or secure customer service channels. It's important to take a moment to verify the legitimacy of the request by contacting the business through official channels before providing any personal information.

QR codes: Convenient but risky

While QR codes offer convenience, they also present new opportunities for scammers. One tactic known as QR phishing or “quishing” involves placing malicious QR codes in public spaces or embedding them in emails and packages. When scanned, these codes redirect users to fake websites designed to steal personal information.

Tips to stay safe: 

• Inspect the QR code. If it’s a sticker placed over another code, be cautious. 
• Verify with the source to make sure the QR code is safe to use. If it seems suspicious, request an alternative method. 
• Don’t scan unsolicited codes, especially those received via email or text from unknown sources.
• Use a secure QR scanner. Some apps can preview the URL before opening it.
• Avoid entering sensitive data. If a QR code leads to a login or payment page, verify the site’s legitimacy first.
• Update security software on your devices to help detect and block malicious downloads⁵. 

Identity theft and two-factor authentication (2FA)

Identity theft can happen in seconds but take months to resolve. Cybercriminals use stolen personal information to open accounts, make purchases, or even file fraudulent insurance claims. One of the most effective ways to protect yourself is by enabling two-factor authentication⁶ (2FA) on all your accounts.

Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a text message code, email confirmation, or biometric scan, before granting access. Even if a hacker obtains your password, they won’t be able to access your account without the second factor.

Best practices for digital security:

• Enable 2FA on banking apps, email, social media and any service that supports it.
• Use strong, unique passwords and avoid using the same password across multiple accounts.
• Monitor your accounts regularly to check for unauthorized activity.
• Be cautious with public Wi-Fi. Avoid logging into sensitive accounts on unsecured networks when you are in hotels or other public spaces.
• Identify high-value information and where it is stored so you can control how it’s secured.

Real-world impact: Why it matters

The Canadian Anti-Fraud Centre received 108,878 fraud reports in 2024 alone, totaling over $638 million in reported losses.¹ The most common types of fraud included phishing, identity theft and online shopping scams. With the holiday season fast approaching, scammers are ramping up their efforts to exploit distracted shoppers and overwhelmed retailers.

Imagine ordering a gift from a fake website and never receiving it, or worse, having your credit card information stolen and used to rack up thousands in charges. Scanning a QR code at a pop-up market only to find your banking credentials compromised. These scenarios are becoming more common, and the emotional toll can be just as damaging as the financial loss.

What you can do today

Protecting yourself doesn’t require advanced tech skills, just a few smart habits:

1. Shop from trusted retailers by sticking with well-known brands and verified sellers.
2. Use secure payment methods like credit cards and digital wallets that offer better fraud protection and enhanced security when shopping online².
3. Keep software updated by installing the latest security patch to help protect against known vulnerabilities.
4. Educate family and loved ones about online safety³. Make sure to include seniors and children in these conversations so everyone is aware of the threats they may encounter online.
5. Review your insurance policy to make sure you have coverage for cyber-related incidents.
6. Report fraud. If you or someone you know is the victim of a fraud related incident, report it to the Canadian Anti-Fraud Centre⁴.

Orbit Insurance Services’ commitment to cyber safety

At Orbit Insurance Services, we’re more than just a provider, we’re your partner in protection. We believe that education is key to prevention and we’re proud to offer resources that help our customers stay informed and empowered. 

We understand that cyber threats are more than just an inconvenience, they can have serious financial and emotional consequences. That’s why we offer identity theft protection and cyber coverage as part of our home insurance policies.

Here’s how this coverage can help:

• Identity recovery helps to pay for expenses involved in restoring your identity and credit records. When your identity is stolen, it can be a long and costly process to restore your credit and personal records. Identity recovery coverage helps to cover the expenses associated with this process, such as legal fees, notary costs, and the cost of obtaining credit reports. This coverage ensures that you have the financial support needed to reclaim your identity and restore your credit standing.

• Cyber extortion coverage provides you with access to professional assistance, including legal and technical experts, to help you respond to these demands and mitigate the impact of the extortion attempt. Cyber extortion occurs when a cybercriminal demands money or other forms of payment in exchange for not carrying out a threat, such as releasing sensitive information or disrupting your online services.

• Credit monitoring services alert you of suspicious activity on your accounts. Credit monitoring services continuously monitor your credit reports for any unusual or suspicious activity, such as new accounts being opened in your name or significant changes to your credit score. If any suspicious activity is detected, you will receive an alert, allowing you to take immediate action to protect your credit and prevent further damage.

• Cyber liability protection provides coverage for damages from data breaches or online fraud. This specific type of liability protection helps cover costs associated with data breaches or online fraud; including legal fees, notification costs and credit monitoring for affected individuals. This coverage is essential for businesses and individuals who handle sensitive information, as it provides financial protection against the potentially devastating consequences of a cyber incident.

• Home systems attack coverage includes the expenses involved in restoring data and systems after unauthorized use, access, or a malware attack on your connected home devices. In today's interconnected world, many homes are equipped with smart devices such as security cameras, thermostats, and home assistants. These devices, while convenient, can be vulnerable to cyber-attacks. A home systems attack can occur when a cybercriminal gains unauthorized access to your connected devices, potentially leading to the theft of personal information, disruption of services, or even physical damage to your home.

Whether you’re a long-time client or exploring your options, we invite you to connect with our team to learn more about how Orbit can support your digital safety. From personalized coverage to expert advice, we’re here to help you shop, scan and search online with confidence.

If you’re unsure what your current policy coverages, contact an Orbit insurance broker who can help review your existing coverage and explore options to help protect yourself and those you care about most.

Contact Us

Request a Quote

Sources

1. Canadian Anti-Fraud Centre
2. Safest payment methods
3. Protect yourself from scams and fraud
4. Report fraud
5. Quishing
6. Government of Canada
7. Social Media Scams