It is no secret that cybercriminals enjoy taking advantage of significant holidays, with Christmas and Black Friday scams for personal gain and targeting the retail sector, mainly e-commerce. In the third quarter of 2021, online stores came second in the number of reported phishing attacks (20.63%).
These numbers show it is critical to be aware of potential threats when shopping online. That’s why we keep a close eye on the landscape of cyber threats and educate our audience on how to protect themselves against the latest criminal activity aimed at online shoppers.
Big Day for Not Just Shoppers, But Cybercriminals Too!
The biggest shopping day of the year is Black Friday, with the British alone expected to spend £9.2 billion online this year. However, while the date can bring some fantastic deals, making Christmas (a little) more affordable, it also brings the threat of Black Friday scams.
Cybercriminals anticipate people rushing to their computers, smartphones, or tablets to take advantage of the best Black Friday deals. As a result, they create specific, targeted scams to dupe unsuspecting customers into providing personal information, allowing them to steal anything from gifts and money to your identity. In 2020, a total of £6.98 million loss occurred in the UK due to Black Friday scams. This figure will likely rise in 2021.
Now the last thing anyone needs in the run-up to Christmas is more stress, data theft, and financial hazards (shouldn’t even be the last thing – it shouldn’t be on the list at all). So, here are the top five Black Friday scams, as well as tips on how to avoid becoming a victim during holiday shopping.
Top Five Black Friday Scams and How to Avoid Them
In terms of new holiday scams for 2021, ongoing supply-chain issues may cause some popular items to be in short supply. It’s a good idea to be wary of online ads offering low-cost deals on hard-to-find items. Expect some Black Friday scams in 2021 to prey on the desire to obtain the desired gift without first verifying the legitimacy of the “seller.” Let’s take a look at the most common Black Friday scams and how to avoid them when shopping online:
Black Friday Scam No. 01: Non-Delivery Scam
You’re looking for a gift online when you come across the ideal present at a reasonable price. So you go to the website, add the item to your cart, and then click “buy.” Nevertheless, you never receive a tracking number, the package is never delivered, and the seller vanishes. You’ve been duped by a “non-delivery scam,” according to the FBI.
How To Avoid It
Only shop at reputable stores. If you’re shopping with a new merchant, make sure you do your homework. Look for a physical address, a phone number for customer service, and a professional-looking website. Poor spelling, strange design, and slow loading are all red flags for shady websites. Also, only make purchases from sites that use SSL encryption and have URLs that begin with HTTPS and a lock icon in the corner to avoid this Black Friday scam.
Black Friday Scam No. 02: Phishing Scams
Criminals may use Black Friday shopping as an opportunity to add a holiday twist to phishing scams. You may receive an email or other message informing you that there is a problem with an item you ordered in this Black Friday scam. However, you are unfamiliar with the purchase and are confident that you did not buy it.
The message could be a phishing email designed to trick you into clicking a suspicious link, providing your bank login credentials, or giving the criminal your personal information.
Example of instant phishing Black Friday scam.
Phishing campaigns have four categories:
- Phishing scams, such as an email posing as a bank or a trusted brand asking the user to confirm a payment or offering a special deal
- Brand impersonation, such as an email posing as a bank or a trusted brand asking the user to confirm a payment or offering an exceptional bargain
- Extortion, intended to scare the user into complying
- Quid Pro Quo, in which users provide sensitive information in exchange for a valuable gift or product
- Business email compromise, a focused attack on a company rather than an individual
How To Avoid It
Stop and think if you get a message about an item you didn’t order. The criminal is attempting to throw you off balance, hoping that you will take the requested action because you want to find out what’s going on. If you’re not sure if a message is genuine, try contacting the company via other channels you’ve discovered on your own, such as chat or their customer service phone number.
Black Friday Scam No. 03: Sham Shopping
You think you’re going to your favorite department store’s website to get some Black Friday deals but end up in another 2021 Black Friday scam. It happens because you accidentally misspell the name when typing it into your browser bar. So, you make a “purchase” thinking you’re on the actual site. Instead, the scammer takes your credit card information to use or sell, as well as other personal details like your name and address.
Example of a sham website or copy-site
How To Avoid It
The simplest way to avoid a cloned site is to ensure you’re shopping on a legitimate site. You could, for example, save your favorite shopping sites as bookmarks for quick access. Also, never go to a store by following a link in a “deal” email or on social media.
Black Friday Scam No. 04: False Delivery Notification
This year, many people will do their holiday shopping online, and criminals are taking advantage of this by sending false delivery notifications via email or text message. These messages may appear to be from the United States Postal Service, FedEx, or UPS. Scammers are betting that you recently made an online purchase, and Black Friday and Cyber Monday increase their chances.
They may mention a delivery issue and provide a link that you can use to “resolve the issue.” In addition, you may get a request to enter personal data or a credit card number.
Example of a false delivery notification
How To Avoid It
Simply being aware of the scam is a good start. If you receive an email or text message about a delivery issue, do not click any links or call the phone number provided. If you believe the message is legitimate, look up the company’s information and contact them directly. Inform them of the scam if the content is not reliable.
Black Friday Scam No. 05: Phony Donations
Cybercriminals are likely to take advantage of Black Friday and the holiday spirit by telling heartwarming stories to entice people to donate to fictitious charities. These con artists are aware that charitable donations as holiday gifts have grown in popularity in recent years.
How To Avoid It
Never donate on the spur of the moment in response to a social media ad or plea. Instead, take the time to look into charities using resources that track and rate them. Charity Navigator, for example, has a feature that allows you to search for high-rated charities and a gift basket feature that enables you to donate to multiple charities at once.
Here’s What Companies Can Do
Undoubtedly cyberattacks infiltrate a website’s payment application and install code that captures customers’ payment card information as they make purchases. These types of attacks may not make the news, but they have real consequences for both customers and retailers.
- It is essential to understand the significance of integrity software. Cybercriminals who attack Web applications don’t go after data in transit. Instead, they inject code into Web forms to capture data as customers fill the form. So, in addition to patching OS and payment application code, add file integrity software to your malware defenses on payment sites to combat this method.
- Organizations must always prioritize data security. Therefore, retailers must take appropriate measures to assist in the fight against cyberattacks. While there is no foolproof solution, businesses can reduce risk.
- It’s essential to continue to invest in new technologies that make it more difficult for criminals to exploit point-of-sale terminals as low-hanging fruit. EMV smart cards and mobile wallets are examples of solutions, as is any method that uses a one-time transaction code instead of a primary account number.
- Communicating with customers and presenting essential tips on cybersecurity in a clear language, on accessible sections on their websites and stores go a long way towards protecting their revenue and customer relations, making themselves a trustworthy partner against Black Friday scams or other holiday scams.
We understand that some gifts are more difficult to come by this year due to ongoing supply chain issues and rumors of Christmas cancellations. Therefore, consumers are more likely to buy on impulse as demand rises rather than thoroughly checking the legitimacy of their purchases. Still, it is imperative that everyone stays alerted for data theft and cybercrimes, whether in a retail establishment, mobile device, social media account, or computer.
Consumers owe it to themselves to be cautious about who they share their personal information with and how they conduct themselves online. Retailers also bear a significant responsibility to safeguard their data and brand and the data of customers who rely on and trust these brands.
Schedule a demo with Right-Hand Cybersecurity to learn how to spot Holiday or Black Friday scams and educate customers and employees before becoming victims. Always keep in mind that each security step can significantly impact detecting and deterring cyber criminals, no matter how minor.