Heimdal
article featured image

Contents:

Black Friday is approaching and in the run-up to the huge sales day, you should stay safe when it comes to the scams and tricks that malicious actors might try to use against you.

Is Black Friday Dangerous from a Cybersecurity Standpoint?

Is water wet or winter cold? So, I ask you: why pass up a perfectly good opportunity to rip off a couple of naïve users who haven’t a clue about online shopping.

It doesn’t matter if it’s Father’s Day, Christmas, Easter, Thanksgiving, or the winter solstice – the thicker the crowd, the most likely it is for a pickpocket to be there.

Although the whole shopping fever lasts for only one day, there are plenty of people who are willing to spend serious cash. It makes sense: why give in to the impulse, when you can wait out for a better deal? And, I have to admit, that some of those deals can run pretty hot.

Anyway, scammers are out there and they’re just jumping at the chance of emptying your bank account. So, this article being about Black Friday scams, let’s take a closer look at the most common and uncommon scams.

Most Common Black Friday Scams

1. Spoofed Websites

Cloned websites are usually used when it comes to stealing credentials, as they’re very hard to identify.

Phishing done with spiked websites is a year-round practice, but this threat usually blooms during the festive season.

Since Black Friday, Cyber Monday, and Thanksgiving are just around the bend, you can be sure that scam sites will increase in number.

2. Unrealistically low bargains

We already covered the fake websites/apps that reel in their victims with incredibly cheap items. This isn’t exactly what you might call brand-spanking-new. The technique’s been around for centuries and is still in use because guess what? It works! The approach is not rocket science: using fake apps or websites, the scammers post ads for items belonging to big brands (Nike, Addidas, Fossil, Cartier, Hugo Boss, etc.) at incredibly low prices.

So, if an item, say a smartphone, goes for $100 whereas the regular price is around 1G, then you’re probably dealing with a scam.

In exchange for your phone number, email & physical address you would get a free pair of headphones, which usually run for 200 bucks! This is one of many examples.

3. Spoofed electronic discount cards

It’s the season to be jolly (well, not that season), and nothing spells out “bliss” than a discount card.

Don’t get me wrong; there’s nothing more satisfying than opening up your email inbox and seeing a gift card from your favorite shop, but can you really trust such a God-sent gift? The answer’s obviously “no” and you would do well to steer clear of PBF (pre-Black Friday) SMS, IM, or email discounts. Some are legit, no doubt of that. But they’re really hard to tell apart from spoofs. For instance, you might receive a redeemable code from what appears to be a legit vendor, but clicking on it will lead you nowhere. I will tell you more in the second of this article.

4. Issues regarding delivery or order

Another method used by scammers to steal your credentials is to send fake emails or phone messages about delivery or transaction issues. The most know are the “failure to deliver a package” and “order confirmation” spoofs. What do they exactly mean? The first method involves sending a spoofed email or SMS to a user who bought something from an online retailer. It may be something generic like “dear Amazon customer” or can even have that personal touch to reinforce the illusion.

You’ll be casually informed about a bungled delivery, and asked to reconfirm your address (yeah, right!). No legit vendor will ask you to reconfirm the delivery address. As for the second method, well, it works more or less like the first one: you will receive an email or phone message with an order confirmation link. If you click or tap on the link, you will be taken to what appears to be the vendor’s website (it isn’t, trust me on this one). Once you fill out the mandatory fields with your address, email, name, and order ID, the info gets sent to the scammer.

5. Financial Malware

A phishing email may or may not contain a link. It may also include a harmful attachment. Yes, it may claim to be a unique Black Friday announcement, but it might simply be a picture with harmful macros inside.

If you enable the content, you risk unintentionally installing malware on your device. These applications can then use bogus login pages to steal your financial details. They might also record all of your keystrokes, including some of your other account information.

How to protect yourself against Black Friday scams

This is the season to be swindled, but have no worries. The best way to stay safe is to be one step ahead of the scammers. Here are a couple of tips to get you started.

1. Check the website’s credentials before buying

If you plan on doing your Black Friday shopping online, take a good look at the shop before entrusting it with your personal data. The tell-signs of fraud lack of encryption (isn’t marked down with the “https” attribute), pop-up ads by the dozen, and limited payment methods (doesn’t accept cash on delivery, PayPal or anything that would ordinarily have to be processed through a secured service). You can also tell by the site’s design if it’s legit or fake. Usually, scammers have neither the time nor the resolve to piece together something appealing and coherent. Apart from those annoying ads, a couple of headers, tons of pics, and product descriptions that make no sense whatsoever, you’ll only encounter filler content.

2. Double-check the prices

The best way to avoid being scammed by a bogus website that flaunts outrageous discounts is to check the prices with major retailers. Sure, some of them can have some pretty high discounts, but not all. So, if a website has products at outrageous prices, it’s obviously a trap. Steer clear and purchase only from legit vendors.

3. Refrain from clicking on every link you find online

Yes, I know that this isn’t the first I said this, but I’ll keep saying it because despite everyone saying that random link-clicking is bad, Internet users still don’t listen. So, if you come across any link, whether it’s in an email, phone message, or IM, the best thing to do would be to close the chat window, send that message to a junk or forget about ever seeing it. Believe me when I say that your PC or smartphone will thank you from the bottom of their motherboards.

4. Keep track of your orders

Want to avoid getting scammed by spoofed messages? Easily avoided – just keep track of the stuff you’ve ordered. There are plenty of ways to do that: virtually every e-merchant supports online tracking. Okay, it may not be the best way to eyeball your package, but at least it will give you an idea of what’s going on. It may also be a good idea to check with your shipping and delivery company. Most major retailers have outsourced this kind of service. Also, keep in mind that companies making deliveries on behalf of the retailers have their own tracking platform that can usually be accessed using the right credentials. So, if you receive an email or SMS about a failed delivery or re-confirmation, first check your account and then inquire with the delivery company.

5. Use a credit card for shopping online 

When making purchases online, it’s highly recommended to use a credit card because it provides more security than other methods of payment. If you make a fraudulent purchase using your credit card, your bank is likely to repay you right away. If a thief obtains your debit card information, they can empty your personal account, making it more difficult to recover the funds.

Wrap-up

Black Friday is here to stay, but you should make sure to watch out for spammy messages, track your orders, and don’t be afraid to use the junk folder if an email looks fishy.

If you liked this article follow us on LinkedInTwitterYouTubeFacebook, and Instagram to keep up to date with everything cybersecurity.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE