Blog

Online shoppers be on the lookout this Black Friday & Cyber Monday ascybercriminals launch new malicious holiday shopping scams, don’t be the victim.

Online holiday shopping scams are a huge issue that has only worsened and increased over time. Ensuring you have strong cyber security practices in place is essential.

BVA is the trusted cyber security service provider to many. We assist businesses in creating a successful cyber security strategy that encompasses layers of tools throughout the network, to ensure they’re protection.

Consumer spending is expected to hit another record high ($209.7 billion), paired with a deeper desire for deals after 2022’s record inflation rates, and more shopping, directly correlates with more scams.

Last year, over 400,000 victims lost $392 million while shopping online, with each victim losing an average of $150.

At the same time, it may be harder to detect suspicious deals this year, as many retailers are expected to offer legitimate record-low prices.

Their warehouses are overstocked with inventory that price-conscious customers haven’t been interested in buying.

For example,Adobe predicts computers are expected to be 32% less expensive, on average, compared with 10% last year.

While consumers are getting ready to bag the best deal, cybercriminals are taking advantage of distracted minds by launching their own shopping ‘specials’ in the form of phishing campaigns and lookalike fake websites.

Threat actors also create malicious infrastructure including impersonating domains, fake mobile applications, and malicious emails, in order to harvest users’ financial and personally identifiable information (PII).

How To Spot Phishing Scams

The best method is simple mindfulness and using increased vigilance during this period. Be aware of anything that lands in your inbox unannounced, or otherwise expresses a requirement for urgency.

If something appears too good to be true, it probably is. Anything that looks out of place in an email or on a domain is key to spotting a scam, such as:

• Spelling mistakes
• Branding disparities
• Deliberating misspelling a URL

Typosquatting is a common and effective threat that leverages users’ unsafe browsing habits. For example, a website spoofing Digital Shadows might present as www.digital5hadows[.]com.

An alternate approach often taken by fraudsters is to change a website domain extension, or to use a fake website with a country code top layer domain (ccTLD); this affixes a domain extension that is most commonly assigned to websites associated with a country or sovereign state.

Phishing Attempts on Shipping Notifications

Let’s say you bought something from a credible website, you talked to customer service along the way, and all signs point to it being a great purchase with no strings attached.

You have just one last hurdle—emails and texts after purchasing.

On shipping notifications and order confirmations, scam websites may send a fake “tracking link” that is actually a phishing attempt to steal personal information.

Be on the lookout for suspicious emails, and do not click the link. Copy and paste the tracking number directly into the UPS, USPS, or FedEx website and track the package from there. 

Tips To Boost Cyber Security For Black Friday & Cyber Monday

Remember: If it sounds too good to be true, it probably is! #BeCyberSmart

• Be cautious of unexpected emails claiming to offer Black Friday deals, as cyber criminals send out constant fake versions of these emails. 
• If you haven’t heard of the retailer before, be wary and do your research. Only purchase from legitimate, trusted sources.
• Always make sure the payment method is secure.
• Be wary of ‘missed delivery’ and ‘shipping update’ phishing messages. They usually indicate “there’s been an issue” in attempt to get you to panic and pay a fee.
• Protect your accounts with a strong passwords and multi-factor authentication.

Using Strong Passwords & Password Managers: https://www.bvainc.com/2022/10/17/sophos-cyber-security-awareness-tip-2-strong-passwords/

How To Enable Multi-Factor Authentication (MFA): https://www.bvainc.com/2022/10/12/sophos-cyber-security-awareness-tip-1-multi-factor-mfa/

Online Shopping Security Tips

• The NCSC recommends using a credit card instead of a debit card online, because it’s not linked to your personal checking account, making payment more secure.
• Don’t use platforms that publicize your personal information and location because there will be a lot of fraud that might happen during this time.
• Don’t buy a device just because it’s cheap, make sure it’s credible.
• Before buying, read what other consumers are saying about a product or device and its security.
• Make sure you are putting a lot of thought into what you’re purchasing and the impact the purchase might have on your security and privacy. 

Products That Are Frequently Scams

Gaming Consoles: 

Since the original Nintendo came out in the 1980s, gaming consoles have continued to be popular gifts. Fake advertising on deep discounts for the latest Xbox or PlayStation is, unfortunately, common.

Gaming console scams have proliferated recently, in which the money is stolen and the video console arrives broken, if at all. 

To avoid this, buy directly from the brand or established retailers.

Gift Cards:

Getting a $100 gift card for $50 may make you feel like you’ve gamed the system, but actually, the opposite could be happening.

In many cases, the gift cards arrive with no balance on them, and they’re a preferred payment method for scammers, since they can’t be tracked.

To avoid this, don’t buy gift cards from reseller sites such as eBay, where the cards could be fake. 

Puppies & Animals:

We have all heard the classic “Mommy, I want a puppy for christmas!” Sadly, even the cutest corner of the internet isn’t immune to scammers.

Ever since COVID-19 hit, online pet scams have skyrocketed, especially through sketchy social media and Craigslist posts.

Sellers will ask for electronic payment through Zelle or PayPal and promise to ship the puppy, who never arrives.

To avoid this, adopt locally, or at least stick to established breeders, and report any suspected scams or abuse.

Stores With the Most Scams

Social Media/Craigslist: 

Facebook, Instagram, TikTok, Craigslist, and other social platforms make it easy for scammers to create fake accounts—even fake companies—and list items for sale.

They may direct you to a website to order or ask for payment via chat through Zelle, PayPal, Venmo, and so on. Signs that an account could be fake include a low number of followers, bad grammar, and misspelled URLs.

Social Media Ads:

Social media sites often ramp up advertising around the holidays. They make it almost too easy to buy a product: It pops up in your feed, you click on it, the ordering page pops right up, and within minutes, you have a purchase confirmation email.

But before you buy, make sure to explore the site, check out its policies, and make sure you’re comfortable submitting credit card or banking information. Even if it appears to be a major brand, it could be fraudulent.  

Secondhand Stores: 

Eco-conscious young consumers are increasingly shopping at secondhand and thrift stores, so this traditionally brick-and-mortar business model is moving online.

New marketplaces such as Mercari, Poshmark, and ThredUp are all popular.

While reducing environmental impact is a positive trend, most of these sites lean on third-party sellers (people who list their own stuff).

This can lead to the same fraud issues seen on social media and Craigslist: scammers with fake accounts, fake items, and attempts to steal your money and information.

To avoid this, confirm the site’s security and return policies (do they have customer service?), and avoid sending money outside the platform through Zelle, PayPal, or Venmo.

Cyber criminals are opportunists and will always exploit major events in order to conduct campaigns, makingBlack Friday & Cyber Monday prime attack time.

Consumers are actively looking to hand over credit card information and other personal information to online retailers makes it the perfect opportunity to strike. 

There’s also the risk of having usernames and passwords stolen by phishing sites, or even the prospect of attackers infecting your system with malware. 

Protecting Yourself from Falling Victim if Targeted

• Never use the phone number provided by the scammer and never return the call.
• Hang up the phone, delete the text or email, or shut the door. 
• Report the incident to local law enforcement.

It’s worth remembering when shopping for Black Friday deals – or shopping at any other time of year – that you should be thoughtful and keep cyber security at the forefront of your mind.

If a deal seems too good to be true, there’s a strong chance that it probably is. Don’t fall victim, it’s always better to stay safe rather than sorry.