With Christmas approaching, shops are publicizing their best deals — but it’s easy to let it go to your head. Cybercriminals rely on this.
They supposedly offer you a bargain and make you panic by either saying it’s a limited offer or that there’s something wrong with your order. It leaves you open to fraud.
Here’s what to look out for this Black Friday and Cyber Monday.
1. Bait and Switch: Online and In-Store Variants
The festivities typically leave a large slump in your bank balance, so it’s tempting to enter competitions to win free items you can either give away or keep as a treat to yourself.
But they’re often too good to be true.
Generally, these come in the form of a “bait and switch” scam, which offers you entry to a draw where x number of lucky participants, chosen at random, receive a brand new iPhone, for example. Apple products are expensive and turn heads, so scammers like dangling them in front of your eyes.
To be in with a chance of winning, you need to enter a few personal details and fill out a survey. That should ring some alarm bells. Scammers could then either collect that sensitive data or be on a pay-per-click scheme.
Simply do not enter private details on a site you don’t trust.
The “bait and switch” method can also be employed in a bricks-and-mortar store, but instead of gobbling up private information, they advertise a product that’s out of stock. More often than not, they console you by offering an inferior product; sometimes, however, they show you a dearer item.
The point is that they used an unavailable product to draw you in.
2. Beware Cards Bearing “Gifts”
Similarly, entering a lucky dip to win a loaded gift card from a major online shop or supermarket could potentially help buy the Christmas turkey and all the trimmings. What’s the worst that could happen? It certainly seems worth clicking on a link if a friend recommended it to you, right?
— ?? Noosh ?? (@thenoosh22) November 23, 2016
In fact, Action Fraud, the UK’s fraud and cyber-crime centre, has warned of a WhatsApp scam that purports to be from someone you know. Such messages promote gift cards giveaways, generally as a campaign to coincide with new stores opening, and asks you to click on a link which then requires some brief contact details.
Needless to say, it’s fake, and not only will your personal data be used for nefarious purposes, but your device will likely be infected with software which will collect further information, including other contacts to spread the scam.
Variations of this persist on social networks, so as ever, stay skeptical. Stores aren’t going to offer $100 gift cards because they’ve opened a new shop. Messages that don’t appear personal should immediately be suspect, and if you’re not sure, confirm with the contact whether they sent it or not.
3. Like Farming
The same sort of method has been doing the rounds for years on Facebook. Typically, it’s an attempt to get more Likes and shares, meaning the scam reaches a wider audience because Facebook’s algorithm naturally favors posts with the most interactions.
They’ll promise free MacBooks, gift cards, and further discounts on Black Friday items. But once the message has reached enough people, the page or post is altered, perhaps to a different product they can get serious cash from through a pay-per-click scheme. The Better Business Bureau warns:
[Page creators] may also sell the page and information that was collected from the “likes” with a more direct threat of gaining access in an attempt to gather credit card numbers that may be stored for certain Facebook apps, passwords or other personal information. New pages created from gathered data may be used to spread malicious software to compromise data or spread malware.
Don’t underestimate what information a scammer can obtain just through Facebook alone — and that data, even Personally Identifiable Information (PII) like your email address and date of birth, can easily be sold on the Dark Web.
4. Delivery Problems
Sometimes, it can be tricky to keep track of all you order, especially when you’ve bought vast quantities of gifts from numerous different retailers; even buying from Amazon might actually be through third party sellers. In a new scam, cybercriminals are betting on this.
— spotting world (@spotting_world) November 21, 2016
It wouldn’t be a great shock to get an email from a well-known firm informing you of a problem delivering a parcel following Black Friday and Cyber Monday. All you have to do is click on a link and arrange a good time.
Obviously, it’s fake. However authentic the email and the accompanying page appear, do not trust it. An email might pretend to be FedEx, DHL, or UPS and ask you to download an attachment. Don’t. Simple as that. You could be downloading ransomware, or a virus that’ll track your activities. The government do enough of that already without criminals doing it too…
A variation of this is a fraudulent email informing you that a company couldn’t deliver a package you were sending, so you need to rearrange delivery or pay extra. Alongside “remember postal dates”, you can add “don’t fall for phishing scams” to your festive To Do list.
5. Don’t Always Trust Amazon Emails
The chances are, when someone says “Black Friday,” you think of Amazon. Or, failing that, folk being trampled underfoot by rampaging mobs because there’s $100 off a new TV. But for now, let’s stick to Amazon.
The online retailer started their 2016 Black Friday offers on the Monday before. Needless to say, their warehouse staff are going to be very busy, and users will receive an influx of emails — order confirmations, refunds, and further discounts.
As such, scammers are creating fraudulent emails that look like they’re genuinely from Amazon, informing you that, just like the delivery firm hoax, there’s been a problem getting a parcel to you. Again, you have to rearrange delivery by clicking on a link. Amazon warns:
These false e-mails, also called “spoof e-mails” or “phishing e-mails,” look similar to real e-mail. Often these e-mails direct you to a false website that looks similar to an Amazon website, where you might be asked to give your account information and password.
Emails from Amazon will never ask for your password, bank account details, or PII.
Still remember when Black Friday was on Friday and not every single day before hand
— Jared (@jayy_rg) November 23, 2016
When in doubt (which should be all the time: remember, stay sceptical!), open a new window and log into Amazon. Real messages will appear there. Certainly do not click on any links or attachments in emails.
6. Bumping the Price Up, Then Lowering It Again
This isn’t a tactic employed by cybercriminals; it’s a sales technique used by most retailers.
They’ll show an RRP or high-end price point, but advertise a sale price. It looks like you’re getting a fantastic discount, solely for this limited time. After that, the price shoots back up… right?
Looking at this Black Friday sale prices and I still can't afford them
— Ari Gold (@tauriqayb) November 23, 2016
Sadly, these offers aren’t always what they appear. Sure, you’ll probably save a fair amount of cash in relation to the RRP, and that’s more than likely just what you’re after, but it’s still an example of retailers trying to force a purchase when a similar discount or even better has been available during the year.
You can actually save serious money by doing your Christmas shopping early, so why not set alerts for specific products? It might mean you’ve got all your presents by October, but there’s nothing wrong with that! Festive items will likely be cheapest in the middle of Summer…
It’s not for everyone, though, so use price trackers like CamelCamelCamel to check whether a deal is actually as good as it looks.
Don’t Be a Victim this Christmas
These are just a few of the popular scams doing the rounds. Cybercriminals use them, no matter what the month, but it kicks into another gear around Christmastime, purely because it’s a time when many of us lose our heads.
What further tips do you have for spotting hoaxes? How do you keep a cool head when Christmas shopping? Have you received a fraudulent email in relation to Black Friday?