With Christmas approaching, shops are publicizing their best deals — but it’s easy to let it go to your head. Cybercriminals rely on this.
They supposedly offer you a bargain and make you panic by either saying it’s a limited offer, or that there’s something wrong with your order. It leaves you open to fraud.
Here’s what to look out for this Black Friday and Cyber Monday.
1. Bait and Switch: Online and In-Store Variants
The festivities typically leave a large hole in your bank balance, so it’s tempting to enter competitions to win free items you can either give away, or keep as a treat for yourself.
But they’re often too good to be true.
Generally, these come in the form of a “bait and switch” scam, which offers you entry to a draw where x number of lucky participants, chosen at random, receive a brand new iPhone, for example. Apple products are expensive and turn heads, so scammers like dangling them in front of your eyes.
To be in with a chance of winning, you need to enter a few personal details and fill out a survey. That should ring some alarm bells. Scammers could either collect that sensitive data, or be on a pay-per-click scheme.
Simply do not enter private details on a site you don’t trust.
The “bait and switch” method can also be employed in a bricks-and-mortar store, but instead of gobbling up private information, they advertize a product that’s out of stock. More often than not, they console you by offering an inferior product; sometimes, however, they show you a dearer item.
The point is that they used an unavailable product to draw you in.
2. Beware Cards Bearing “Gifts”
Similarly, entering a lucky dip to win a loaded gift card from a major online shop or supermarket could potentially help buy the Christmas turkey and all the trimmings. What’s the worst that could happen? It certainly seems worth clicking on a link if a friend recommended it to you, right?
— ??Noosh?? (@thenoosh22) November 23, 2016
In fact, Action Fraud, the UK’s fraud and cyber-crime center, warned of an international WhatsApp scam that purports to be from someone you know. Such messages promote gift card giveaways, generally as a campaign to coincide with new stores opening. They then ask you to click on a link which requires some brief contact details.
Needless to say, it’s fake, and not only will your personal data be used for nefarious purposes, but your device will likely be infected with software which will collect further information. This includes the addresses of further contacts to spread the scam — that’s why you can’t trust a seemingly well-meaning message from family or friends.
Variations of this persist on social networks, so as ever, stay skeptical.
Realistically, stores aren’t going to offer $100 gift cards because they’ve opened a new shop.
Messages that don’t appear personal should immediately be suspect. And if you’re not sure, confirm with the contact whether they sent it or not through another method. If this dubious message came through as an email, ask by SMS. If you think their instant messaging is compromised, ask them in person or phone them.
3. Like Farming
The same sort of method has been doing the rounds for years on Facebook. Typically, it’s an attempt to get more Likes and shares, meaning the scam reaches a wider audience because Facebook’s algorithm naturally favors posts with the most interactions.
They’ll promise free MacBooks, gift cards, and further discounts on Black Friday items. But once the message has reached enough people, the page or post is altered, perhaps to a different product they can get serious cash from through a pay-per-click scheme. The Better Business Bureau warns:
[Page creators] may also sell the page and information that was collected from the “likes” with a more direct threat of gaining access in an attempt to gather credit card numbers that may be stored for certain Facebook apps, passwords or other personal information. New pages created from gathered data may be used to spread malicious software to compromise data or spread malware.
Don’t underestimate what information a scammer can obtain just through Facebook alone — and that data, even Personally Identifiable Information (PII) like your email address and date of birth, can easily be sold on the Dark Web.
4. Delivery Problems
Sometimes, it can be tricky to keep track of all you order, especially when you’ve bought vast quantities of gifts from numerous different retailers; even buying from Amazon might actually be through third party sellers. In a scam that’s become more widespread, cybercriminals are betting on this.
— spotting world (@spotting_world) November 21, 2016
It wouldn’t be a great shock to get an email from a well-known firm informing you of a problem delivering a parcel following Black Friday and Cyber Monday. All you have to do is click on a link and arrange a good time.
Obviously, it’s fake. However authentic the email and the accompanying page appear, do not trust it. An email might pretend to be FedEx, DHL, or UPS and ask you to download an attachment. Don’t. Simple as that. You could be downloading ransomware, or a virus that’ll track your activities. The government do enough of that already without you letting criminals do it too…
A variation of this is a fraudulent email informing you that a company couldn’t deliver a package you sent, so you need to rearrange delivery or pay extra. Alongside “remember postal dates”, you can add “don’t fall for phishing scams” to your festive To Do list.
5. You Don’t Receive Purchases
What if you have ordered something and it’s not arrived? Around Christmas, you’re probably very stressed and really don’t need something like this on your plate too!
It might be a genuine problem: items do get lost in the post sometimes, especially around Christmas. In fact, the number of parcels sent each year is increasing. In the UK alone, the Royal Mail reported a 6% rise from December 2014 to the same month in 2015. That’s 130 million packages delivered in 31 days. An estimated 230 million were sent by private courier throughout November and December 2015. Of course, things will go missing. Perfectly innocent, right?
Sadly, it could also be something more malicious.
Either way, you need to contact the seller. They should have proof of postage, in theory. By rights, at least in America, you don’t pay for anything you’ve not received. The UK’s Citizens Advice also asserts that final responsibility lies with the retailer. So if something doesn’t turn up, you shouldn’t be charged.
Scammers might insist you wait; a simple delaying tactic. Next go to the hosting site. If it’s a third-party seller through Amazon, you need to talk to Amazon itself. The same goes for auction sites.
If you pay by verified methods, check on money-back guarantees. PayPal certainly offers this. Credit cards do too — often through “chargeback” — but pay attention to terms and conditions for when to stake your claim.
Be understanding, but remember: by law, you should be offered a refund or replacement.
6. Don’t Always Trust Amazon Emails
The chances are, when someone says “Black Friday,” you think of Amazon. Or, failing that, folk being trampled underfoot by rampaging mobs because there’s $100 off a new TV. But for now, let’s stick to Amazon.
This year, Black Friday is on November 24, 2017, and Cyber Monday follows the week after. But the online retailer begins their 2017 Black Friday offers on November 17. Earlier deals started on their own devices — notably, the echo and echo dot — the week before that!
In fact, its deals page continues throughout the year, with added emphasis at Christmas and on Prime Day…
Needless to say, Amazon’s warehouse staff are going to be very busy. Customers, too, will be occupied, receiving an influx of emails: order confirmations, refunds, and reminders about what’s on your Wishlist.
As such, scammers are creating fraudulent emails that look like they’re genuinely from Amazon. These inform you that, just like the delivery firm hoax, there’s been a problem getting a parcel to you. Again, you have to rearrange delivery by clicking on a link. Amazon warns:
These false e-mails, also called “spoof e-mails” or “phishing e-mails,” look similar to real e-mail. Often these e-mails direct you to a false website that looks similar to an Amazon website, where you might be asked to give your account information and password.
Emails from Amazon will never ask for your password, bank account details, or PII.
Still remember when Black Friday was on Friday and not every single day before hand
— Jared (@jared_ldn) November 23, 2016
When in doubt (which should be all the time: remember, stay sceptical!), open a new window and log into Amazon. Real messages will appear there. Certainly do not click on any links or attachments in emails.
7. Bumping the Price Up, Then Lowering It Again
This isn’t a tactic employed by cybercriminals; it’s a sales technique used by most retailers.
They’ll show an RRP or high-end price point, but advertize a sale price. It looks like you’re getting a fantastic discount, solely for this limited time. After that, the price shoots back up… right?
Picked up a bargain Da Vinci painting for the office on the comapany expense card, the boss is gonna love it ;-) pic.twitter.com/OKrFSt1fZ1
— Mark (@rawlimark) November 16, 2017
Sadly, these offers aren’t always what they appear. Sure, you’ll probably save a fair amount of cash in relation to the RRP, and that’s more than likely just what you’re after. But it’s still an example of retailers trying to force a purchase when a similar discount or even better has been available during the year. The aforementioned Amazon Wishlists track price points in relation to when you added them, not in accordance to average cost.
You can actually save serious money by doing your Christmas shopping early, so why not set alerts for specific products? It might mean you’ve got all your presents by October, but there’s nothing wrong with that! Festive items will likely be cheapest in the middle of Summer…
It’s not for everyone, though, so use price trackers like CamelCamelCamel to check whether a deal is really as good as it looks.
Don’t Be a Victim this Christmas
These are just a few of the popular scams doing the rounds. Cybercriminals use them, no matter what the month, but it kicks into another gear around Christmastime, purely because it’s a time when many of us lose our heads.
So be sure to employ simple security practices. Check for the “S” in “HTTPS”: this tells you your connection to the site is secured by encryption. It’s not fool-proof, but is definitely preferable to an insecure page. Look for the tell-tale signs of a fake email.
And the key tip: remember that if it looks too good to be true, it is.
What further advice do you have for spotting hoaxes? How do you keep a cool head when Christmas shopping? Have you received a fraudulent email in relation to Black Friday?