And how to avoid them…
The scramble for bargains and supposedly unbelievable savings, whatever your thoughts about Black Friday are, brings with it a spike in cybersecurity threats. Cybercriminals will be just as keen to take advantage of you as you are desperate for bargains. There are plenty of Black Friday 2020 scams.
In this article, we look at some of the scams you should look out for and what you can do to protect yourself.
Why is Black Friday primetime for cyber crime?
Black Friday is traditionally the Friday following the US holiday ‘Thanksgiving’. In the UK, we know it as an awful lot of hype and margins that are not always what they seem. That aside, Black Friday is part of our world, love it or hate it, it is here to stay.
It is estimated that UK consumers will spend over £6 billion over the Black Friday weekend, which starts this year on Thursday! Hmmmm. There was even a company offering a Black Friday month! Spare us, please! On average, each shopper will spend around £300. This is why scammers will be on the top of their game this November.
Many people will visit dangerous web sites as they look for bargains and they pay the price for doing so. Perhaps they will click on a phishing email claiming to offer a bargain or masquerading as a confirmation email from one of the big sites. Whatever happens, the threat is real.
Here are some common scams…
Fake order confirmation emails
When you are online looking for deals, an email pops up from a site you have recently purchased from. However, it doesn’t look right. The price is not what you though or perhaps it is not the product you ordered. Either way, it looks like there has been a mistake.
The danger here is the link you can click on to find out what you have supposedly ordered. This is a classic case of phishing and several things can happen: you click on the link and you arrive at a website that looks like the company you ordered from. Many of the main sites are often impersonated, so be careful. Once you arrive you are challenged, as you would expect, for your username and password. You of course enter it, why wouldn’t you? You are at a site you trust. Sadly, it isn’t, it is bogus and you are handing over your details to the real site. This means they can spend your money and have goods delivered to an address that isn’t yours!
The alternative they offer is to download a document and ask you to ‘enable content’ which will actually add malware to your system, causing all sorts of problems. If you don’t click on ‘enable content’ and close the document, no harm will be done. In order to protect yourself, look for the padlock on the left hand side of the page URL or look for spelling mistakes in the company name.
The dangers of public Wi-Fi
As a former retailer, I am familiar with the challenge of being a showroom for another retailer or online seller. People see what you have and wonder if they can find it somewhere else cheaper.
We all do this. It is sad but we all do this. So, we hop onto the shop’s non-secure wi-fi, and find Amazon or similar has the same item on sale for a little less. You hesitate and suddenly, a pop up appears offering you a 10% discount. What a deal!!! Of course, the time for this deal is running so it’s decision time! What do you do?
Do not buy the TV online there and then. You should never buy things online using public wi-fi, because you can’t be sure that the connection is secure. It doesn’t matter whether you have to enter a password or log in, as any network that’s set up for the public can and will be abused.
The technical term for this type of scam is a man-in-the-middle attack. They work by exploiting a flaw in the network to intercept traffic going to and from victims’ devices. When you use public wi-fi to buy something online, there’s always a chance that a cybercriminal is monitoring your activity and logging your payment card details.
If you must shop online whilst you are out, you should use your mobile data if you can. It’s not 100% secure, but it’s much harder to tamper with than public wi-fi. The alternative is to use a VPN stop your device being monitored.
Instant messaging scams
We all use WhatsApp or Nextdoor or similar. Black Friday 2020 scams can be found here too. This is an obvious scam as you’re likely to see, as your contacts presumably don’t normally make a habit of spamming you with marketing offers. However, it’s reasonable to believe that Black Friday might be the exception. There are a huge number of deals online, and it’s nice to know that someone’s thinking of you when they discover a bargain. Except they may not be!
This type of unsolicited message which may contain a link should be viewed with great care. Your friend or contact may not have sent you the message at all! The way this works is that the cybercriminals begin by creating a bogus website that looks like that of a legitimate online retailer. Next, they hijack instant messaging accounts by phishing their owners or sending them keylogging malware, or both!
How does it work?
From here, the scam looks a lot like the Amazon phishing scam described earlier. You click the link, which causes your computer to download a file containing malware. This type of scam is now very common. They are harder for the scammer to achieve the right result but they bypass email security such as spam filters. You are more likely to click a link straight away when it appears to be part of an ongoing chat.
When it is sent as an email, you have more time to consider it and you can go back to it or your security software may flag it as potentially dangerous. Dangerous links can be sent on any communication platform. Make a habit of viewing links with caution and keeping an eye out for anything that seems too good to be true.
IF IT IS IMPORTANT YOUR CONTACT WILL SEND IT AGAIN! If it is a scam…they won’t…Enjoy Black Friday and be careful out there and watch out for the Black Friday 2020 scams.