Black Friday’s coming, and that means huge rebates and sales. Actually, the hype has already started and the sales have begun. If you have ever tried shopping offline on that day, you probably vowed not to do it again. Ever. No matter what. Offline shopping on Black Friday and Cyber Monday hurts — sometimes literally.
Why shiver on the street waiting for a store to open when you can shop while lying on your couch, right? Online shopping is really convenient, and you won’t get crushed by a crowd of manic shopaholics.
That’s true, but online shopping has its own dangers, and Black Friday and Cyber Monday followed by Christmas sales are the high season for cybercriminals. As you are trying to get a shiny new TV or a pair of jeans for the price of a pair of socks, bad guys are trying just as zealously to steal your money. For example, as our statistics show, the number of phishing pages that target financial data spikes by about one-third (about 9 percentage points) every Q4, which is really a lot.
How do you stay safe and still have some fun shopping on Black Friday? We have advice for you, but first let us describe the most common types of scams that might await you during this season of sales.
Beware of fake shops
The fact about online shopping that amuses me the most is that you basically exchange your money for a promise to deliver something to you. Really, during that 1–7 day period, your money is already gone and all you have is an e-mail saying that your precious something is on the way.
Not all promises are kept, and sometimes bogus shops have nothing to back up their promises. They get your money or your credit card data and disappear. These shops tend to have three things in common:
- You’ve never heard of them;
- They rely heavily on advertising;
- They have really breathtaking deals: a brand new iPhone for $200 or something like that.
If you see a deal that is too good to be true, it’s not true, so don’t fall for it. And on Black Friday and during other hyped sale days, it’s better to stay on the safe side and buy only from the online stores you already know.
One more thing: Criminals also try to mimic popular shops to steal your credit card data. So check the URLs carefully. If it’s BustBoy.com or something like that instead of BestBuy.com, don’t do anything on the site, and especially don’t input your financial data in its forms.
Don’t be fooled by fake delivery messages
Phishing relies heavily on social engineering, and social engineering in turn relies on your wanting something or being accustomed to something. So if you ordered a bunch of stuff and are waiting for the packages to show up at your door — as people do around this time of year — an e-mail entitled “Information about your order” or “Delivery confirmation from SomeMart” might seem legitimate, and important enough for you to open it and even download the attachments or follow the links in it.
That simple scenario is the essence of holiday shopping social engineering. The letter is not necessarily legitimate; it could be a fake sent by criminals who want to lure you into downloading malware such as banking Trojans or ransomware, or sending them your personal data. So before opening such letters make sure the e-mail address of the sender seems right (from firstname.lastname@example.org, not email@example.com).
— Kaspersky Lab (@kaspersky) November 13, 2015
Know your contacts
So, Black Friday and Cyber Monday were fruitful for you and you purchased a lot of useful stuff. And then you receive a message that seems to be from your bank telling you they detected suspicious activity on your credit card. They ask you to call a number to verify that all the actions with your card were really performed by you.
That’s rather easy to believe considering how many things you bought in various places, but don’t rush to call that number in the message — you might reach cybercriminals who want to lure you into giving them your credit card data. Instead, find the official number of your bank support desk and call it. If there really was suspicious activity, they’ll tell you what to do.
The possibilities for phishing during Black Friday sales seem infinite, and criminals push their imaginations to the limit to deceive people. Just one example, some phony site might offer a chance to win free gift cards in exchange for your information. Of course, there are no cards. There’s no such thing as a free lunch.
Another website might entice with cheap coupons that will save you a bunch — at least that’s what they say. Of course, legitimate coupon sites do exist, but there are also fake ones, where you’ll trade several dollars for nothing.
Those are just the tip of the iceberg; cybercriminals have to come up with new ideas rather frequently, as people wise up to their old methods. Let’s sum up some general tips on how to stay safe.
Staying alert requires some concentration and people might complain that it spoils the fun, but losing money is a lot worse. We urge you to keep your eyes open at all times — and during Black Friday, Cyber Monday, and Christmas sales, when cybercriminals are more active than usual, be even more alert than usual. Therefore, we suggest you:
1. Know what phishing is and how to avoid it.
2. Don’t click on suspicious links — they might lead to malware.
3. Always double-check that webpages, letters, and text messages are genuine.
4. Install a good security solution just in case something goes really wrong. For example, Kaspersky Internet Security can detect phishing sites and keep you safe from different kinds of malware.