Black Friday Sale Scams
Officially Black Friday isn’t until November 26, the first Friday after Thanksgiving in the US followed by Cyber Monday on November 29.
This American tradition has seen a lot of traction in recent years in the UK, since its introduction in 2010 online, and 2013 in-store.
Now it is an important part of the build-up to Christmas. However, the deals and bargains are no longer limited to one day of in-store sales and one day of online sales. They are now starting as early as the beginning of November and continuing throughout the month.
We are normally told that when purchasing anything online, if it is too good to be true, then it probably is but this advice seems to go out of the window around the Black Friday/Cyber Monday.
One of the most obvious ‘scams’ is fake deals and Which? did a study of Black Friday deals in 2019. They tracked the prices of 119 products for six months before and six months after Black Friday. They discovered that 98% of the products were the same price or cheaper in the six months after the sale. Additionally, 85% of the products were the same price or cheaper prior to the Black Friday sale. Only three of the 119 products were cheaper in the Black Friday sale.[1] Just three.
But false advertising regarding the price of items is the least of the consumer’s concern. At a time of increased, almost panic buying, the scammers are out in force, taking advantage of consumers’ reduction in security awareness. Between 2014 and 2019 one in four 18–24-year-olds were victims of Black Friday scams.[2]
Black Friday Scams
Emails
In November you are likely to get hundreds of emails from every online retailer you have ever shopped with promoting their Black Friday sales. This in itself isn’t a security risk if the emails are genuine.
But if you receive a fake email, which is made to look like it comes from a well-known retailer with a link to their Black Friday deals this could be a massive risk.
These links are likely to take you to scam websites where your data (including credit card data and passwords) can be stolen and is known as phishing. Alternatively clicking on these links can download malicious software, such as malware or ransomware, to your device without your knowledge.
Instant Messaging
A similar scam to phishing is also doing the rounds on instant messaging or SMS texts and is known as smishing.
Being caught by instant messaging scams falls into two categories; messages from what appear to be genuine retailers, or messages from your connections with a link and often no text or something short like ‘check this out’.
The scam then works in a similar way to email, as the objective is to get you to click on the link either to their fake website, or to download malware to your device.
Public Wi-Fi
Imagine the scenario, you are in a shop and see a great Black Friday deal, and you decide to check whether it’s cheaper on Amazon. However, rather than use your data you decide to hook up to the store’s free Wi-Fi.
Doing this is not in itself a problem, but if you decide to purchase the item, over the free, unsecured public Wi-Fi you could be giving your payment details to anyone who is monitoring the connection.
Unsecured, public Wi-Fi can be easily monitored by cyber criminals and at this time of impulse buying and time limited deals, that they take advantage of the consumer’s FOMO.
How to keep your devices safe during Black Friday
So, how do you keep safe during Black Friday? First of all, don’t get caught up in the hype, or feel pressured into purchasing due to time limits.
Don’t click links – It’s very easy just to click on the link in an email or an instant message – which is why the cyber criminals use them.
If you are familiar with the brand and you’ve used them before, go straight to their website and find their Black Friday/Cyber Monday deals there without risking clicking on a rogue link.
Secure websites – If you want to be sure you haven’t accidently clicked onto a fake website check the website carefully to make sure the store name is spelt correctly, there are no odd placements of dots, and no numbers replacing letters. For example, www.sceur1ty_3verywh.ere.co.uk instead of www.security-everywhere.com/
If you are shopping on a website that you haven’t shopped with before, check there is a little padlock next to the web address at the top of the page. If there is no padlock, the page isn’t secure, and you should be wary of purchasing from the website.
Check origins – Checking who has sent emails is one way of verifying the authenticity of an email. For example, a reputable brand is not going to have an email like llkasjori283708poy@gmail.com.
If a friend or colleague has sent you a link and you’re not sure whether to click it, message them and ask if they sent it. 9/10 they’ll tell you ‘no’ and you were right not to click on it.
Use secure networks – Always use a secure Wi-Fi network. If you do connect to free Wi-Fi in store, be careful of the sites that you visit and the data you are entering. If it is something you wouldn’t want a hacker to know, don’t type it in over an open network.
Next Steps
If you want more advice on avoiding phishing and smishing campaigns and generally being safer online speak with Security Everywhere today.
[1] https://www.which.co.uk/reviews/black-friday/article/black-friday-deals-how-to-check-if-a-black-friday-deal-is-real-aKtJD2L0zJEt
[2] https://www.which.co.uk/news/2019/11/black-friday-scam-victims-lose-over-600-what-to-watch-out-for/
