Sign up to our newsletter
Black Friday and Cyber Monday promise to offer some fantastic deals at low prices. But it’s also a time of year when cybercriminal scams are aplenty. Here are six top tips to help ensure its a fun and safe experience.
Phishing emails are often used by criminals trying to steal your money and data, and this is especially true during the holiday season.
For example, a criminal may send you a phishing email with a link to a ‘deal’, only for this to direct the would-be shopper to a spoofed or malicious website. They may then look to steal entered credit card details, or infect the user with malware.“If you don’t recognize the sender, or didn’t sign up for emails from the address, do not respond.”
They might even upload a malicious file with their phishing email, claiming instead that is a brochure or invoice.
Pay close attention to any spelling and grammatical errors in the body of the email, and also look at the sender’s email address. If you don’t recognize the sender, or didn’t sign up for emails from that address, do not respond.
You should also be wary of what files you download to your computer and what security software you are using.
Voice phishing – or vishing – is the age-old trick where criminals try to trick people into giving their personal or financial details by pretending to be a trusted source trying to help them.
They might pretend to be a bank, a big tech company, a reputable retailer or – as if often the case – a Microsoft support engineer asking for access to the user’s computer.
Most people have cottoned on to these attacks, but they haven’t gone away completely with criminals increasingly using this method to target elderly and other vulnerable people.
The lesson here is to never hand any personal details over to the phone when someone calls you.
Instead, you should hang up, call the supposed supplier back (by searching online, not by redialing), and taking the issue with a customer representative from there.
Millions of people tweet on Twitter, post on Facebook and share snaps on Pinterest each day, but this doesn’t mean that all these people are to be trusted.
Indeed, some accounts aren’t even real – there are thousands of computer bots that are tweeting every day.“This Black Friday, make sure you are careful what links you click on and where you buy products.”
This Black Friday, make sure you are careful what links you click on and where you buy products. Pay particularly attention to tweeted deals that look too good to be true with shortened links (as they might be trying to lure you to a malicious website). Before you do click, ask yourself these five questions first.
If you’ve never heard of the seller before, look into them online and study their terms and conditions carefully because, as mentioned above, you need to be careful who you are buying from.
There have been countless tales of Facebook sellers delivering counterfeit goods, poor quality items or even outright failing to deliver the products after taking payment.
In most, if not all cases, you should look to buy items from retailers that use HTTPS web encryption on their website.
This means that the credit or debit card details you send over to the seller’s computer server will be encrypted from end-to-end and thus very unlikely to be intercepted by criminals in a man-in-the-middle attack (where attackers grab details as they pass through to the supplier).
This isn’t to say that HTTP websites are insecure; it’s just that HTTPS encryption adds a whole new level of protection.
You may also want to look for sites with additional security measures, like Verified by VISA and any other types of two-factor-authentication (2FA), which was recently advocated by former National Security Agency contractor and whistleblower Edward Snowden.
You should avoid clicking on deals being advertised on search engine ads and there’s an extremely good reason why.“Ad servers are regularly being breached by criminals, who then misdirect people who click onto malicious sites.”
Ad servers are regularly being breached by criminals, who then misdirect people who click onto malicious sites where they try to steal credentials or infect users in a drive-by-download attack.
If the deal is attractive, and it looks authentic, play it safe by searching in detail online and going via official retail websites. It might take you a little longer to secure what it is you’re after, but it’ll be worth the wait.
Coupons aren’t as widely circulated as they once were but that hasn’t stopped fraudsters from seeing them as another vehicle to financial gain at the expense of shoppers on the hunt for a bargain on occasions like Black Friday.
In this case, they sometimes use fake coupons to lure would-be shoppers to a website where they may be asked to input their credit card information. It may well be that the user has been offered a coupon, or seen one on social media, which gives a discount during the Black Friday sales.
As with vouchers scams, the problem is spotting fake coupons from genuine ones. The ability to duplicate brands with seeming precision is evident in many bogus schemes, which, when modified with a sense of urgency – “you only have until the end of the day to validate this rare Black Friday offer” – can trump even the most vigilant of individuals.
If there’s any doubt over the coupon’s authenticity, check official retail store websites, stick to these guidelines and above all, remain levelheaded. Yes, Black Friday and Cyber Monday are characterized by stupendous offers, but when it’s a little too farfetched, a cautious attitude will ensure your buck goes a long away.
Author Editor, ESET