It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season.
Black Friday and Cyber Monday are just around the corner, and scammers are also turning up their efforts in order to cash in on unsuspecting victims during what is traditionally the busiest bargain-hunting period of the year. In 2021, consumers spent a whopping US$8.9 billion on Black Friday online, and another US$10.7 billion on Cyber Monday, making the latter the biggest shopping day of the year.
With everybody on the hunt for those perfect holiday gifts, scammers also come out in full force. What better way to get someone to click on a dodgy link than through an offer for an amazing and soon-to-expire “deal”? It pays not to let your guard down in the shopping bonanza and watch out for the most common scams that are doing the rounds (not just) this shopping season. Let’s look at some of the most popular schemes around:
- Fake deals: These might be the sneakiest. It may be a text message forwarded by a friend or an Instagram post offering an irresistible deal. Excited to get your hands on it, you open a link, and there you are, giving away personal information and duly entering your credit card details. Whatever you “purchase”, however, will never be delivered to you, and you’ve given away your personal data.
- Bogus gift cards: Much like with phony deals on gadgets or designer fashion, you may receive an offer for large gift card balance or a gift card that sets you back for far less than the card’s face value. The trouble is, clicking the link in the email or text so that you can supposedly claim your gift card will install malware, cause you to lose your personal data, or you end up with a stolen card.
- Fake orders and missed deliveries: “Your order delivery is pending, pay the missing amount of $1.5 to receive it.” Receiving a similar SMS should always trigger a scam alert in your mind, even if the sender poses as a reliable delivery company such as DHL or UPS. So, if you see this, do not press any link, otherwise you’ll be taken to a fake website where you’ll be asked to enter more details to prove your identity or pay a fraudulent fee. In other cases, you could unwittingly download malware onto your device.
So, how can you avoid falling victim to scams?
- Be mindful of the risks: Fraudsters use some of the most ingenious ways to defraud us. Even highly cautious people get scammed. So, you needn’t be paranoid, but definitely be wary of too-good-to-be-true offers, and be aware that the more technology we use and the more our reliance on all things online grows, the more likely we may be to fall victim.
- Use legitimate websites: The easy way is to use well-known websites, which certainly differ from country to country. But do not be discouraged from making purchases on the online stores of small retailers. To know if a website is trustworthy, type in the retailer’s URL yourself instead of clicking on a random link. Watch out for grammar mistakes and other red flags, and verify that the site uses the HTTPS protocol. Finally, you can also do a Google search about specific retailers and websites to check their reviews.
- Watch out for marketplace scams: A lot of people are doing great work promoting their products on eBay, Instagram or Facebook Marketplace. But, because these are such easy platforms to set up, some sellers are likely to be scammers. Always pay attention to who is selling, as well as their history and reviews, to ensure their reliability. Also, do not make payments by bank transfer, but request to use other payment methods, such as PayPal, that offer reimbursements to buyers who don’t get what they paid for.
- Be wary of links sent by friends on social media: Just as you can fall for a scam, your friends can fall for them – and may then forward the links to dodgy websites so you, too, can grab a bargain. Scammers know that. Don’t open such links without making sure it the website is genuine. What’s more, hacked accounts are often used to tout fake products or conduct large scale spam campaigns.
- Choose secured payment methods: Take advantage of today’s technologies to be safe. Ask your bank how you can receive a disposable virtual card for one-time purchases. This way, if you fall for a scam, you won’t be giving out your real account details, and that card will be unusable. You can also use a payment processor such as PayPal and subscribe to an online shopping insurance.
- Look out for deals that are too good to be true: This is the golden rule of avoiding online scams. If it sounds like an unbelievable deal, that’s because it is most likely a scam. Getting people excited and enthusiastic about getting that one product they really wanted for a super-cheap price is as old as the hills.
- Don’t use public Wi-Fi: Free Wi-Fi access points are certainly useful, but they also pose major risks and you should never use them for things like online shopping or banking. Attackers may have easily infiltrated a poorly secured network to monitor the victims’ traffic and redirect them to fraudulent login pages or they may conduct “evil twin” attacks that involve creating a malicious Wi-Fi network that carries a similar name to the legit one and so dupe people into connecting to it. That way, criminals can capture any data you send over this connection, including passwords and banking details, or compromise your device with malware.
- Use a VPN: If you can’t resist using public Wi-Fi, one way of minimizing the underlying risks is by using a virtual private network (VPN) that encrypts your data as it’s transmitted across the public network. With your traffic routed via this secure tunnel, your personal information can’t be intercepted by attackers. As an added boon for your privacy, a VPN will disguise your location and help you avoid being tracked online and surf the web privately.
- Enable two-factor authentication (2FA): A good password or passphrase is worth every character, but 2FA, often also called multi-factor authentication (MFA), will make your logins much safer. This can be as simple as a code sent to your phone number via SMS when you attempt to log in or, even better, a code sent via an authenticator app that is paired with your account or a hardware security key. That way, criminals will have a much harder time accessing your accounts even if your credentials are compromised.
- Keep your devices safe: Simple and effective. Update your phone, laptop or tablet to the latest versions of their operating systems and keep also all your apps and other software up to date. This will ensure a higher degree of protection against known vulnerabilities and make it harder for attackers to get to you. At the same time, use a digital security solution that protects you from threats in real time.
With scammers on the lookout for the next victim, stay a step ahead by implementing these tips and protecting yourself on Black Friday and Cyber Monday – and indeed, every time you shop online!
by André Lameiras, ESET