“Gucci bags 80% off!” screams the email that lands in your inbox on Black Friday. It seems like an impossibly large discount, but you open the email anyway – just to check if it seems legitimate. And it does – it’s professionally compiled, there are no spelling errors, and the logos and merchandise all look like the real deal. So, you click on the link provided. And you shop. Only to see a string of fraudulent charges on your next bank statement.
Black Friday is a lucrative day not only for retailers, but also for cyber criminals. In 2019, the use of retail phishing URLs jumped by 275% the week before Black Friday.
Before going on an online spending spree, ask yourself these questions to stay ahead of scammers:
- Is my security up to date? Though many people secure their computers, they often leave their most connected device, their phone, vulnerable. Cybersecurity solutions like antivirus, firewalls and internet protection must be installed on any connected device. Before Black Friday starts, check if these solutions are up to date and apply any necessary patches.
- Is it too good to be true? Cyber criminals are taking advantage of cash strapped consumers’ increased desire to save money, partly due the economic crisis caused by the COVID-19 pandemic. Any deal that seems too good to be true should not be trusted offhand. Verify them by typing in the retailer’s website address in a browser window and searching for the deal there.
Apart from jaw-dropping discounts, coupons are also a popular way to reel customers in. According to ESET telemetry, of all the Black Friday-related emails you will get in one day an average of 12% will be spam emails. Again, do not click on any links. Be sure to shop on the real website and apply coupons there by manually typing out the code.
- Is the website (or app) real? Scammers are better than ever at creating legitimate-looking fake websites and apps to steal your personal details. The website address might even be very similar, with only one extra character. Always type out the correct website address in your browser rather than clicking on a link, and make sure to download apps from the Google Play Store or Apple App Store itself – not from a link. Once on a website, look for a padlock and, on a desktop device, the https:// at the beginning of the website address. These indicate that communication between you and the site is encrypted and any data you send can’t be seen by anyone intercepting the traffic.
- Is it an ad? Attractive fake adverts with great deals abound on Black Friday and, other than websites, you can’t tell them apart from the real ads until it’s too late. Avoid clicking on any ads, whether on search results or on social media. Again, rather type out the retailer’s address in your browser.
- Am I on public wi-fi? Criminals often intercept public wi-fi by creating a fake hotspot in the same area as a real hotspot. Log onto the fake one, and they can easily steal your details. Rather use your carrier’s service.
- How should I pay? Secure payment services like Apple Pay, Android Pay or PayPal are your best bet. Credit cards are also a good means of payment when shopping online, because banks keep a close eye out for fraudulent activity. If you are unfortunate enough to have been scammed, you can alert the card issuer to dispute the charge and get it reversed quickly. Be sure to set you card limit low to minimise any damage.
- Am I logged in? Never over-share personal data by creating an account with a retailer and letting them store your personal or payment details. Reducing the number of people storing your data will help reduce your risk of being affected by a breach. If you do create an account, choose a strong password that can’t easily be guessed. Between May and August 2021, ESET detected 55 billion new password guessing attacks (up 104% compared to T1 2021)
By: Carey van Vlaanderen, Chief Executive Officer at ESET Southern Africa