Cybercrooks never miss an opportunity to net some money from unsuspecting victims. With massive discounts and sales coming our way in late November, it’s not that hard to click on the wrong link or provide your payment details to the bad guys in our quest to score a crazy deal.
But we’ve got you covered with our list of four Black Friday scams to watch out for in 2021 and how to avoid becoming a victim.
4 Black Friday Scams To Watch Out For
The scams can come in all shapes and sizes, but the red flags are there for the keen eye to see.
Phishing Websites & Apps
The ultimate goal of a phisher is to get their hands on your personal info, such as payment details, social security number, or login credentials, so they can use it to steal your money. Masquerading as a reputable entity, the attackers send out legitimate-looking emails or text messages, typically with a link to a credential-stealing website, designed to look identical to the official one.
These phishing attacks happen all the time, but prepare for a significant spike in fraudulent messages impersonating Amazon, Best Buy, or other big names in the retail sector during Black Friday or the holidays.
Be wary of emails asking you to update your payment method or personal data. When in doubt, reach out to the company’s helpdesk to ensure that the email is not a scam before taking any action requested.
- Look for extra characters or misspellings in the sender’s email address.
- Spelling errors or bad grammar either in the subject line or in the body is a dead giveaway of a scam.
- Generic greetings and addressing you by “Mr.” or “Ms.” or “Dear Customer” instead of by name can be signs of a fraud attempt.
- Be cautious of emails prompting you to take an urgent action and asking you to click a link and fill in sensitive data, especially payment details.
- Be wary of emails offering you a refund, coupons or other freebies.
- Pay close attention to the brand logo in the email – if it looks low-quality or just off, chances are you’re being phished.
Digital Credit Card Skimming
This technique requires hackers to use a skimming device that can easily be placed over a card reader at an ATM or a fuel pump without grabbing your eye.
The moment you swipe your card at a compromised machine, the skimmer intercepts the data from the card’s magnetic stripe and either stores it or sends it back to the hacker.
However, hackers have extended their techniques to the digital world – instead of using physical hardware, they can insert malicious code directly into a website to steal your payment information.
E-skimming or Magecart attacks have seen an increase in the last two years due to the pandemic. Tim Mackey, the principal security strategist for cybersecurity firm Synopsis, warns, “There isn’t an obvious way for the average person to be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.'”
Here are Mackey’s recommendations you can use to protect yourself against e-skimming:
- Don’t save your credit card information on retail sites.
- Try to use a third-party payment method like Apple Pay or Google Wallet.
- Enable purchase alerts.
- Disable international purchases on all credit cards.
- Never make purchases on a public Wi-Fi where your payment could be intercepted.
The ‘Secret Sister’ Gift Exchange
This sketchy gift exchange among strangers on the Internet is similar to the popular ‘Secret Santa’ and originated on Facebook. In the ‘Secret Santa’ game, each player in a group buys a present for one other randomly picked group member. Of course, the gifter keeps their identity secret.
The ‘Secret Sister’ is a pyramid scheme and its exchange invitation promises you gifts worth $360. First, however, you need to purchase and mail a $10 gift for someone else. Needless to say, you’ll be out of your ten bucks, with nothing in return. Plus, you’ll have given your personal info to strangers, as the scam requires you to send your name, email address, and phone number.
Ignore any request to become a Secret Sister, do not provide your sensitive data to strangers on the Internet. You can further report the invite to Facebook or whichever social media platform you were approached on.
During the oncoming holiday season, non-profit organizations see a significant increase in donations. But, unfortunately, scammers prey on people’s generosity and run elaborate schemes to steal money.
Here’s what you can do if you get a phone call from a charity and are in doubt:
- Use a website like CharityWatch or even Google to do your research on a charity and learn how whether it is legit.
- Pay close attention to the organization’s name and website. Fake charities often mimic popular charities. If it’s too similar in name to another, chances are it’s a fraud.
- Don not give provide all your personal information. While it’s expected to provide your card details, don’t give away your Social Security number or bank account number.
- Avoid making cash donations. Unless you’re 100% certain about a charity’s legitimacy, don’t donate cash, gift cards, or cryptocurrency.
Many scams start with a harmless-looking phishing email.
ATTACK Simulator’s Security Awareness Training program will help you enrich your employees’ cybersecurity knowledge with up-to-date security best practices to keep your company safe from scammers and avoid potentially irreparable damage.