Don’t fall for this year’s new and clever Black Friday scams
Scammers don’t take time off during the holidays. In this article we’re go through what to look out for and how you can protect yourself.
For starters, the the key to staying protected is by staying alert.
The day after Thanksgiving is one of the biggest shopping days of the year and despite a worldwide pandemic, shoppers spent a record $9 billion on Black Friday in 2020, an increase of 21.6% over the previous year, according to Adobe Analytics.
With all that money floating around, cybercriminals are looking for a way to get a piece. Although scammers work year-round, it’s during the holiday season that they look to exploit the spirit of giving, and it works, every year.
There are a lot of scams out there. As retailers like Amazon, Best Buy and Walmart roll out deals over the holidays, fraudsters put out elaborate, fake websites to trick you into buying products you’ll never receive. For example, you may receive text messages or emails claiming you’re eligible for a refund for an item you never purchased, just so that thieves can get you to reveal your credit card information. You might even be enticed into donating to a charity that provides homes for “abandoned puppies” that just don’t exist.
Although scams come in all shapes and sizes, the red flags are always there. Here are some things you should know about Black Friday scams and how to avoid becoming a victim this holiday season.
Fake websites and fraudulent phishing apps
In a phishing scheme, the goal is for hackers to get their hands on your personal information like your credit card, social security number or account password. Pretending to be a well known retailer, fraudsters send out official-looking emails or text messages, usually with a link to a fake website designed to look just like a legitimate site.
For example, in recent months hackers have been sending out spoofed Amazon order notification emails.
If you have noticed unusual charges on your credit card statement that resemble those from Amazon, be sure to reach out to them to investigate. For the spoofed Amazon order notification scam, the links in the phishing email that to get in contact direct victims to a fake Amazon webpage and phone number. If you call the number, the fraudsters will ask you to give them your credit card number, expiration date and CVV to “cancel the order.” And just like that, they’ve got your information.
These types of attacks are commonplace throughout the year, but expect a surge in messages claiming to be from Amazon, Best Buy, Walmart, Target and other well known retailers.
If you receive an email asking you to update your payment method or requesting other personal information, contact the company’s help desk to make sure the email is legit before you do anything else.
Here are some ways to identify a phishing email, according to the Federal Trade Commission and StaySafeOnline.org:
- The sender’s email address looks almost right but contains extra characters or misspellings.
- There are misspellings or bad grammar either in the subject line or anywhere in the body.
- They address you with generic terms (“Mr.” or “Ms.” or “Dear Customer”) instead of by name.
- The message warns that you need to take immediate action and asks you to click a link and enter personal details, especially payment information.
- The messages promise a refund, coupons or other freebies.
- The company logo in the email looks low-quality or just plain wrong.
Credit card skimming goes all digital
Credit card skimming at one point required physical hardware, but hackers have figured out how to insert malicious code directly on retailers’ websites to steal customers’ credit card information when you’re buying something online.
You’ve may have seen credit card skimming in action at the movies – a hacker sticks a small technical device the size of a pack of gum next to where you would insert your card at an ATM, disguised to look like part of the machine. He then waits for people to swipe their cards. A day or week later, the thief takes the object known as a skimmer back and collects the mountain of stolen card information stored inside, using that info to make purchases, withdraw money and more.
Instead of using physical hardware to steal payment card numbers, hackers how found it much safer to instead insert malicious code directly on a website to do the same thing as traditional skimming, but with online payment information instead.
Regarding e-skimming incidents, most recently called Magecart attacks (after the name of the software used), there isn’t an obvious way for the average person to be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look right.
Heres a few strategies you can can use to protect yourself from having your credit card skimmed in an on-line purchase:
- Don’t save your credit card information on retail sites.
- If possible use a third-party payment method like Apple Pay, Google Wallet or PayPal.
- Enable purchase alerts on all your credit cards.
- Disable international purchases on all credit cards.
- Only make purchases over your home network or cellular network, never on a public Wi-Fi where your payment could be intercepted.
Your donations might be going to a ‘faux charity’
During the holiday season it’s common for charities to ask holiday shoppers to give back to the community. According to Blackbaud Institute, a company that creates fundraising software, nonprofits typically see an increase in donations beginning each fall (the last three months of the year) resulting in an average of 36% of annual charitable giving.
Unfortunately, scammers take advantage of this generosity to make a bundle for themselves.
Charity fraud scams typically impersonate other successful charities. And it’s no wonder they work: The scammers come up with legitimate sounding charity names, create credible websites, run successful social media campaigns and they’re persistent.
Charity scammers typically call victims using local phone numbers to create a false sense of security. By the way, it’s incredibly easy to spoof an area code. Next they’ll make their pitch, and it’ll be a good one. They will tug at your heart-strings, but they’ll never actually specify how they’ll help their cause. And they may even claim that you’ve made a donation before, and suggest that you make another, and that if you do, it’ll be tax-deductible. And it’ll all be a lie.
If you get a call from a charity and get a hint of some red flags, the AARP and FTC suggest that you do the following:
- Do your research. Use a watchdog like CharityWatch to get more information about a charity and learn how credible it is. Or use Google.
- Pay close attention to the charity name and website. False charities like to mimic other popular charities. If it seems too close in name to another, it might not be real.
- Keep track of your donations. Even if you accidentally donate to a scammer, you need to ensure that the donation isn’t recurring.
- Don’t give away all your personal information. Of course it’s normal to provide your card information, but don’t do the same with your Social Security number or bank account number.
- Don’t make a cash donation. Unless you’re certain about a charity’s credibility, don’t give away cash, gift cards, or cryptocurrency.
Covid isn’t the only thing you must protect yourself again during the holiday season. If you’re interested in security and privacy, check out how to protect yourself from identity theft, how to protect your phone app privacy, and which cryptocurrency scams to look out for.
Stay safe out there