How to Avoid Online Scams on Black Friday and Cyber Monday
As Thanksgiving approaches, so does Black Friday and Cyber Monday.
Last year, the National Retail Federation reported nearly 180 million unique shoppers during the five-day period between Thanksgiving Day and Cyber Monday, which exceeded estimates of more than 21 million. According to data from NRF, 104.9 million of these shoppers visited stores and 127.8 million made their purchases online (some bought both in-store and online).
Sure, “Cyber Week” drives big revenue: The 2021 sales stretch drove nearly $40 billion in online spending, per Adobe.
But the onslaught of online deals isn’t just attracting eager buyers – it’s also giving cybercriminals a great opportunity to cheat people with their money.
“Cyber Monday and Black Friday open the door for adversaries to make offers,” said AJ Nash, vice president of intelligence at ZeroFox. “Maybe if it was a Wednesday in July you’d go, Man, it sounds too good to be true. But come Cyber Monday, you go, Oh, maybe it’s a door knock. Maybe someone is really giving away this amazing thing for next to nothing.”
Nash spent nearly two decades in the intelligence community, describing himself as a “traditional intelligence guy”, before being recruited for a cyber-focused contract and then into the private sector.
Entrepreneur sat down with Nash to discuss how cyber scams have become more sophisticated over the years and how you can protect yourself from even the most cunning cybercriminals.
Related: Cyber Fraudsters Raise $2.3 Billion From Email Wire Transfer Scams
“Technologies have made it easier to do a better job of imitation.”
Phishing, the process by which an attacker sends a fraudulent message to trick someone into sharing sensitive information or introducing malware, is one of the oldest tricks in the cybercrime book.
But the “spray and pray” approach, where cybercriminals try to maximize the volume of their scam to get the biggest returns, has been updated over the years, Nash says.
“Technologies have made it easier to improve identity theft,” he explains. “It costs very little to buy a domain that looks very similar to the real thing. It’s a misspelling, or they use a lowercase ‘L’ to replace a capital ‘I’.” There are a lot of different ways to set this up.”
From bogus websites to texting systems, cyber crooks are adept at weaving websites that look legitimate. A link sent by SMS can redirect to an authentic-looking site, for example.
“The further you go down those paths, if the opponents are tying things together and overlapping them, the more confidence that creates,” Nash says. “If you believed the first thing, then everything else is going to reinforce that as a potential victim.”
And the schemes themselves also run the gamut, though non-delivery scams, where shoppers are tricked into buying something that never arrives, and gift card hoaxes, where people are tricked into paying with practically unobtainable gift cards or buying them remain some of the most common.
Another rich arena for scammers? Social media.
“Social media is a huge opportunity,” says Nash, “to build social media accounts and attract people, especially if you’re dealing with social media platforms that don’t do a particularly good job of regulating what is a valid account versus what is not.”
And if you fall for a scam posting, all it takes is one click and disaster strikes. Click that link promising the deal of a lifetime to the first 500 customers, and you risk having your personal information stolen or your device compromised.
Related: How to avoid getting scammed by influencers with fake followings
How to avoid online scams on Black Friday and Cyber Monday
So how can you stay safe when shopping for some of the (legit) best deals of the year?
First, never forget that if a good deal seems too good to be true, it probably is, says Nash.
Once you suspect you might be a target, do your own investigation. For example, if you receive an amazing offer with a link attached, don’t click on it.
Instead, take a look at that web address, suggests Nash, looking for any changes to a genuine retailer’s URL, whether it’s one of those misspellings or capitalization exchanges. Copying the address into a Word document and changing the font can make it easier to spot the discrepancies.
You should also pay close attention to the message itself. Poor English and grammatical errors are red flags, says Nash.
Another simple tactic? Type the offer in your browser to see if it appears elsewhere.
“If you start googling it and you’re kind of the only person who seems to know where this thing is, chances are it doesn’t exist,” Nash says. “You’re not that special. None of us are.”
It is also recommended to avoid divulging sensitive information as much as possible, even when websites appear legitimate. Consider using a separate credit card for online orders; some financial institutions even offer virtual credit cards. Both options can prevent cybercriminals from moving “sideways into the rest of your finances,” says Nash.
Related: 11 Ways to Protect Your Business From Cybercriminals
Along the same lines, it’s important to make sure that you use different usernames and passwords for all of your accounts.
“If they cheat you on the website and you leak your information, [for a] a lot of people it means you’re giving it your all because you didn’t just give that Visa or MasterCard,” says Nash. “Turns out that’s the only username and password used for everything. Now more than ever is the time of year to remember to randomize passwords and use password management and two-factor authentication.”
If you make a purchase and have doubts afterwards, it may not be too late to protect yourself. Start by seeing if you received a confirmation email with tracking information – if you haven’t, that’s a bad sign.
“It happened to me maybe 10 years ago,” Nash says. “I got a laptop – it was a little too good to be true, but not crazy. And I got a tracking number that didn’t match; the post office couldn’t figure it out, et cetera. Well, lo and behold, this laptop never made it to my house.”
But depending on your payment method and associated insurance terms (which you should check before shopping), you may be able to get that money back, Nash notes.
Keep These Strategies in Mind for Success and safe cyber week this year.