By 4 pm on Black Friday of 2018, online sales had reached a 46% increase over the 2017 figures. We all love a bargain and the Black Friday/Cyber Monday weekend provides them in droves. During the Black Friday sales of 2018, we Brits spent a mega £1.4 billion on sales goodies.
Black Friday is something to look forward to for anyone looking to buy presents too as Christmas draws near. But the money pouring out of our online pockets attracts cybercriminals like moths to the light.
In 2018, we experienced Black Friday scams galore; no doubt, as sales increase and as our appetite for buying via websites and mobile devices increases, we will see more scams during Black Friday 2019.
But no one wants to be a victim of a phishing scam at any time of the year. However, with the onslaught of Black Friday scams about to hit our inbox, how do we know if we are being scammed and how can we stop it happening?
Tell-Tale Signs of a Black Friday Scam
The most common way that cybercriminals make the most of events like Black Friday is by using phishing campaigns. An example of a similar type of scam is the Amazon Prime day scam. This scam, like a Black Friday scam, uses all of the hallmarks of a clever phishing campaign, including:
- Ensuring the email looks convincing by applying the correct branding used by the legitimate company (e.g., Amazon).
- Using a ‘you don’t want to miss this!’ type offer to lure unsuspecting customers – include an element of Fear of Missing Out (FOMO) for good measure.
- Coincide the phishing campaign with a legitimate sales event (such as Prime Day or Black Friday)
As Amazon holds around 26% of the Black Friday market, chances are, scammers will use the Amazon brand to attempt to scam customers.
But it won’t just be the Amazon brand that is used to trick shoppers. And, it won’t just be phishing emails. Messaging apps and social platforms are increasingly being used as part of wider Black Friday campaigns. In 2018, WhatsApp was used to trick Black Friday shoppers, by offering 99% off vouchers, for example.
Similarly, fraudsters are using social platforms, like Facebook, to propagate Black Friday phishing scams. In 2018, Facebook was used to post ‘money off coupons’ to entice users to click on malicious links. It is likely that similar vouchers and engaging content will be posted across social platforms in an attempt to phish people over the Black Friday weekend.
Be aware and be careful what you click on during this period, in particular.
Tips to Protect You, Your Family, and Your Customers from Black Friday Scams
Black Friday scams are much like any other scam. The difference is that they are highly targeted in line with an event. By focusing on an event, the cybercriminals behind the fraud might capture excited individuals who are looking for a bargain. The elusive ‘knee-jerk’ reaction is always a winner for the fraudster. To prevent yourself or others being a victim of a Black Friday fraud, follow our tips:
Tips for the individual
Being safe while shopping needs security awareness from an individual perspective; these tips should be your ‘go to’ checklist to shopping with security:
- Use a credit card to shop online – Section 75 of the Consumer Credit Act protects you for purchases over £100 up to £30,000.
- Being security aware – Know what the tricks of phishing and other social engineering scams are all about.
- Safe websites – Is the site you are visiting show that the URL that starts with HTTPS, e.g., https://www.sitename.com?. Be careful to check the website address as fraudsters can swap out one or two letters in a web address to make it look like the real website.
- Safe Wi-Fi – Always use a secure Wi-Fi connection to log in to any online account and when making online payments.
- Be wary of mobile apps – Scammers have been using fake mobile apps to trick shoppers into buying fake goods.
Tips for the retailer
If you are an online retailer you should help make your customers shopping experience as safe as possible:
- Sign up to use the latest secure payment options. Recently, a new banking standard, EU Payments Services Directive (PSD2) was brought in to ensure secure authentication (SCA) is used when an online payment is made.
- Ensure that your website uses encryption (HTTPS) whenever you capture data or take a payment.
- Avoid using links in any emails you send to customers; encourage customers to go directly to your site instead.
- Secure your website against common attacks. Check out the OWASP top ten security issues to know where your website may have security vulnerabilities.
- Follow good data privacy practises such as the EU’s General Data Protection Regulation and the UK’s DPA2018.
Hopefully, after reading our security tips, you will be able to go all out on Black Friday and spend, spend, spend, without worrying that you’ll be scammed, scammed, scammed, instead.