Black Friday’s coming, and that means huge rebates and sales. Actually, the hype has already started and the sales have begun. If you have ever tried shopping offline on that day, you probably vowed not to do it again. Ever. No matter what. Offline shopping on Black Friday and Cyber Monday hurts — sometimes literally.
Why shiver on the street waiting for a store to open when you can shop while lying on your couch, right? Online shopping is really convenient, and you won’t get crushed by a crowd of manic shopaholics.
That’s true, but online shopping has its own dangers, and Black Friday and Cyber Monday followed by Christmas sales are the high season for cybercriminals. As you are trying to get a shiny new TV or a pair of jeans for the price of a pair of socks, bad guys are trying just as zealously to steal your money. For example, as our statistics show, the number of phishing pages that target financial data spikes by about one-third (about 9 percentage points) every Q4, which is really a lot.
How do you stay safe and still have some fun shopping on Black Friday? We have advice for you, but first let us describe the most common types of scams that might await you during this season of sales.
Beware of fake shops
The fact about online shopping that amuses me the most is that you basically exchange your money for a promise to deliver something to you. Really, during that 1–7 day period, your money is already gone and all you have is an e-mail saying that your precious something is on the way.
Not all promises are kept, and sometimes bogus shops have nothing to back up their promises. They get your money or your credit card data and disappear. These shops tend to have three things in common:
One more thing: Criminals also try to mimic popular shops to steal your credit card data. So check the URLs carefully. If it’s BustBoy.com or something like that instead of BestBuy.com, don’t do anything on the site, and especially don’t input your financial data in its forms.
Don’t be fooled by fake delivery messages
Phishing relies heavily on social engineering, and social engineering in turn relies on your wanting something or being accustomed to something. So if you ordered a bunch of stuff and are waiting for the packages to show up at your door — as people do around this time of year — an e-mail entitled “Information about your order” or “Delivery confirmation from SomeMart” might seem legitimate, and important enough for you to open it and even download the attachments or follow the links in it.
That simple scenario is the essence of holiday shopping social engineering. The letter is not necessarily legitimate; it could be a fake sent by criminals who want to lure you into downloading malware such as banking Trojans or ransomware, or sending them your personal data. So before opening such letters make sure the e-mail address of the sender seems right (from someone@bestbuy.com, not someone@bustboy.com).
Why shiver on the street waiting for a store to open when you can shop while lying on your couch, right? Online shopping is really convenient, and you won’t get crushed by a crowd of manic shopaholics.
That’s true, but online shopping has its own dangers, and Black Friday and Cyber Monday followed by Christmas sales are the high season for cybercriminals. As you are trying to get a shiny new TV or a pair of jeans for the price of a pair of socks, bad guys are trying just as zealously to steal your money. For example, as our statistics show, the number of phishing pages that target financial data spikes by about one-third (about 9 percentage points) every Q4, which is really a lot.
How do you stay safe and still have some fun shopping on Black Friday? We have advice for you, but first let us describe the most common types of scams that might await you during this season of sales.
Beware of fake shops
The fact about online shopping that amuses me the most is that you basically exchange your money for a promise to deliver something to you. Really, during that 1–7 day period, your money is already gone and all you have is an e-mail saying that your precious something is on the way.
Not all promises are kept, and sometimes bogus shops have nothing to back up their promises. They get your money or your credit card data and disappear. These shops tend to have three things in common:
- You’ve never heard of them;
- They rely heavily on advertising;
- They have really breathtaking deals: a brand new iPhone for $200 or something like that.
One more thing: Criminals also try to mimic popular shops to steal your credit card data. So check the URLs carefully. If it’s BustBoy.com or something like that instead of BestBuy.com, don’t do anything on the site, and especially don’t input your financial data in its forms.
Don’t be fooled by fake delivery messages
Phishing relies heavily on social engineering, and social engineering in turn relies on your wanting something or being accustomed to something. So if you ordered a bunch of stuff and are waiting for the packages to show up at your door — as people do around this time of year — an e-mail entitled “Information about your order” or “Delivery confirmation from SomeMart” might seem legitimate, and important enough for you to open it and even download the attachments or follow the links in it.
That simple scenario is the essence of holiday shopping social engineering. The letter is not necessarily legitimate; it could be a fake sent by criminals who want to lure you into downloading malware such as banking Trojans or ransomware, or sending them your personal data. So before opening such letters make sure the e-mail address of the sender seems right (from someone@bestbuy.com, not someone@bustboy.com).