Dirk41

Level 17
Verified
Top poster
Well-known
Mar 17, 2016
798
Black Friday’s coming, and that means huge rebates and sales. Actually, the hype has already started and the sales have begun. If you have ever tried shopping offline on that day, you probably vowed not to do it again. Ever. No matter what. Offline shopping on Black Friday and Cyber Monday hurts — sometimes literally.

Why shiver on the street waiting for a store to open when you can shop while lying on your couch, right? Online shopping is really convenient, and you won’t get crushed by a crowd of manic shopaholics.



That’s true, but online shopping has its own dangers, and Black Friday and Cyber Monday followed by Christmas sales are the high season for cybercriminals. As you are trying to get a shiny new TV or a pair of jeans for the price of a pair of socks, bad guys are trying just as zealously to steal your money. For example, as our statistics show, the number of phishing pages that target financial data spikes by about one-third (about 9 percentage points) every Q4, which is really a lot.

How do you stay safe and still have some fun shopping on Black Friday? We have advice for you, but first let us describe the most common types of scams that might await you during this season of sales.

Beware of fake shops
The fact about online shopping that amuses me the most is that you basically exchange your money for a promise to deliver something to you. Really, during that 1–7 day period, your money is already gone and all you have is an e-mail saying that your precious something is on the way.

Not all promises are kept, and sometimes bogus shops have nothing to back up their promises. They get your money or your credit card data and disappear. These shops tend to have three things in common:

  • You’ve never heard of them;
  • They rely heavily on advertising;
  • They have really breathtaking deals: a brand new iPhone for $200 or something like that.
If you see a deal that is too good to be true, it’s not true, so don’t fall for it. And on Black Friday and during other hyped sale days, it’s better to stay on the safe side and buy only from the online stores you already know.

One more thing: Criminals also try to mimic popular shops to steal your credit card data. So check the URLs carefully. If it’s BustBoy.com or something like that instead of BestBuy.com, don’t do anything on the site, and especially don’t input your financial data in its forms.

Don’t be fooled by fake delivery messages
Phishing relies heavily on social engineering, and social engineering in turn relies on your wanting something or being accustomed to something. So if you ordered a bunch of stuff and are waiting for the packages to show up at your door — as people do around this time of year — an e-mail entitled “Information about your order” or “Delivery confirmation from SomeMart” might seem legitimate, and important enough for you to open it and even download the attachments or follow the links in it.

That simple scenario is the essence of holiday shopping social engineering. The letter is not necessarily legitimate; it could be a fake sent by criminals who want to lure you into downloading malware such as banking Trojans or ransomware, or sending them your personal data. So before opening such letters make sure the e-mail address of the sender seems right (from someone@bestbuy.com, not someone@bustboy.com).
 

soccer97

Level 11
May 22, 2014
511
Other advice: Disable Adobe Flash Player in your browsers- as they may be targeted, consider using Mozilla Firefox (as it was just updated to v50.0 on Tues Nov 15th, so it *may* be one of the most patched at the moment, and run your AV/Internet Internet Security product's Update mechanism every 2 hours or so. Maybe that's overkill, but you can't be too careful. Also, when shopping online, pay with credit, not debit cards. Many articles will tell you you have more protection against bad charges!

Also, make sure you check the url you type and watch for typo squatting!
 

tim one

Level 21
Verified
Helper
Top poster
Malware Hunter
Jul 31, 2014
1,091
About "fake shops" or online services, I would like to add that if you write "malware removal" on Google, on the top of the results you can get a list of sites (also automatically translated in my language), that with the malware removal have nothing in common.
They redirect the user to a more or less legitimate sites of security vendors or they are subjected to ads or malversting or asking for money and I consider them as honeypots for novice users maybe really concerned about a malware problem.

This is thanks to a good SEO job:

"Search engine optimization (SEO) is the process of affecting the visibility of a website or a web page in a web search engine's unpaid results—often referred to as "natural", "organic", or "earned" results. In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users, and these visitors can be converted into customers".(from Wikipedia).

Some of these sites show the keyword for the specific term you search, (such as "iRansom") deceiving the user about the real nature of the website.
It is better to be aware of these suspicious sites, giving the well-known and reviewed web pages.

It is a social engineering technique that works on various levels through redirects, and it can lead to the simple advertising, but also malware.

I have experience in my geographical area but I guess that the same happens also elsewhere.
 

soccer97

Level 11
May 22, 2014
511
About "fake shops" or online services, I would like to add that if you write "malware removal" on Google, on the top of the results you can get a list of sites (also automatically translated in my language), that with the malware removal have nothing in common.
They redirect the user to a more or less legitimate sites of security vendors or they are subjected to ads or malversting or asking for money and I consider them as honeypots for novice users maybe really concerned about a malware problem.

This is thanks to a good SEO job:

"Search engine optimization (SEO) is the process of affecting the visibility of a website or a web page in a web search engine's unpaid results—often referred to as "natural", "organic", or "earned" results. In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users, and these visitors can be converted into customers".(from Wikipedia).

Some of these sites show the keyword for the specific term you search, (such as "iRansom") deceiving the user about the real nature of the website.
It is better to be aware of these suspicious sites, giving the well-known and reviewed web pages.

It is a social engineering technique that works on various levels through redirects, and it can lead to the simple advertising, but also malware.

I have experience in my geographical area but I guess that the same happens also elsewhere.

I see it all of the time, even Google especially for technical support for some AV products (that are other companes that charge fees). Just use a little extra caution.
 

XIII

Level 5
Sep 20, 2016
162

jamescv7

Level 85
Verified
Helper
Mar 15, 2011
13,082
Make sure to go on trusted online shops, although having HTTPS does not mean you are safe but secures your transaction; however extra careful if it's fake website holding a legitimate certificate.

Adblockers are good to filter out advertisement, which usually have exaggerated promos displayed on search links and other sites.

Review the transactions done by other customers if its valid or not.
 
  • Like
Reactions: soccer97 and Dirk41

Sophia Jan

Level 1
Sep 11, 2018
11
Black Friday’s coming, and that means huge rebates and sales. Actually, the hype has already started and the sales have begun. If you have ever tried shopping offline on that day, you probably vowed not to do it again. Ever. No matter what. Offline shopping on Black Friday and Cyber Monday hurts — sometimes literally.

Why shiver on the street waiting for a store to open when you can shop while lying on your couch, right? Online shopping is really convenient, and you won’t get crushed by a crowd of manic shopaholics.



That’s true, but online shopping has its own dangers, and Black Friday and Cyber Monday followed by Christmas sales are the high season for cybercriminals. As you are trying to get a shiny new TV or a pair of jeans for the price of a pair of socks, bad guys are trying just as zealously to steal your money. For example, as our statistics show, the number of phishing pages that target financial data spikes by about one-third (about 9 percentage points) every Q4, which is really a lot.

How do you stay safe and still have some fun shopping on Black Friday? We have advice for you, but first let us describe the most common types of scams that might await you during this season of sales.

Beware of fake shops
The fact about online shopping that amuses me the most is that you basically exchange your money for a promise to deliver something to you. Really, during that 1–7 day period, your money is already gone and all you have is an e-mail saying that your precious something is on the way.

Not all promises are kept, and sometimes bogus shops have nothing to back up their promises. They get your money or your credit card data and disappear. These shops tend to have three things in common:

  • You’ve never heard of them;
  • They rely heavily on advertising;
  • They have really breathtaking deals: a brand new iPhone for $200 or something like that.
If you see a deal that is too good to be true, it’s not true, so don’t fall for it. And on Black Friday and during other hyped sale days, it’s better to stay on the safe side and buy only from the online stores you already know.

One more thing: Criminals also try to mimic popular shops to steal your credit card data. So check the URLs carefully. If it’s BustBoy.com or something like that instead of BestBuy.com, don’t do anything on the site, and especially don’t input your financial data in its forms.

Don’t be fooled by fake delivery messages
Phishing relies heavily on social engineering, and social engineering in turn relies on your wanting something or being accustomed to something. So if you ordered a bunch of stuff and are waiting for the packages to show up at your door — as people do around this time of year — an e-mail entitled “Information about your order” or “Delivery confirmation from SomeMart” might seem legitimate, and important enough for you to open it and even download the attachments or follow the links in it.

That simple scenario is the essence of holiday shopping social engineering. The letter is not necessarily legitimate; it could be a fake sent by criminals who want to lure you into downloading malware such as banking Trojans or ransomware, or sending them your personal data. So before opening such letters make sure the e-mail address of the sender seems right (from someone@bestbuy.com, not someone@bustboy.com).

thanks alot for the knowledge
 
Top