While you are searching for the best Black Friday deals, beware of the impending Black Friday scams that come along with them. With so many purchases and transactions taking place on this day, cyber criminals seek to take advantage of all the personal information being shared online. This is why it is critical to take extra care while making purchases or surfing deals come November 24th.
If you are a security professional, share this article with your team to help them protect their personal information, and if you are just an everyday bargain shopper, here’s everything we can tell you about the most popular Black Friday and Cyber Monday scams:
Spoofed order confirmation emails
What happens
One of the most popular Black Friday and Cyber Monday scams is the fake Amazon order emails. Targets will receive emails that look the exact same as a typical Amazon order confirmation, except the order is one they never made. This causes them to investigate, clicking on the link in the email which brings them to a fake website with a fake customer service number. When the victim calls the customer service desk the scammers don’t answer but call back later ready to take their credit card information.
Photo by rupixen.com on Unsplash
"It’s been a “super-fantastic” experience to see people learning and talking about security threats."
For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
The most difficult part of this scam is that the email, website, and phone call will look the exact same as when Amazon does it, making it hard for anyone without prior knowledge of this scam to realize that they are being taken advantage of.
What to do
Always do your own research rather than following a link. First, check if the email address the message is coming from matches previous real emails you’ve received from the company. If not, the message is likely not real.
If you’d like to investigate more, open a new window and go to your Amazon account yourself to verify if the order is real. If you are still concerned, do your own search for the Amazon help desk number and call the number you find rather than the one given in an email.
Spoofed “your transaction didn’t go through” emails
What happens
Cyber criminals track your shopping and are able to send emails that notify you that your transaction did not go through. The attacker preys on the urgency of sales by claiming that you’ll lose out on the deal or not receive your items if you don’t confirm your credit card information now.
What to do
Again, cyber criminals have gotten so good that it is extremely difficult to tell their emails from an actual transaction failure email. An email prompting you that a payment has failed is uncommon, as companies will typically not let you off the site unless payment is confirmed, so if you receive this email, immediately be suspicious.
The name of the game of Black Friday and Cyber Monday should be to verify, verify, verify. If you receive an email claiming one of your purchases didn’t go through, verify if this is true. Go to the website yourself (not the one linked in the email) and see if your order is there. Check your bank statement to see if the money was taken out. And when in doubt, do your own research to find the Help Desk of the company and ask them for help.
SMS phishing fake sale scams
What happens
Amongst the influx of real Black Friday SMS notifications, attackers will send fake SMS messages claiming to have an urgent, incredible sale at a well-known store. The SMS contents often include an offer link, which, once clicked, requests your payment details, all in an attempt to steal your personal data. The scammers typically prey on urgency, claiming that you will only receive the deal by clicking this link within a certain amount of time.
What to do
Before clicking on any SMS (or email) link you receive, preview the URL. Is the domain the same as the real website of who the sender is claiming to be? Be careful of URLs that are only one letter or punctuation off.
Even if the URL looks real, take the time to shop the sale in another way. Go to the store’s website through your own search and see if you can find the sale there.
Fake charities
What happens
Scammers seek to take advantage of the generous holiday spirit by luring people into donating to them during Black Friday. The scammers will reach victims through email, text, and most commonly, phone calls. Over the call, they’ll play into people’s emotions by using storytelling and social engineering claiming to be a fake charity looking for donations. They’ll then ask for the victim’s card information in order to obtain access to their banking.
What to do
If you’d like to donate to a charity this holiday season, choose a trusted charity that is verified to be legitimate. Start the process yourself by finding out how to donate by going to their website or in-person locations. Donating physical items or volunteering your time are both great charitable options that help avoid giving out your financial information over the phone.
If you find yourself in the situation of being on a phone call with a charity and you feel the urge to help or donate, ask them the name of the charity, tell them you’ll donate on your own time, and hang up. Then, do your own research to see if the charity is legitimate and discover how you can donate in a safer way.
Socially Engineered Secret Santa Groups
What happens
During Black Friday and the holidays, scammers use social engineering tactics to create fake Secret Santa groups on social media. They prompt people to join these groups by claiming that it’s a fun Christmas tradition and you can receive hundreds of dollars in gifts by only giving a small gift yourself. Victims send their $10 gift card and then likely receive nothing in return.
What to do
Keep gift-giving in-person and to people you know. While this may seem like a fun way to connect with new people, you are likely to end up with no gifts and out the $10.00 you spent. If you want to get into the Secret Santa spirit, create a group with people you know and trust and consider giving the gifts in person.
It’s essential to take extra caution during Black Friday and Cyber Monday sales. These sale holidays are filled with urgency and quick decisions, but do your best to encourage yourself and others to take the time to pause and question the messages you are receiving. When in doubt, verify the source, do your own research, and check for known domains or addresses. Happy shopping and stay safe!
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.
Cyber Security
Phishing Defense
Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.
Social Engineering Defense
Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.
Cyber Security Awareness for Remote Workers
Home-based workers are vulnerable to cyber attacks. Build team immunity today.
Privacy and Compliance
PCI Compliance Awareness
When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.
Gamified HIPAA Compliance Awareness
If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).
Gamified Learning Platform
Active Awareness Platform
Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.
