Black Friday promotions have dominated the month of November as retailers try to cash in on the sales-heavy month.
But as the shopping day approaches, scammers will also try to take advantage of the Black Friday and Cyber Monday hype.
Black Friday Scams
1. Black Friday Phishing
Phishing scams aim to harvest your payment and banking details. This is usually done through emails, but on days like Black Friday, fake deal websites are common.
These websites will offer a deal or sale and ask you to register your banking details. Many of these sites will pose as major retailers and send you an email offering you a deal.
Phishing emails on Black Friday also sometimes pose as your bank, according to Kaspersky. They will pretend your bank is running a sale in partnership with a retailer and ask you to log into your bank account to view deals.
However, the mail will send you to a phishing site that mimics your bank login page. Once you enter your data, cybercriminals will have the details they need to drain your bank account.
2. Banking Trojans on Black Friday
Banking Trojans are a type of malware that harvest user details on e-commerce sites, including banking details.
“This means they can modify online page content and steal credentials entered, while the victim will keep thinking that they enter login and password to legitimate fields on the website,” Kaspersky says. “Because of this, cybercriminals can monitor a hacked user’s online behavior, such as which sites they visit while on the infected device.”
The malware activates when it detects the user visiting an e-commerce site. These trojans exist on both desktop computers and mobile devices.
3. Hijacking retail sites on Black Friday
Scammers also target e-commerce websites themselves on Black Friday and Cyber Monday. They can infect the websites with malware to redirect users or harvest details.
This includes popups that redirect you to a phishing website.
How To Stay Safe on Black Friday
So with so many scams out there, how do you stay safe while shopping online on Black Friday and Cyber Monday?
Here are a few tips from KnowBe4’s Black Friday security alert:
Never click on links in emails. If you want to shop at a site, rather enter the site address directly into your browser.
Don’t open attachments with special offers. Retailers won’t attach offers to your email as a separate file.
Watch for malicious ads and popups. Rather don’t follow any external ads or popups that appear while you’re shopping online.
Use your credit card when shopping online. KnowBe4 suggests using your credit card over your debit card when shopping online. After all, credit cards have a limit, whereas a debit card gives access to all your banking account funds.
Don’t re-use passwords across sites. If you re-use your passwords across accounts and retail sites, scammers only need to harvest details from one site to access many others. Rather use a password manager than generates strong passwords and saves them for different sites.
Don’t shop over public Wi-Fi. Public Wi-Fi poses a number of security threats and can allow malicious actors to access your online activity.
Only buy gift cards from trusted sources. Gift card scams are very prevalent across the holiday season. Only buy gift cards from sites you know and trust.
Keep an eye on your credit card and bank accounts. It doesn’t hurt to be extra vigilant during this time of year. Keep an eye on your accounts. You can use your banking app to easily check your balance and limits.
Some other tips include:
Use two-factor authentication (2FA) for online purchases. Enabling 2FA with your bank means that you will be asked to confirm a purchase made online with your card before it goes through. This confirmation is sent to your phone number. It’s an extra layer of security that will alert you if someone is trying to purchase something online with your card.
Only buy from sites you know. Deals may tempt you to try out a new retailer. But if you have never heard of a site and don’t know anyone who can vouch for it, rather avoid it.
Check the site’s security and payment methods. Browsers like Chrome let you know if a site is not secure or if its security certificate has expired. These sites are more likely to fall victim to malware infections. If you see an alert that a site is not secure, avoid it. Also make sure that the site you are buying from uses a secure payment method like Ozow, Payfast, or official credit card payment methods (such as the Mastercard Payment Gateway).