Black Friday, synonymous with unbeatable deals and the kickoff to the holiday shopping season, also marks a high season for Black Friday scams. From phishing emails that convince us they are honest to advertisements pretending to be one company and directing us to a fake website, Black Friday can be more hassle than joy for many people with the continual rise in cyber security threats. Barclays have recently warned that they expect a 22% increase in Black Friday Scams in 2023.
To avoid falling for Black Friday scams, we aim to educate you with tips and tricks to help you stay safe online whilst providing examples for you to be aware of.
Fake Websites
What is a fake website?
A fake website is a fraudulent internet site that mimics a legitimate business or retailer’s site. These websites deceive visitors into believing they are shopping on an authentic online. They often have URLs that appear like the genuine retailer’s domain/website address, and feature logos, layout, and branding are almost identical to the real website.
How to spot a fake website?
Spotting a fake website involves a keen eye and attention to detail. Here are some tips to help you identify potentially fraudulent websites:
Check the URL Carefully: Look for subtle misspellings or incorrect domains (e.g., “.co” instead of “.com”). Scammers often use a web address slightly different from a legitimate one.
Look for HTTPS: A secure website should have a URL that begins with “https” – the “s” stands for secure. Also, a padlock icon next to the URL in the browser indicates that the site uses encryption to protect your data.
Examine the Website Design: Fake websites may have poor design quality, low-resolution images, and typos or grammatical errors. Legitimate businesses typically maintain a professional appearance online.
Read User Reviews: Look up the website’s name with the word “reviews” or “scam” to see if other users have reported it as fraudulent.
What do you do if it’s a fake website?
In the UK, if you encounter a fake website, you should take the following actions:
STOP: Do not enter any more personal information on the site or engage in any transactions.
Report to Action Fraud: Action Fraud is the UK’s national reporting centre for fraud and cybercrime. You can report fraudulent websites and other online scams to them via their website or by calling them.
Notify Your Bank: If you’ve made a payment or suspect your financial details have been compromised, contact your bank immediately. They can monitor your account for suspicious activity and help with steps to secure your account, such as replacing your credit/debit card.
Change Passwords: If you suspect your credentials may have been compromised, change your passwords on other sites where you may have used the same password.
Check for Malware: Use reputable antivirus software to scan your computer or device to ensure no malware was downloaded from the fake site.
Phishing Emails and Text Messages
Phishing emails are a cyberattack where scammers masquerade as trustworthy entities to deceive you into providing sensitive information, such as login credentials, credit card numbers, or personal identification details. These emails often create a sense of urgency, fear, or curiosity, prompting you to act quickly without due diligence.
How Phishing Emails Work
Phishing emails typically follow a pattern designed to lure you into a trap:
Impersonation: They may appear to come from a reputable company, a bank, a government agency, or even friends and family members.
Urgent or Threatening Language: The message often insists on immediate action, threatening negative consequences like account closure or legal action.
Suspicious Attachments or Links: These emails may include attachments that can install malware on your device or links that redirect you to fake websites.
Request for Information: They often ask you to confirm or update personal information, which legitimate organisations would not request via email.
Why Are Phishing Emails Dangerous?
The dangers of phishing emails are significant and multifaceted:
Identity Theft: By obtaining your details, scammers can impersonate you, access your accounts, and commit fraud.
Financial Loss: Providing financial information can lead to unauthorised transactions and financial theft.
Malware: Phishing emails can spread malware, leading to data breaches or system damage.
What do you do if you open a phishing email?
If you suspect an email is a phishing attempt:
Do Not Respond or Click on Any Links: Interacting with the email can compromise security.
Report the Email: Forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org or the organisation being impersonated.
Delete the Email: Remove the email from your inbox to prevent accidental interaction in the future.
Use Email Filters: Set up your email account to automatically filter out potential phishing emails.
For more information on phishing emails, check out: avoiding phishing emails.
Why do I keep getting phishing emails?
You might keep receiving phishing emails due to a combination of factors, including your email address being widely available or exposed in a data breach, and the persistent nature of scammers. Here’s a closer look at why this happens:
Publicly Available Email: If your email address is publicly listed on websites, social media, forums, or other online platforms, it’s easy for scammers to find and target you.
Data Breaches: When companies with your email information suffer data breaches, your details may end up in the hands of cybercriminals. These breaches can include not just email addresses but also passwords, which can lead to more targeted phishing attempts.
Widespread Email Lists: Scammers often purchase or exchange lists of email addresses on the dark web. If your email is on one of these lists, it could be circulated among various fraudulent actors.
Automated Tools: Scammers use software that automatically sends out mass phishing emails to large numbers of recipients, hoping for a few responses.
Successful Scams: If you’ve responded to a phishing email in the past, your email address might be flagged as active, making you a prime target for future scams.
Spam Filters: If your business emails are continually flooded with spam, it may be worth contacting a cyber security and IT support company that can implement measures to filter out spam and dangerous emails. Sometimes, your email provider’s spam filters may not catch all phishing attempts, especially if they’re sophisticated or well-disguised, therefore, if you’re looking to take cyber security seriously, reach out today.
Fake Social Media Advertisements
Fake social media ads are fraudulent advertisements on platforms like Facebook, Instagram, and Twitter. They are designed to look like legitimate promotions but are created by scammers with malicious intent. These ads can lead to counterfeit products, phishing sites, or other scams.
Why do scammers target social media advertisements?
Scammers target social media advertisements as they can make a copy of brands’ advertisements and use them to target their audience, making the advertisements look real. Facebook and Instagram are the perfect places for scammers to create fake social media advertisements, and that’s why they do this all year round.
How do you avoid falling for fake social media advertisements?
There are a few ways to avoid a fake social media advertisement.
To spot fake ads, consider the following tips:
Verify the Brand’s Official Page: Check if the ad is posted from the brand’s verified social media account.
Research the Offer: Look up the product or deal online to see if it’s available elsewhere and compare prices.
Examine the Ad’s Comments: Users often leave comments under fake ads, calling them out as scams.
Check the URL: If the ad leads to a website, ensure the URL is correct and the site is secure (https).
Be Wary of Required Personal Information: Legitimate ads will not require sensitive information upfront.
But as the saying goes, it probably is if it looks too good to be true.
Popular Black Friday Scams
The Dyson Scams
A person on the r/Scams Reddit forum posted how her best friend purchased a Dyson Airwrap and never received confirmation. It turns out the best friend purchased from a fake website. The Reddit user posted a screenshot here. Be careful when purchasing online, and take into account our tips above. As mentioned, always check the URL. It can be an obvious giveaway most of the time.
Amazon Black Friday Scams
It wouldn’t be Black Friday if there weren’t an Amazon scam. Amazon is one of the largest companies in the world, and having that privilege means it is an easy target for cybercriminals. There are new scams continually when it comes to Amazon, but one of the main Amazon Black Friday scams is the ‘Packagae couldn’t be delivered’ scam.
The ‘Package Couldn’t Be Delivered’ scam, used by those impersonation Amazon, will send forms of communication such as text and email saying your parcel couldn’t be delivered; click here to rearrange. By doing so, you will fill out your information, and the cybercriminals will have access to your account credentials.
It’s pretty evident that these are scams, especially when you haven’t ordered anything. However, due to the holiday season and Black Friday sales, you may likely have purchased an item for yourself or a family member/friend. This sometimes does make you second guess this scam.
Unfortunately, this scam still works, which is why we receive so many phishing emails daily.
How to Report a Fake Website
In the UK, if you come across a fake website, you should report it to the appropriate authorities to help prevent others from falling victim to potential fraud. Here’s how you can report a fake website:
Action Fraud: Report the fake website to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can do this through their online reporting tool or by calling them.
National Cyber Security Centre (NCSC): If the website poses as a government website or service, you can report it to the NCSC using their online reporting service.
Citizens Advice: For general advice and to report scams, you can contact Citizens Advice. They can also guide you on what to do next and how to get your money back if you’ve been scammed.
Report a Website to the Hosting Providers: if you’re a bit more technical, you may be able to find out where the website is being hosted from. The tool can be found here. You can then contact the hosting platform who will take a look.
Consumer Protection Agencies: Report the website to consumer protection agencies such as Trading Standards via the Citizens Advice consumer service.
Social Media Platforms: If the fake website is being promoted through social media ads or profiles, use the reporting mechanisms on the platform to report the fraudulent activity.
Conclusion
Black Friday Scams will never go away, and we, as a community, will have to stay vigilant and learn to keep up-to-date with the latest cyber security threats.
Excellence IT is a cyber security-focused Managed Service Provider (MSP) located close to Cardiff and works with businesses all around South Wales. With over 20 years of experience, we have successfully transformed hundreds of businesses, establishing our reputation as a trusted partner in the IT landscape.
Writes about IT and Cyber Security.
