Black Friday got its name from the idea that retailers would, in a single day, shift their balance sheets from red to black. Unfortunately, black is now the mood left behind after bank balances and systems have been compromised due to cybercriminals taking advantage of the sales and the hype.
Criminals take advantage of the fact that consumers want bargains, so they create smart hacks and clever traps that lure people into making mistakes that could cost them much more than just money.
As Stephen Osler, co-founder and business development director at Nclose, emphasises, it’s very easy to make mistakes during Black Friday, especially after you’ve spent time preparing your lists and looking for bargains – you’re not paying attention to the warning signs.
“There is a significant rise in online activity in the weeks leading up to Black Friday as shoppers assess the deals and look for the best offers,” he explains. “Now, cybercriminals are fully aware of these trends and how hungry people are for deals – especially in these tight economic times – so they create fake websites, false deals and clever campaigns designed specifically to lure people in.”
One of the ways in which criminals lure you in is to create a fake website that looks like the real thing and has everything a genuine website would have, only that it has exceptional deals on popular products. The goal is to get you to go all the way through to checkout and to then use a fake payment page to phish your details and gain access to your bank accounts and passwords. The mantra here is simple – to protect yourself, if a deal looks too good to be true, it probably is.
“Phishing, spear phishing, smishing – all these attacks are designed to get your credentials and then use them to either get into your bank account or launch a ransomware attack against your business,” says Osler. “The mayhem and hype of Black Friday sales and online offers are the perfect cover for this level of underhanded activity. While the idea that a hacker would grab your credentials so they can attack your place of work is the worst-case scenario, it’s not an impossible one. It’s happened in the past and will happen again.”
Another clever tactic is to ask you to use an alternative payment method from the usual, like iTunes vouchers or eWallet. This is not a standard transactional method like EFT or cash, and is very likely a scam that’s being used to get you to purchase fake iTunes vouchers or enter your details into a fake website. These methods of payment also are hard to track, so you may pay the money but never see the products because neither the company nor the items exist.
“If you are going to use platforms like Facebook Marketplace to score your deals, make sure you meet somewhere public to get your products, like the police station or the petrol station,” warns Osler. “This is a safe space from which to manage any negotiations and you are more protected if someone tries anything dangerous or illegal. Finally, keep the concept of malicious actors at the forefront of your thinking the whole Black Friday day and Cyber Monday – they’re there, so be aware.”
Black Friday cons and scams and phishes and attacks are everywhere, but they do not have to ruin your enjoyment of the event or your opportunity get a great deal. Make sure you check the URL of any website you visit, check the accreditations of any companies you haven’t used before, and stay aware of fake emails and phishing attempts that want you to enter your details. Most of all, however, pay attention to any warning signs that may flag that this person or offer isn’t genuine and be prepared to walk away.