5 scams to watch out for this shopping season

Black Friday and Cyber Monday are just around the corner and scammers are gearing up to flood you with bogus offers

According to Adobe, consumers in the US are predicted to spend a staggering US$143.7 billion this shopping holiday season. Unsurprisingly, smartphones are expected to account for a significant part of the purchases made.

Shopping platforms will be dropping prices and offering deals aiming to unseat the competition. Far too often, what looks too good to be true will, in fact, be a scam designed to separate you from your hard-earned cash. For scammers ’tis the season to be jolly, since unaware shoppers are ripe to be ripped off. Honestly, if that shiny, new iPhone at half its regular price seems too cheap, it probably is. Here are some of the most common types of online shopping scams you should watch out for.

Scam ads

These are an evergreen classic not reserved just for the holidays. You can encounter them all year round, but during shopping holidays they come out in force. Fraudulent ads are usually spread through social media and unfortunately, involve hacked accounts. Usually clicking on such an ad will redirect you to a fraud site, which may be advertising fake goods. In the worst-case scenario, you might just download a malware payload to your device. Refrain from clicking on anything that seems even remotely suspicious and always check for signs of a scam, such as ridiculous prices, grammar mistakes or weird surveys.

Figure 1. Brazilian website promising to include you in a raffle if you fill out a survey

Fake websites

Fake websites come in many shapes and sizes, and during this part of the year con artists will try to leverage seasonal shopping. For example, it might appear that a reputable e-shop launched a separate domain to house its Black Friday or Cyber Monday offerings, but in fact, it’s just a scam. Or, you might just get hit with a homograph attack. It might sound like somebody is going to hit you in the face with a dictionary, but a homograph attack is what happens when adversaries register domains that are similar to the originals but use visually ambiguous characters. And, of course, these fake sites can often have their own, valid certificates that might further misdirect their victims.

Figure 2. An example of a fake website

Bogus gift cards and coupons

Apart from jaw-dropping discounts, coupons are a popular way to reel customers in. That makes it a popular method for bad actors to bamboozle you. If you get enticed by the fake coupon and click on it, an installer can be downloaded to your device, which might install a banking trojan. A similar case was uncovered recently involving fraudulent McDonald’s coupons. Coupons and gift cards are usually distributed through the official channels of the company such as an app, so it’s best to stick to those. Any unsolicited coupons should set your spidey sense tingling.

Figure 3. A fake gift card example

Illicit discount or coupon apps

Alternatively, instead of receiving coupons by email, you may stumble upon Black Friday- or Cyber Monday-themed apps that are likely to appear on unofficial app repositories. These will have the same aim as all the aforementioned scams: pray on your trust and entice you with the promise of a great deal. Your best course of action is to stick to Google Play or the App Store. Most retailers tend to have official apps, but imposters have been known to sneak past the sentries into the walled gardens of platforms’ storefronts. So always pay attention to the app’s description, negative reviews and the permissions it requests.

Phishing attacks

Phishing attacks are one of the most widespread scams out there. For example, a criminal might send you an email posing as Amazon and telling you that there was an issue with your order. To proceed they will ask you to provide your personal information that may include your credit card number and home address, which you shouldn’t do under any circumstances. If you ever receive such a message, use the official channels of the company to check if they did it. So, keep your eyes peeled for thematic promotional emails that may ask you to fill out your personal information to claim your ‘prize’.

Figure 4. Have you ever seen a Louis Vuitton bag at such a steep discount?

According to ESET telemetry, of all the Black Friday-related emails you will get in one day an average of 11% will be spam emails, which can very often be more than only annoying. These are just the statistics that were recorded a week before the Black Friday craze begins. So, be sure to read anything that piques your interest extra thoroughly and don’t let your guard down while you’re on the hunt for that perfect deal. Happy hunting!

28 Nov 2019 – 11:30AM

Latest Posts