Black Friday is just a few weeks away, and online retailers are readying themselves to drop deals in an effort to encourage early bargain hunters to spend their hard-earned cash.
The online sales also provide a great opportunity for criminals to take advantage of people who are trying to save money during the cost-of-living crisis.
Technically, Black Friday doesn’t start till Friday, November 25. However, every year, retailers expand the season into October. In the past month, searches for ‘best Black Friday deals’ have shot up more than 400 per cent, prompting experts at VPNOverview to share the top scams to watch out for.
While most people are aware of the main tactics that cybercriminals use, their means are becoming more and more sophisticated, while potentially compromising your personal and financial information.
Speaking to VPNOverview, cybersecurity expert Christopher Bulvshtein shared key things to look out for ahead of Black Friday, including phishing, fake websites, dodgy browser extensions, and verification-code hijacking.
Here’s everything you need to know.
What cybersecurity scams are there to look out for before Black Friday 2022?
Phishing Attacks
Bulvshtein revealed that phishing is one of the oldest scams going and that the Anti-Phishing Working Group estimates that attacks have tripled from 2020 - 2021. In the first half of 2022, there have already been more than one million attacks.
He said: “Cybercriminals have become adept at perfectly timing and tailoring phishing emails or texts towards specific events throughout the year, including Black Friday.
“Expect to see emails from Amazon asking you to update your payment information, for example. You might also receive emails that look like a genuine delivery notification with pending delivery charges. It’s rare that these are real.”
In order to protect yourself from phishing, don’t click on links within emails. Instead, go directly to the company’s website if you suspect there’s an issue with your account
Verification code hijacking
Another common scam is when a malicious caller poses as your bank or another company with whom you hold an account.
In order to do this, they will tell you there’s a problem with your account and then say that they’re sending a text message to you, with a code in order to prove your identity.
By posing as an official company, the scammers put you on the spot, expecting you to prove who you are.
However, the realilty is that they are the criminals, and they already have your password.
If you hand over your code, you will allow them to process a payment, or log into your account with two-factor authentication.
Unfortunately, many companies now refuse to refund customers who willingly give out their security passwords.
In order to avoid this scam, be sure to use a password manager to create strong, secure, and unique passwords.
Also, set up two-factor authentication on your essential, high-risk accounts, such as bank, credit, and shopping websites.
Elsewhere, never engage with suspicious callers and, if in doubt, hang up before calling the company back from the number listed on the official website.
Malicious browser extensions
Another hack is malicious browser extensions which, at best, could change your browser settings and fill your inbox with spam or phishing emails.
At worst, they could install malware onto your device, compromising your accounts and online security.
Bulvshtein advises that you don’t install browser extensions that offer shopping discounts, unless you are certain they are safe.
Lesser-known websites
Another scam involves lesser-known websites, which might offer Black Friday deals, but aren’t necessarily legit. So it’s important to do your research before spending.
Websites such as Trustpilot offers social-media proof - but, if there’s little information, or bad reviews, then it’s better to look elsewhere.