Black Friday and Cyber Monday have been merging for years. This year, amid a global pandemic, the trend is likely to accelerate. With almost 1/3rd of historically in-store shoppers claiming they will only shop online this year[1], hackers and online fraudsters will assuredly be on the prowl. Here are some of the most common scams to watch out for and how to avoid them.
Popular Cyber Monday scams
Most of these cons aren’t exclusive to Cyber Monday, but the influx of online shoppers during the time period does magnify thieves’ efforts.
Phishing emails
‘Tis the season for shady emails. Since legitimate retailers send emails en masse during Cyber Week to advertise deals, many fraudulent phishing attempts slip through the cracks. These emails will look like they’re from an established brand but are really trying to trick you.
We recommend being suspicious of any brand emails sent during Cyber Week and checking the sender’s address to ensure it appears valid. Do not trust any address not instantly recognizable as being credible. Never click links or open attachments in these emails. Navigate to the brand’s website via your browser and see if the promotion is there too. If it is, make the transaction through the website rather than clicking any email links.
Fake social media offers
Even Black Friday and Cyber Monday deals have limits to their believability. Cybercriminals make fake social medial accounts to take advantage of consumers wanting the best bargains. These accounts will post up too-good-to-be-true offers with malicious links or bogus surveys with the promise of free rewards.
The easiest way to avoid these scams is not to get caught up in the fear of missing out on a once-in-a-lifetime deal. The truth is, most of these are ploys to infect your system or steal sensitive personal information. Don’t follow strange Twitter accounts shilling pie-in-the-sky promotions.
Formjacking
Also known as “e-skimming,” formjacking is an especially deceptive way to scam unsuspecting online shoppers. Here, the bad actor is able to inject malicious code into otherwise legitimate retail sites. The malware executes once the shopper enters their payment information. Then, the script scrapes the credit card information and transmits it back to the hacker.
Cyberthieves target third-party plugins on e-commerce websites to find vulnerabilities. This makes it difficult for retailers to spot the problem before it becomes a huge issue since it doesn’t even occur in their controlled system. Although smaller companies without the resources to staff large IT teams are most affected, large corporations are also not immune. For example, in 2018, online ticket vendor Ticketmaster suffered a formjacking incident that exposed customer’s personal information and payment data[2].
Preventing formjacking as a consumer is difficult, if not impossible. The website is legit, and there’s no signal that the payment form is compromised. Shop trusted sites you’ve ordered from previously and use a credit card instead of a debit card number, if possible. Typically, credit cards offer more comprehensive fraud coverage than debit cards. You won’t be liable for the vast majority of fraudulent credit card charges. Just remember to pay it off immediately!
Man-in-the-middle attacks
This is a cyberattack where the hacker compromises a network and inserts themselves between two other parties. The attacker can then intercept and alter the information relayed between these parties. A common example of a “man-in-the-middle” attack is when a threat actor gains control of a public WiFi access point. Everyone connecting to the public WiFi is then at the mercy of the cybercriminal. Hackers typically accomplish this in one of two ways:
Hacking the router. If the router used for a businesses’ WiFi is in a public area, or there is a nefarious employee, the router itself is susceptible to a hack. Small companies, such as local restaurants, usually lack sufficient IT personnel to prevent these breaches.
Setting up a fraudulent access point. Sometimes, the fraudsters don’t even have to hack anything. They simply set up their own unauthorized WiFi access point and name it deceptively. This tricks customers into connecting to harmful networks.
Companies should keep their routers out of public spaces and only allow trusted employees to deal with them. However, the best way to prevent these occurrences is for customers to refrain from using public WiFi altogether. Use your cellphone data whenever you can. Cellular networks are much more challenging to crack.
Counterfeit goods
Here’s a new twist on an old classic. Cyber Monday is a massive opportunity for counterfeiters to sell their inauthentic wares. In a bit of irony, counterfeiters may actually charge more for their fakes than usual while still making it look like a great sale to their victims. So, before you click the checkout button on that incredible deal from Gucci-Bag-Sales-4-You.com, think twice. Is the website reputable? If not, you should probably pass.
Check online to see if there are validated reviews for the site before you buy. If there’s even a hint of fake reviews, steer clear. Verify how long the company has been in business. One trick is to perform a WHOIS lookup on the domain. Copy and paste the web address into the WHOIS lookup box and hit the search icon. Then, search for the “Creation Date” attribute within the returned information. If the site was registered recently, that’s a major red flag.
Stay safe
Black Friday, Cyber Monday, and all of Cyber Week are fantastic times to save big on your favorite products. But you have to be safe and vigilant to prevent hacks, data breaches, and other scams. Please don’t get fooled by those looking to leverage other people’s greed to satisfy their own.
AXEL is passionate about data security. That’s why our motto is “Securing data at rest and in motion.” We are a company that’s always utilizing new technologies to offer more robust protection for your information. If you’d like to learn more about our philosophy and software solutions, such as our secure, privacy-focused file-sharing platform, AXEL Go, please visit AXEL.org today.
[1] Emily Eberhard, “How the pandemic may affect holiday shopping”, July 2020, Think With Google, https://www.thinkwithgoogle.com/consumer-insights/consumer-trends/pandemic-holiday-shopping/
[2] John Leyden, “Ticketmaster gatecrash: Gig revelers’ personal, payment info glimpsed by support site malware”, The Register, June 27, 2018, https://www.theregister.com/2018/06/27/ticketmaster_support_bot_hack/