With Black Friday and Cyber Monday in sight, and the holiday season jingling around the corner, you’re probably eager to score some great deals. But so are the cybercriminals revving up their engines to snatch your credit card numbers.
We’ve grown used to scammers trying to trick us every day. In fact, according to a recent Bitdefender survey, 61% of users interviewed experienced at least one form of cyber threat in the past year, most commonly mobile phone scams and phishing. However, criminals are constantly improving their game. Malicious tools used in attacks are being sold as a service on the dark web, threat groups have dropped the old Google Translated phishing attempts in favor of targeted spear-phishing attacks, and COVID-19 is leveraged in social engineering schemes.
To the crooks’ advantage, due to the pandemic, online shopping is once again expected to soar, even more than last year when shoppers spent a whopping $9 billion on Black Friday, an increase of 21.6% from 2019. Furthermore, 74% of people use their mobile phone for all online activities, which makes them less attentive and more vulnerable. On top of all that, the ongoing chip crisis some has turned some electronics, like game consoles, into highly sought-after products that can easily be used as bait.
But all is not lost, and you can still enjoy a safe shopping session by looking out for these common scams:
The retailer scam.
You’ll receive an urgent message from a large retailer, like Amazon, Best Buy or Walmart, informing you of a security problem with your account or that a large sum was spent on an order you don’t remember making. In both cases you’re asked to take immediate action by clicking a link in the message and logging in with your credentials. The only problem is the site you’re led to is a clone of the original site, made by criminals to steal your username, password and card details.
How to avoid it: Always double check the e-mail sender. If it’s a scam it probably has nothing to do with the genuine company. Contact the retailer independently if you have any doubts a message is real. Don’t click on links in the email, instead type the website URL yourself in a separate browser window and log in the way you usually do. Look out for misspelled words or grammar mistakes. Activate Multi Factor Authentication on all your accounts.
The delivery scam.
You’ll receive an e-mail or SMS message informing you a package delivery you don’t remember was cancelled, a delivery attempt was made but no one was home, or a package is being sent back because of a problem. Once again you are invited to click a link that either downloads data-stealing malware on your phone, or takes you to a fake company site, and then asked to type in your personal data and card details.
How to avoid it: Keep track of your deliveries and be suspicious of products you don’t remember ordering. Even if the message seems urgent, refrain from clicking on suspicious links received via SMS. Instead, open the delivery company website independently, or contact the company directly. Have a security solution installed on your phone.
The ‘too good to be true’ offer.
People tend to change their shopping behavior and be less cautious when looking for deals on Black Friday, especially when they find the product they were looking for – at an 80% discount. However, like most things on the Internet, if an offer seems too good to be true, it probably is, and the website you’re on might be a scam designed to take your money and never deliver the goods you’ve paid for.
How to avoid it: If you plan to buy from a website you’ve never used before, always check to see if it has contact details and customer support. Search the website on Google and see what other customers think of it. Check for independent reviews. If all is well, but you’re still having doubts, don’t use your main credit card. Choose to pay on delivery, or use a virtual disposable card. Remember, all retailers want to profit and some offers are too good to be legit.
The bank scam.
You receive an urgent phone call regarding a problem with your bank account, and a “bank employee” kindly asks you for your online banking credentials, your credit card PIN. You’re asked to participate in an “internal bank investigation” or to transfer a sum of money to a “safe” account. If any of these things happen to you, contact your bank independently and alert the local authorities immediately.
How to avoid it: Don’t give your card details to anyone for any reason. Bank employees will never ask you for your credentials or card PIN number. If you suspect there’s a problem with your bank account, contact them independently.
The online card skimming scam.
In the old days, criminals would install physical devices on ATM machines to skim cards. Nowadays they don’t have to. It’s enough to find a vulnerable online shop and inject malware into its server. The malicious program then records the data of all cards used for payment and sends it to the attacker.
How to avoid it: As a buyer it’s impossible to tell if a website has a card skimmer installed. The best you can do is stick to reputable websites that you trust, don’t save your credit card information on any website and pay using a virtual disposable card or a third-party service like PayPal or Apple Pay.
The website impersonation scam.
Because we’re often in a hurry, or we’re using a phone keyboard, it’s very easy to make a mistake when typing the name of a legitimate website. Scammers know this, so they buy similar domains and put up fake websites that look real but install malware on your device or steal your personal information and card information.
How to avoid it: Always check if you’re on the right website. If something looks out of place, if there’s typos, grammar mistakes or the logo looks strange, don’t enter any personal information, and type the address again, or search it on Google, making sure you have the right name.
General tips and tricks to avoid scammers:
Don’t fall for urgent messages that urge you to act now, whether they’re from a bank, a retailer or a delivery company. Always double check independently.
- Don’t give your card information to anyone.
- Double check that the website you’re on is the real deal.
- Protect your accounts using multi-factor authentication.
- Don’t use your main credit card on “new” sites. Use a virtual disposable card or a third-party payment solution.
- Don’t save your card details on sites you don’t trust.
- Watch out for offers that seem too good to be true.
Take care of your devices with our extended 90-day Bitdefender Total Security trial, and experience the best-in-class protection for Windows, Mac, Android and iOS. Our web protection feature ensures safe browsing and shopping experience blocking any malicious content (URLs, untrusted websites, fraudulent webpages and phishing links), notifying you about the potential dangers of accessing unfamiliar links. Moreover, the dedicated secure browser (Bitdefender Safepay) brings an extra layer of security with a built-in VPN designed to keep your banking, e-shopping and online transactions secure and private.