If those Black Friday deals are too good to be true — it’s likely that they are.
The day after Thanksgiving is reserved for blockbuster sales, not scams, but on Black Friday, cybercrime runs rampant, from fraudulent websites to faux advertisements made to look like fan-favorite brands.
Fox News reports that 50% of online shoppers fall for scams each year, with 30% of cybercrime involving personal data or money occurring on Black Friday and another 11% happening on Cyber Monday.
“With the way it now seems like everyone is shopping online, reliance on digital platforms has handed these groups a wider attack surface than ever,” Cody Barrow, the CEO of cyber defense company EclecticIQ, told CBS News. “Unfortunately, it’s likely we’ll see its impact stretch into next week.”
EclecticIQ recently released a report that found thousands of counterfeit websites using a fake “Trusted Store” badge in an attempt to steal financial information.
Sometimes, the fraudulent sites will look eerily similar to those of popular brands offering can’t-miss deals on products. Other times, the criminals fabricate ads that appear to be for Wayfair or IKEA, for example, and then plaster them on social media and other sites.
Duped customers likely are not aware they have been scammed until they never receive their order from the faux websites, which proliferate at this time of year.
“It’s very easy to create a fake e-shop that looks really realistic. The look and feel is amazing. You won’t be able to spot it really easily. So even us, sometimes we struggle to figure out if something is real or not,” Leyla Blige, of Norton’s Scam Research Labs, told Fox News.
“You have to think twice with scams because they’re really complicated and sophisticated now, especially with AI. Things are becoming much more powerful.”
As businesses gear up to smash previous Black Friday records this year, experts are offering tips to keep your finances and personal data safe from cybercriminals.
In addition to securing accounts as you normally would, Blige advises to never trust deals that are “too good to be true.”
“If something is sold for, let’s say, $100, you’re not going to get it for $10,” she explained. “So it’s not you’re never going to have [a] 90% decrease discount, but typically, you get these kind of crazy discounts on such websites.”
Discrepancies on the same website are also a red flag. Sometimes, fraudulent sites will advertise on their home page that they take all kinds of payments, but when customers check out, the site will only take payment by PayPal or a gift card “because it’s difficult for us to trace,” Blige said.
“If you see these kinds of inconsistencies between the first page and the last page, you have to be very careful,” she added.
Keep your eyes peeled for unusual URLs when being redirected to websites, double-check that the webpage you’re visiting is legitimate — and be sure to read reviews.
“You might want to be really careful and cross-check with third-party organizations that are actually kind of providing reviews about our organizations,” Bilge advised. “We actually have an AI-powered chatbot, which we call Norton Genie, that a user can easily just cross-check.”
On sites like Reddit, there are forums to double-check with fellow shoppers about potential scams, and a simple search on the internet will likely expose fake sites, too, Blige said. Additionally, URLs that begin with “https” are secure, while those beginning with “http” do not have a secure connection.
Smishing — a version of texting scams in which criminals send text blasts mimicking businesses to dupe recipients into turning over sensitive information — is also a danger during the holidays.
“They will tell you there is a problem with your payment, or you have to make an additional payment so they can actually steal your money,” Bilge explained. “Or they could try to actually compromise some personal information so they can use it for a different type of attack that can happen later on.”
She recommended double-checking the email address or phone number of the sender, noting that it will “be some random characters” or email address, “which is really suspicious.”
As a rule of thumb, don’t click links from unknown senders.
“You will never get that email from Amazon or UPS with an email like that,” she warned.