General recommendations for black friday and shopping holidays

The peak shopping season has already kicked off with Cyber Monday, next in line comes Black Friday and then we’re all in the run-up to Christmas. Brands are faced with an enormous challenge during this period as cybercriminals ramp up their operations to capitalize on the opportunities presented by the increase in online shopping and marketing emails.

Knowing how to navigate the digital world rampant with fraud is, to say the least, tricky as a consumer with over 70M people falling victim to cybercrimes yearly. Below are some terms to familiarize yourself with to increase your awareness and ensure you don’t fall prey to fraudsters.

Phishing – Phishing is a cybercrime-related activity that aims to steal your money, identity, or other sensitive information by tricking you into providing this information. This can be done by impersonating a well-known brand in email or text channels or by creating websites that look exactly like the brand itself. In December 2021, 300,000 phishing scams were recorded which is most likely only a fraction of the real number.

You as the consumer need to remain vigilant, being wary is fundamentally a good thing. If something feels off in an email, or a website – don’t interact with its contents or provide any information.

Spoofing – Most used in the email channel is when someone pretends to be a well-known brand and uses their OWN domain to send you a message. An easy way to double-check is to hit the reply address and see if the “reply to” address changes, if so, be very cautious.

E-Skimming – Most of us know skimming and it’s not a far stretch of the imagination to think that this can take place online as well, and it does. Cybercriminals can drive customers to a domain controlled by them, that looks and feels like a legitimate checkout page or websites/payment platforms that have been compromised with malicious code. They then steal sensitive payment information during the transaction. Sometimes it’s impossible to know you’re interacting with a compromised website. A good starting point is not ignoring any warnings given to you by the browser before you enter or whilst on the website.

Social Media Ads – One of the most common places to drive traffic to sites used for nefarious purposes is social media ads, as consumers are less aware of the domain and entity behind the ad and more focused on the product being advertised. The awareness of how social media is used for the sale of counterfeit products or non-delivery scams remains low. Which makes it a great addition to the fraudster’s toolbox.

It’s important for consumers to always double-check if the ad leads to an official sales channel of the brand they’re intending to purchase from and if a “deal” seems too good to be true, it probably is just that.

What can I do to protect myself:

  1. Always double-check the domain, is it exactly what you expect it to be, or does it contain misspellings, additional words, or replacement of characters like a 1 (one) instead of an l (L)? This is usually a very good indicator of if something is wrong. This is applicable both when receiving emails as well as when browsing the web.
  2. Shop through official sales channels – these can usually be found listed if you go to a brand’s main website.
  3. Listen to website warnings from your browser, if they give any information about a website lacking appropriate encryption or being compromised, do not proceed.
  4. Enable notifications for all card transactions to your phone or email, if you’re payment card details have leaked you want to be informed as soon as possible.
  5. Check the “Reply-To” address. If it’s different from where you received the email, be cautious.

You as the consumer need to remain vigilant and realistic, if something doesn’t feel right, if a price is too low, if a domain name seems strange or if an email has misspellings, don’t continue your interaction with it.