With Black Friday now here, it is clear that the dangers facing online shoppers are greater than ever. The latest reports suggest scam websites have surged 89% over last year, and almost 80% of shopping offers hitting inboxes are fraudulent. We have even seen Google search results poisoned to send traffic to dangerous websites.
Little surprise then that the FBI has released a new warning for online shoppers, setting out the sellers that must be avoided on Black Friday, Cyber Monday and throughout the holiday season. For all users of Chrome, Safari and Edge, which control 95% of the US browser market, this is a must-have checklist to stay safe.
The FBI’s advice on which sellers to avoid comes down to seven key points, think of this as your online safety check during the holiday season—don’t take any risks:
- Don’t buy from websites until you’ve carefully checked the URL to ensure “it’s legitimate and secure.” Websites should have the telltale secure connection padlock in the address bar and https at the beginning of the full address. If the website is not secure to the URL is not obviously right, move on.
- Do not buy from a seller for the first time until you’ve done some research and checked any available online reviews. Remember, reviews can be faked as well, so don’t gloss over the first you find.
- If you’re using an auction site or similar marketplace, “be wary of sellers with mostly unfavorable feedback ratings or no ratings at all.” You want sellers with a large numbers of completed transactions and favorable reviews.
- Don’t buy from sellers “who act as authorized dealers or factory reps of popular items in countries where there would be no such deals.” This is a well-known scam whereby these shopfronts take orders and rarely ship goods, and those they do ship are usually counterfeit.
- Also beware of any sellers “who post an auction or advertisement as if they reside in the U.S. but then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.” Again, this is a typical scam whereby the seller will offer a plausible excuse for having an overseas address or phone number. Move on.
- Don’t buy from sellers who specify unusual shipping arrangements or who offer to bypass customs checks or fees, similarly don’t buy from sellers you don’t know who request direct money transfers. Always use a credit card which brings additional checks and protection.
- Don’t pay for items you buy with pre-paid gift cards. As the FBI explains, “in these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item.”
According to the cyber research team at Check Point, “cyber criminals are putting in overtime—with Black Friday and Cyber Monday approaching, threat actors are poised to take advantage of consumers hoping to shop the yearly discounts.” The team warns that this year’s “surge in websites related to Black Friday is 89% higher than the surge in the same period last year… Nearly all of these sites impersonate well-known brands, and almost none are classified ‘safe’.”
Check Point offers a similar five-point checklist to the FBI’s:
- “Check URLs closely for misspellings or unusual host domains.
- Make sure the url starts with “https:// and shows a padlock icon.
- When emails come in, reference the sender against emails you know to be real. Don’t click anything you’re not sure about.
- Don’t blindly click through on QR codes.
- Never input unnecessary details like your social security number, and avoid inputting extra info like your birthday where it’s not required.”
The added focus on phishing is critical. This holiday season, Bitdefender warns that “cybercriminals have wasted no time trying to capitalize on the frenzy,” with an incredible 3 out of every 4 Black Friday themed marketing “spam” emails now actually a scam, intended to defraud you of your money or even install malware on your device to steal your credentials or your data.
This year, we have seen a deluge of AI-crafted phishing lures, which make mimicking a popular, trusted brand all too easy. And these enticing, time-sensitive offers can be pumped out to email addresses on an industrial scale.
“Remember,” the FBI warns, “if it seems too good to be true, that’s because it is.”
