Here we go again. Google warns most smartphone users have “experienced a scam in the past year,” and a staggering “23% report money stolen.” It’s about to get worse.
Last year, Black Friday threats surged an alarming 89% on the year before. And you can expect something similar over the next two weeks. “Scammers tend to increase fraudulent activity during major holiday and shopping periods,” Google warns, by exploiting heightened consumer demand and urgency.”
In its latest scam advisory, Google tells all users to “beware of ‘too good to be true’ deals, excessively low prices and large discounts that seem drastically cheaper than anywhere else.” They will almost certainly direct you to “fake online storefronts that appear as sponsored links and impersonate well-known brands.”
That means you must not shop on any websites accessed via links in emails or messages. Only shop on websites you’ve accessed directly or via a search engine with a normal not sponsored link. Check the URL. It should be simple and straightforward.
Google’s warning echoes the FBI’s evergreen advice. “Remember: If it seems too good to be true, that’s because it is.” Protect yourself. “Don’t click any suspicious links or attachments in emails, on websites, or on social media.”
The FBI warns these fake websites are designed to trick you into “giving up personal information like your name, password, and bank account number. In some cases, you may unknowingly download malware to your device.”
Shoppers must “second-guess unbelievable promotions,” 1Password told me. “If the offer seems too good to be true, it probably is. Make sure to look for telltale signs of phishing and look-a-like websites.” That means “hovering over hyperlinks for legitimate URLs, or keeping an eye out for poor grammar. Instead of automatically clicking on a link, you should always go directly to the retailer’s website to verify the promotion.”
Consumer Affairs has just issued a new warning for Black Friday shoppers saying the same. This scam industry is about stealing your data. A fake storefront is no different to a fake text message or email. It’s just a lure. It’s therefore critical that you “turn on two-factor authentication (2FA) and use strong passwords” when shopping online.
But a new report from NordPass warns the websites where we shop are not doing us any favors when it comes to our data security. “We analyzed the 1,000 most visited websites in the world and learned most don’t enforce even the simplest password requirements. This poses the question: Is password carelessness shaped by the system itself?”
NordPass says “70% of the world’s top sites still rely on traditional email/username logins; 39% offer single sign-on (SSO), and Google dominates — powering 9 out of 10 SSO options; and only 2% support modern passwordless technology like passkeys.”
In addition to avoiding any risk of fake websites, Google says “be wary of unexpected delivery texts or emails urging immediate action or demanding a fee. Use secure payment methods with buyer protection, such as a credit card, whenever possible.”
Put simply, if you stick to verifiable stores, ideally ones you have used before, and do not click any links, regardless of the promotion on offer, you’ll stay safe.