Black Friday scams – don’t get fleeced

Year after year, Black Friday proves itself to be one of the most lucrative days for retailers – shoppers are expected to spend £10.4bn this year, according to retail analysts at Global Data.

Many large stores are already launching their best Black Friday deals in the run up to the big day on 29th November, although Techradar report that this year, thanks to Amazon, Black Friday deals are now starting 22nd November. This is good news for cyber criminals, who view shoppers as ‘prime pickings’ as they rush to snap up deals. The good news for us, is that the National Cyber Security Centre (NCSC) are giving away advice for free!

What should we be wary of?

Phishing emails

Cyber criminals have a field day because they know your guard is a little lower as you rush to bag the bargains, said Kate Sinnott, the NCSC’s Head of Public Engagement. She added:

“Your inbox is probably full of promotional emails promising the most incredible deals, and when this is the norm, it becomes hard to differentiate real bargains from the dodgy ones.”

Clicking on links within the email could direct you to a bogus website that was built to capture your personal information.

Bogus mobile apps

RiskIQ warned last week that criminals are seeking to cash in on the annual shopping bonanza by making fraudulent mobile apps using the brand names of leading retailers, and also reported that the number of blacklisted apps saw a 20% increase in the second quarter of 2019. The fake apps are designed to fool people into sharing their passwords or credit card details, and Black Friday deals provide a potentially lucrative opportunity for Cyber Criminals. Without due diligence, you could be enabling a hacker to access your emails, contacts, pictures or track you by storing your location data.

What can you do?

Before entering payment or other personal details, look for visual cues indicating security, such as the URL beginning with https:// as opposed to http:// and/or the address bar turning green. This is an immediate indicator that the session is secure and that the site is using encryption to protect your personal data, and is therefore not visible to hackers.

You should also look for the padlock symbol that appears before the website URL in the address bar. Clicking on the padlock will provide you with verification that the server you’re connected to is encrypted. A link to the organisation’s SSL Certificate can be viewed via this pop-up should you require further verification.

The National Cyber Security Centre recommend the following seven seasonal tips to help protect you and your family from the majority of scams:

  1. Stay up-to-date – make sure you install the latest software and app updates. This falls into the ‘boring but important’ category but it can help protect you against identify theft.
  2. Use strong passwords – particularly on important accounts.
  3. Turn on two-factor authentication (2FA) – this ensures that any cyber criminals in possession of your password still can’t access your account.
  4. Use a password manager – remembering multiple passwords is difficult, so make use of password managers. As long as your device is up to date and you’re not sharing it with anyone else, then it is safe to use them.
  5. Take care with links in emails and texts – Once you start shopping, stay alert. Not all links are bad, but its good practice to check by typing the shop’s website address into the address bar of your browser manually, or find the website through your search engine.
  6. Don’t give away too much information – only fill out mandatory fields on forms. If you can avoid it, don’t create an account on a new site unless you’re going to use it a lot in the future – you can usually check out as a guest to make your purchase.
  7. When things don’t feel right… close the browser and report the details to Action Fraud.

We also recommend a few additional precautions:

  • You could also use a VPN – this encrypts your traffic so even if someone manages to eavesdrop, they’ll just intercept a bunch of encrypted data. VPNs can turn Wi-Fi into secured private connections.
  • Use Debit/Credit Cards / Paypal as opposed to direct money transfers.
  • Get your accounts in order, make sure delivery and billing details are up to date.
  • Make a shopping / wish list, to help keep you focussed on what you need. This should help you resist some of the ‘deals’ designed to tempt you off-course.

When you have finished shopping, keep an eye on your bank account and remain vigilant, watching for any activity that you’re not expecting. Contact your bank immediately if there is anything on your account that you don’t recognise.

Now that you’re armed, safely go and bag yourself some great Black Friday bargains!