The holiday shopping season is routinely a time of increased cybercrime as people scramble to attempt to get gifts for friends and family. While supply chain issues and the ongoing pandemic may cause this year to seem different, the only thing that changes eyes of cyber criminals is an increase in targets for them. This is why this year, and every year, shopping online will require heightened security awareness.
The National Retail Federation expects to see an 8.5 to 10% increase in shopping revenue this year from last year’s $777.3 Billion. Of that increase, approximately $226.2 Billion of that will be driven by online sales alone. With that much of an increase over last year, researchers have already begun to discover thousands of fake URLs using the words “Black Friday” and promising huge discounts with links to malicious web pages
What are Scam websites?
Black Friday scams sites are bogus sites offering high-end retail items with huge discounts. Many times, these are simply knock-off items and you end up wasting your money, however these sites can also lure unsuspecting victims to a malicious websites that not only steals your money but also your credit card and personally identifiable information, to be used at later dates for even more profit.
These scams sites come in the form of either links on social media outlets or phishing emails disguised as the well known, trusted brands in question, knowing that people are looking for good deals and the ability to score highly sought after gifts.
An example is this “Milwaukee tools” website www.milwauketools.shop,. Once shoppers clicked, they were directed to a fraudulent, authentic-looking page that included user reviews and amazing deals on tool combo sets.
A few things stick out on this page alone including the misspelling of the company name both on the website and in the URL. Likewise, if you did a bit of research you would find a few other red flags. First, the fake website itself was registered in October of 2021 and the second tool combo kit that is offered by the scammers for $99.00 is offered by the real Milwaukee Tools for just over $1000!
Another tactic is to utilize URL shortening. On social media, cyber thieves use “URL shortening” services to disguise phishing URLs. As a result, a very short URL can be used to redirect visitors to a longer “hidden” URL On Twitter the process looks like this:
The process for this is similar in Facebook as well. Like their phishing email counterpart, these scam sites offer absurd discounts or access to highly sought-after gifts like the PS5 or Occulus VR system.
Helpful tips to avoid scams:
First and foremost, if the deal looks or sounds too good to be true…. It probably is. In addition to being wary of deals, always do your due diligence on the sites as well. Below are a few tips on how to recognize a counterfeit site should you stumble upon one.
- The domain names have only been registered for a few days to a few months
- All sites are registered with the same registrar
- They use. TOP and. SHOP top-level domains (.com is also common)
- They use stolen imagery
- They contain numerous grammatical errors and inconsistencies in statements.
- Social media buttons do not resolve anywhere or go to accounts that either do not exist or have been deleted
- In the case of shortened URLs hover over the link provided to see if a different name comes up
When in doubt always use a search for the actual company website or legitimate retailer in the case of tools to see what is being offered there or even if the products being offered are not retired.
Free Wi-Fi is never FREE
We have said this many times before, but it always bears repeating. Whenever possible DO NOT USE free Wi-Fi. This is especially true when online shopping. While hackers and criminals are always looking for ways to gain access to your computer simply to steal data. Using Free Wi-Fi and actively entering in credit card information or PII is making their task far too easy.
So while it might seem like a good idea to multi-task and do some quick shopping on amazon while waiting on your peppermint latte in Starbucks. Please save your shopping for when you get to a secure network.
How Can Summit help
Always be wary of emails this time of year and be hesitant to click on any links until you can verify their authenticity. Utilizing a Security Awareness Training Service will help you learn more tools and tips, to help outsmart the cyber crooks. The Summit Security Awareness Service goes beyond training to make security awareness an embedded habit. If you would like to learn more about establishing Security Awareness Training for you and your employees give us a call today – and of course, have a happy and safe holiday season!