Black Friday sales are the perfect breeding ground for threat actors lurking to exploit excited shoppers. They trick innocent and less tech-savvy people into buying from fake e-commerce websites or sharing login credentials, credit card details, contact details, etc.
As per a report, one in three Americans have fallen victim to online holiday scams, with 58% of those losing money and nearly 1 in 10 losing over $1,000. Scammers exploit trusted brands and flood inboxes with fake deals, while McAfee reported blocking over 81,000 malicious links in just the first month of the 2023 holiday shopping season.
The rise of AI-powered scams has heightened concerns, with 3 in 5 Americans expressing increased worry. Notably, over 1 in 5 people—and 1 in 3 aged 18–34—have been targeted by scams involving AI-generated celebrity endorsements.
Black Friday in 2024 is almost here, and let’s all work together to reduce the number of incidents this year. As threat actors become more sophisticated with their techniques, spotting red flags is getting tougher. However, with our vigilance, it’s still possible to prevent holiday shopping scams.
Phishing emails and social media scams
Black Friday is the time for massive discounts and a shopping frenzy. Here is a detailed breakdown of how scammers trick you into falling for fake jaw-dropping deals.
Fake discount offers and flash sale alerts
Cybercriminals send luring emails impersonating popular brands. They give you big, bogus discounts or offer exclusive deals that are too good to be true (literally). These emails usually have subject lines like ‘Exclusive Black Friday Deal Just for You!’ or ‘75% Off Today Only!’ The emails include links to fake websites designed to steal credit card details, obtain login credentials, or make you pay for a product that you will never receive.
Gift card scams
Attackers create and send emails that look like they have come from trusted retailers like Amazon, Walmart, Target, etc. These emails are designed with the utmost care to mimic legitimate communication and include official logos and branding, professional-sounding subject lines such as ‘Congratulations! You’ve Won a $500 Amazon Gift Card,’ and sender addresses that appear genuine at first glance but may have slight variations (e.g., promo@amaz0n-giftcard.com).
Through such emails, they manipulate you into clicking on the provided link or completing a survey to redeem the gift card. Such links lead to phishing pages designed to steal personal information, such as full name, address, phone number, credit card details (under the guise of a ‘small verification fee’), or online account credentials for the spoofed retailer.
Tech support refund scam
Tech support scams take advantage of the busy online shopping and increased internet use during Black Friday. Scammers pretend to offer technical help, using fear and urgency to trick people into acting quickly without checking if the help is real.
Malicious actors make the initial contact through pop-ups on websites, phishing emails, search engine ads, or cold calls. Threat actors communicate to claim your device is infected with malware or has encountered a security breach. Upon reaching out to the fake tech support team, the victims are instructed to download remote access software (like AnyDesk or TeamViewer) under the pretense of ‘resolving’ the ‘issue.’
Once remote access is granted, scammers plant malware or ransomware, extract sensitive data like banking credentials or personal files, or push for immediate payments for unnecessary ‘repairs’ or ‘security upgrades.’
Tech support scams usually target less tech-savvy individuals, and older adults are among their favorites for obvious reasons.
Fake charities
Black Friday isn’t just a shopping frenzy; it’s also when many people start donating to charities in the holiday spirit. Scammers exploit this generosity with fake charity scams, stealing money meant to help those in need.
Scammers set up websites, social media profiles, or email campaigns that look like legitimate charities. They may use names similar to well-known charities (e.g., the Red Cross Foundation instead of the Red Cross). To appear credible, they even use logos, photos, and professional designs. They contact targets through phone calls, text messages, social media ads and posts, and emails to share heartbreaking stories to persuade them to donate.
They usually request payment via methods that are hard to trace, such as bank transfers, gift cards, cryptocurrency, etc. You may even receive fake donation receipts once you make the payment.
Spot and avoid Black Friday scams in 2024
- Always check website URLs for accuracy. Avoid clicking on links in unsolicited emails or ads.
- Stick to well-known retailers and ensure the site has a secure connection (look for HTTPS).
- If a deal seems too good to be true, it likely is.
- Add an extra layer of security to your online accounts.
- Contact the retailer directly to confirm any gift card promotion. Avoid clicking on links or QR codes in unsolicited emails or messages.
- Delete emails or messages about winning gift cards if you haven’t participated in a legitimate contest or promotion.
- Never allow someone you don’t trust to access your device remotely.
- Keep your antivirus and anti-malware programs up to date.
- Stick to credit cards or official donation platforms; don’t use gift cards, cryptocurrency, or wire transfers.
- Verify crowdfunding campaigns and donation links before contributing.
To spot and avoid Black Friday scams in 2024, ensure email senders are authenticated with SPF, DMARC, and DKIM protocols, and rely on robust email security solutions to filter out phishing attempts.