This year’s Black Friday is expected to smash all previous records, with consumers set to spend an estimated $29 billion online over Thanksgiving weekend. All that money means cybercriminals will be busier than ever deploying malware to target both you and the online retailers you trust. Some hackers, like the ones who struck Macy’s last month, attack merchants’ websites directly. Many more scams, however, are designed to lure you away from legitimate sellers and steer you toward malicious sites or apps that often spoof familiar retailers like Amazon, Best Buy or Walmart.
For example, research from RiskIQ, a security company, said it identified almost 1,000 malicious apps using holiday-related terms, and over 6,000 apps using names and slogans from popular retailers to reel in unsuspecting victims. RiskIQ also said it found 65 malicious websites posing as popular retailers in an attempt to fool you into giving up your personal information.
Here’s how you can stay safe…
Look Out for Phishing
In a phishing scheme, the victim receives an email or text message directing them to enter payment information or other personal details on a fraudulent website, which is often designed to look just like a legitimate site.
A recent survey by cybersecurity company McAfee reports that 41% of Americans fell victim to email phishing schemes in 2019. Unsurprisingly, a similar number — 39% — reported that they don’t check email senders or retailer websites for authenticity.
To top it all off, 30% of respondents reporting losses of $500 or more just in the last year alone.
If the data from RiskIQ is any indication, expect a surge in messages claiming to be from Amazon, Best Buy, Walmart, Target or other large retailers over the next few months. If you receive an email asking you to update your payment method or requesting other personal information, contact the company’s help desk to make sure the email is legit before you do anything else.
- The sender’s email address looks almost right but contains extra characters or misspellings.
- Misspellings and/or bad grammar either in the subject line or anywhere in the message.
- Addresses you with generic terms (“Mr.” or “Ms.” or “Dear Customer”) instead of by name.
- The message warns that you need to take immediate action and asks you to click a link and enter personal details, especially payment information.
- The messages promise a refund, coupons or other freebies.
Protect Your Credit Card Information
Tim Mackey, principal security strategist for Synopsis, a digital security company, warns, “There isn’t an obvious way for the average person will be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.'”
Mackey suggests a few strategies consumers can use to protect themselves:
- Don’t save your credit card information on retail sites.
- If possible use a third-party payment method like Apple Pay, Google Wallet or PayPal.
- Enable purchase alerts on all your credit cards.
- Disable international purchases on all credit cards.
- Only make purchases from your home or cellular network, never on public Wi-Fi where your payment could be intercepted.
Check out more Black Friday Tips here:
Used with the permission of CNET.