Man
Professional
- Messages
- 3,222
- Reaction score
- 807
- Points
- 113
An article for those who like to shop during Black Friday and Cyber Monday — global sales that start all over the world in November. And also for advertisers and business owners. Perhaps scammers have already set their traps for you.
Even if Black Friday and Cyber Monday attackers do not directly affect businesses, they can indirectly impact their revenue and income, advertising effectiveness, website traffic, advertising budget, and can even involve the company in illegal activities.
Therefore, it is very important for both buyers and business owners to know what tricks scammers use to deceive their victims.
Contents
1. About Black Friday Scams
2. 7 Types of Scams During Black Friday and Cyber Monday
2.1. 1. Fake sites
2.2. 2. Fraud with undelivered goods
2.3. 3. Verification Code Fraud
2.4. 4. Gift Card Scams
2.5. 5. Browser extensions
2.6. 6. Payment fraud
2.7. 7. Advertising fraud
If you look at the problem superficially, it is mainly inattentive buyers who suffer from online fraud. However, if you dig deeper, businesses often get caught in the crossfire as well.
For example, online criminals can steal a real person's bank card details and use them to pay for something online. Or they can fake a well-known brand's website and ruin its reputation.
Most often, fraudsters attract Internet users to their clone sites by sending spam via email. In addition to resources, they also forge their letters - they create an identical design.
Then Black Friday comes into play, which has its own psychological effect on buyers. They see low prices and discounts, are tempted by the sale, but do not pay attention to the fact that the site is fake. The content, pages, structure of the resource are completely identical to their originals.
What to look out for:
In this case, buyers order goods at a very, very low price (usually during Black Friday or Cyber Monday) from a clone site. However, they will not receive a tracking number or the goods themselves.
As a result, such illegal actions can undermine the reputation of the official brand. Fraudsters earn money on the name of a popular resource and on stealing money from inattentive users.
Of course, the buyer will never receive their order, the online store will be compromised, and the scammers will make money on this. In the future, you can read a lot about yourself on some review sites - the same Yandex.Maps.
What can be done:
In this case, the scammers already know your login and password for your personal account, and they just lack the confirmation code to make online purchases. That's why banks and retail stores usually remind customers not to tell anyone their codes. A bank or store will never call and ask for a code.
What can be done:
This type of fraud is effective due to the prevalence and availability of gift cards. Here is a fraudulent store offering to buy a gift card, here you buy it, give the fraudsters your payment details and other personal information, and all the money from your card has disappeared.
In addition, fraudsters are capable of hacking the database of an online store with gift cards. They do not need to create something of their own when there is already a ready-made and real one. All you need to know is the activation code. These codes are collected from databases by special bots or other malicious programs. There are frequent cases of phishing attacks on company employees who have information and the appropriate access.
According to experts from ESET, certificates are a hot commodity on shadow hacker platforms. For example, in 2021, cybersecurity specialists stopped a deal to sell 900 thousand gift certificates. The total value of all the cards was $38 million. The attackers stole gift certificates from the American online store Cardpool.
How buyers can protect themselves:
How shop owners can protect themselves:
However, fraudsters also use this tool and look for victims among those Internet users who are looking for promotions or special offers. Therefore, they develop fraudulent browser extensions with malicious code and compromise or forge user data.
What can be done:
For the store, this will mean one thing: the real owner of the card from which the purchase was made will, in any case, dispute it and will be able to return the illegally spent funds through the bank (if the card owner contacted the bank no later than one day after receiving notification of the illegal transaction, this is worth remembering). The business will lose the goods that have already been shipped.
Additionally, attackers can use bots to hack into a store's regular customer database, a fraudulent technique called account takeover.
This is if we talk about the store and the damage to it. And what should buyers do? How else do they become victims of fraudsters? For example, they may receive a message/call that the payment for the order they just made did not go through, so it will be canceled.
To do this, the scammers contact the victim, intimidating them with the lack of payment or demanding an update of payment information. They may introduce themselves as the bank that services the card and ask to confirm a certain transaction by sending codes, etc.
Fraudsters, as a rule, create an effect of urgency. Right now, you need to fix the situation before someone steals your money!! And the bank's security service is on the alert! And in general, the consequences will be simply terrible.
What can be done and how to protect yourself:
And since advertisers often spend more on contextual advertising and social media marketing during holidays and weekends, this means that fraudsters make even more money from click fraud.
Blocking fraudulent bot clicks on Black Friday is the main goal that advertisers should pursue in order not to waste their budgets.
What can be done:
Even if Black Friday and Cyber Monday attackers do not directly affect businesses, they can indirectly impact their revenue and income, advertising effectiveness, website traffic, advertising budget, and can even involve the company in illegal activities.
Therefore, it is very important for both buyers and business owners to know what tricks scammers use to deceive their victims.
Contents
1. About Black Friday Scams
2. 7 Types of Scams During Black Friday and Cyber Monday
2.1. 1. Fake sites
2.2. 2. Fraud with undelivered goods
2.3. 3. Verification Code Fraud
2.4. 4. Gift Card Scams
2.5. 5. Browser extensions
2.6. 6. Payment fraud
2.7. 7. Advertising fraud
About Black Friday Scams
Fraudsters are capable of many things, including skillfully concealing their fraudulent activity. The large flow of transactions during holiday weekends, Black Friday and Cyber Monday helps them in this and hides most of the fraudulent activities. Thanks to it, fraudsters steal buyers' money, steal bank card data, personal data and even access to social media accounts.If you look at the problem superficially, it is mainly inattentive buyers who suffer from online fraud. However, if you dig deeper, businesses often get caught in the crossfire as well.
For example, online criminals can steal a real person's bank card details and use them to pay for something online. Or they can fake a well-known brand's website and ruin its reputation.
7 Types of Scams During Black Friday and Cyber Monday
Fraudsters use a variety of schemes to deceive companies and buyers, we will tell you about seven of them. Here is what you can encounter during global sales.1. Fake websites
Fake (phishing) sites are a fairly simple Internet fraud scheme. Attackers create a clone of some real large resource, for example AliExpress. When a user makes a purchase on such a site, he accidentally reveals his bank and personal data.Most often, fraudsters attract Internet users to their clone sites by sending spam via email. In addition to resources, they also forge their letters - they create an identical design.
Then Black Friday comes into play, which has its own psychological effect on buyers. They see low prices and discounts, are tempted by the sale, but do not pay attention to the fact that the site is fake. The content, pages, structure of the resource are completely identical to their originals.
What to look out for:
- Don't rush into expensive products with too low a price. No seller will work at a loss. Especially if we are talking about expensive equipment. The desire to get a product at an unrealistic price can lead you to a fraudulent site.
- When visiting a website, pay attention to its address (URL). It may differ from the original by just one letter or an additional symbol.
- Pay attention to the correct display of blocks on the site. Fraudsters are capable of many things, but still make mistakes. When quickly cloning sites, the structure and design may be violated.
- Take a closer look at the grammar of the texts on the site. On the original sites of famous online stores and brands, entire content departments work with editing and proofreading of texts.
2. Undelivered goods fraud
Undelivered goods and fake orders scams work using phishing methods such as sending bulk SMS or email with a malicious link. This type of fraud can seriously affect a business, especially when it involves spoofing an online store.In this case, buyers order goods at a very, very low price (usually during Black Friday or Cyber Monday) from a clone site. However, they will not receive a tracking number or the goods themselves.
As a result, such illegal actions can undermine the reputation of the official brand. Fraudsters earn money on the name of a popular resource and on stealing money from inattentive users.
Of course, the buyer will never receive their order, the online store will be compromised, and the scammers will make money on this. In the future, you can read a lot about yourself on some review sites - the same Yandex.Maps.
What can be done:
- The same as we wrote in the previous point. Check the store address. Phishing sites are 100% similar to the original, and the resource address can be 95% the same and differ by only a couple of characters.
- It is important to evaluate the cost of the product and the discount on it. If the offer is too attractive, then either the price was inflated before the start of the sales and then dropped, or this is a fraudulent resource in principle.
- Pay attention to suspicious links in the email. Internet scammers will do anything to make you click on a malicious link.
- If you receive a message that contains a suspicious link, make sure it does not lead to a fraudulent resource. Do not click on it immediately under any circumstances. Check the sender's details. You can check the contacts on Yandex.Maps, for example, or in specialized directories.
- The link may download some malware to your device or redirect you to a fraudulent resource where you may accidentally reveal your personal and banking data, passwords and other information. This could be an email, text message or an ad on social networks.
- If the letter ended up in the Spam folder, that's probably where it belongs.
3. Verification code fraud
Multifactor authentication on the site has practically cut off scammers from the possibility of hacking accounts. However, this method of protection can be bypassed, as scammers show. They simply send a phishing letter via SMS or email, in which they pretend to be the bank that services the victim's card, or a large retail store or marketplace, in which they ask to follow a link and enter a verification code to complete the purchase.In this case, the scammers already know your login and password for your personal account, and they just lack the confirmation code to make online purchases. That's why banks and retail stores usually remind customers not to tell anyone their codes. A bank or store will never call and ask for a code.
What can be done:
- Only enter the verification code directly on the login page of a system you know and trust.
- Remember: Do not click on a link until you verify its authenticity.
4. Gift Card Scams
During holidays and sales, scammers who specialize in gift certificates become more active. Fraudsters promise their victims a significant discount on goods when using a card that works if they purchase a special coupon (additional service). Or they can sell non-existent software, for example, which guarantees increased computer performance.This type of fraud is effective due to the prevalence and availability of gift cards. Here is a fraudulent store offering to buy a gift card, here you buy it, give the fraudsters your payment details and other personal information, and all the money from your card has disappeared.
In addition, fraudsters are capable of hacking the database of an online store with gift cards. They do not need to create something of their own when there is already a ready-made and real one. All you need to know is the activation code. These codes are collected from databases by special bots or other malicious programs. There are frequent cases of phishing attacks on company employees who have information and the appropriate access.
According to experts from ESET, certificates are a hot commodity on shadow hacker platforms. For example, in 2021, cybersecurity specialists stopped a deal to sell 900 thousand gift certificates. The total value of all the cards was $38 million. The attackers stole gift certificates from the American online store Cardpool.
How buyers can protect themselves:
- Pay attention to the website address - is the website faked to look like some popular store?
- Try to buy gift cards from official sources. This will help to avoid fraud and theft of your data.
- Don't be fooled by overly tempting offers that are beyond common sense.
- Don't delay using the certificate.
- Don't buy a card if the store requires you to pay for any additional services. Or use it on a site that requires the same.
How shop owners can protect themselves:
- Install a bot blocking system on your websites.
- Conduct training with employees on phishing emails.
- Pay attention to the frequency of gift card use from one IP address.
5. Browser extensions
During the holiday sales season, you can often see special browser extensions and plugins that promise to save money when shopping online. Some of them are real and really help you navigate discounts and cashback from various stores.However, fraudsters also use this tool and look for victims among those Internet users who are looking for promotions or special offers. Therefore, they develop fraudulent browser extensions with malicious code and compromise or forge user data.
What can be done:
- Don't install an extension with a minimum number of downloads.
- Pay attention to the reviews. Perhaps someone has already managed to "appreciate" the extension.
- Install antivirus software on your computer and phone. They allow you to block malicious sites that can open in the background or tabs in browsers on phones and PCs.
- Disable background data transfer on your phone for non-system apps that you don't use on a daily basis.
6. Payment fraud
Perhaps one of the most common methods of fraud during Black Friday and Cyber Monday is the theft of customers' payment information. Fraudsters use it for fraudulent purposes - they place orders in online stores using it.For the store, this will mean one thing: the real owner of the card from which the purchase was made will, in any case, dispute it and will be able to return the illegally spent funds through the bank (if the card owner contacted the bank no later than one day after receiving notification of the illegal transaction, this is worth remembering). The business will lose the goods that have already been shipped.
Additionally, attackers can use bots to hack into a store's regular customer database, a fraudulent technique called account takeover.
This is if we talk about the store and the damage to it. And what should buyers do? How else do they become victims of fraudsters? For example, they may receive a message/call that the payment for the order they just made did not go through, so it will be canceled.
To do this, the scammers contact the victim, intimidating them with the lack of payment or demanding an update of payment information. They may introduce themselves as the bank that services the card and ask to confirm a certain transaction by sending codes, etc.
Fraudsters, as a rule, create an effect of urgency. Right now, you need to fix the situation before someone steals your money!! And the bank's security service is on the alert! And in general, the consequences will be simply terrible.
What can be done and how to protect yourself:
- Trust but verify: do not rush to believe the callers, check the order status on the store's website. Perhaps there will be a note that the payment has been made. You can also contact the store manager directly.
- Don't play the game of "they'll send you a code, then they'll call you, then you'll confirm the transfer."
- If you are really called from an online store, and the payment has not actually gone through, they will speak calmly. Only scammers will rush you to follow all their instructions as soon as possible.
7. Advertising fraud
Click fraud is a type of online advertising fraud in which criminals click on ads to increase clicks and spend advertisers' budgets in their favor. A significant surge in such activity is observed during Black Friday and Cyber Monday.And since advertisers often spend more on contextual advertising and social media marketing during holidays and weekends, this means that fraudsters make even more money from click fraud.
Blocking fraudulent bot clicks on Black Friday is the main goal that advertisers should pursue in order not to waste their budgets.
What can be done:
- Analyze statistics of advertising clicks.
- Pay attention to traffic sources in Yandex.Direct and Google Ads. Compare the number of transitions to the number of conversions. It may turn out that there are a lot of transitions, but zero conversion. It is quite possible that your budget is being “drained” by scammers.
- If you have not used up your IP blocking limit, block questionable transitions.
- A/B test your ads to see which ones work best.
