Festive fraud? Black Friday and how to shop safely online

Peter Yapp 25 Nov 2021

From phishing emails to to dodgy public wifi, Peter Yapp from Schillings’ Cybersecurity team tells us what to look out for to ensure our online shopping doesn’t come with an unwanted delivery of fraud.

If it looks too good to be true, it probably is. Hold that maxim close as you consider all the shopping bargains that appear in the run up to and on Black Friday and Cyber Monday, which this year fall on 26 and 29 November, respectively.

With the current ongoing disruption to supply chain, a new phenomenon for 2021, there could be some popular items in short supply, so be suspicious of online offers with rock bottom prices on difficult to find items – the seller may not be a real supplier and the item might not be the genuine article.

Here are four things to look out for and four things you can do to make your shopping experience more secure.

Issues and risks to look out for

1. Phishing

Firstly, you should always be on the lookout for phishing emails (they are the most common way of attempting to commit fraud) but expect an increase in the run up to Black Friday. Beware of tempting messages from pseudo official looking sources that try to get you to go to fake websites or entice you to click on links promising special or limited offers.

In some cases, fraudsters will send confirmation emails for items that you didn’t order. The email may feature a dangerous link to cancel or update the order. Don’t be tempted to click on the link.

If you do click on a phishing link by mistake, take action straight away. If you provided login credentials, immediately change your username and password. Pick a unique, hard-to-crack password using three or four random words. Update your software and run a security scan on your devices to check for malware. Finally, report the scam to the NCSC and/or Action Fraud (in the UK, or equivalent bodies in your jurisdiction). 

2. Dodgy websites

You may not fall for a phishing email, but how do you know whether that site that has come up in your search results is legitimate? Black Friday online scams sometimes begin with an untrustworthy website. The fraudsters set up fake websites full of products that don’t exist so they can collect payments for goods that they’ll never send. They may even provide a “call centre” and give out “excuses” for a while, so by the time you realise you’ve been defrauded, your money is long gone.

A website without a closed padlock symbol on the left side of the URL should be considered unsafe. Likewise, a URL that begins with HTTP rather than HTTPS is also more likely to be a front for fraud. Legitimate retail sites will be set up with the appropriate security. Look out for one or two letters changed in the URL so that, at first glance or on a mobile phone, it’s difficult to recognise the website address as a fake one.

To ensure you are visiting the correct site, bookmark key shopping sites and don’t visit a retailer by clicking a link in an email or social media offer or advertisement. Stick to reputable retailers. If you’ve seen a bargain that has been listed by a company or seller you’re not familiar with, then do some research first, like looking at a website such as Trustpilot.

If you do get conned, change your username and password for the legitimate shopping site straight away. If you’ve saved your credit card information on the real site, you should delete it as a precaution. If you used a credit card to make a purchase on the dodgy site, report the fact – and the fraud – to your card issuer immediately.

3. Public Wi-Fi

Don’t trust unknown public Wi-Fi or use public Wi-Fi hotspots (such as unsecured ones in coffee shops for example). Fraudsters may set up rogue Wi-Fi base stations with very little investment, and can capture any unencrypted data such as credit or debit card details. Also be aware of reading out card details and check numbers over the phone if you could be overheard).

If you are out physically shopping, you might be tempted to go online to check prices. If you see an offer that you want to go for online, be wary of free public Wi-Fi because you can’t be sure that the connection is secure. Even if you have to enter a password or log in, remember that any network that’s set up for the public can be abused. These sorts of attacks are known as Man-in-the-Middle, and they work by exploiting a flaw in the way the network communicates to intercept traffic going to and from victims’ devices. We would encourage you to use mobile data; it may not be 100% secure, but it’s much harder to tamper with than public Wi-Fi.

4. Instant message scams

Fraudsters are relying on the fact that so many of us are buying online and the chances increase with Black Friday and Cyber Monday. They send fake delivery notifications which look like they’re coming from the Royal Mail, DPD, Hermes, FedEx, or UPS, but will come from a mobile phone number rather than a company name. If you ever get an email or text about a delivery problem, don’t click any links or call any number provided. If you think it may be a legitimate message, look up the company information elsewhere and contact them directly.

Another instant message scam is when it appears that a friend has sent you a WhatsApp or social media message with a link to an online sale. It may not be something they normally do, but with Black Friday’s bargains, perhaps they would. Don’t fall for this. These sorts of scams are on the increase and rely on the trust you have with your friend and the speed with which you want act in order to bag a bargain.

The scammers create a fake website that looks very similar to a legitimate online retailer. They then take over instant messaging accounts by phishing owners or sending them keylogging malware. When you click the link, a file containing malware is downloaded.

How to be more secure

1. Passwords

Your email account is precious, and you should do everything you can to secure it. It is likely to contain a treasure trove of information that is not only of interest to advertisers, but to fraudsters as well. One of the best ways to secure your email is to use a strong, unique password that isn’t used on any other websites.

By securing your e-mail account with a strong password (such as three or four random words) you can protect against cyber fraudsters breaking in and stealing information such as the online shopping websites you have signed up to, or sensitive information such as bank details, dates of birth or personal delivery addresses.

2. Two-factor authentication

You can also add an extra level of security for your email account and for your sign on with a retailer (if they offer this facility). By turning on 2FA (two factor authentication), also known as ‘two-step verification’ or ‘multi-factor authentication’ you can stop hackers from accessing your accounts, even if they know your password. This is done by asking you to confirm that it’s really you in a second way – usually by asking you to enter a code that’s sent to your mobile phone. This adds an extra level of security, with the code sent to your mobile device needed alongside your password to login.

3. Be Alert

You are the best person to spot if something doesn’t quite look right. Take a moment to follow your gut feeling – if something doesn’t seem right, it probably isn’t. The trick to staying secure is to remember that fraudulent links can be sent on any communication platform (social media, text messaging or email). Always view links with caution and keep an eye out for anything that seems too good to be true. Hopefully where you work provides training in how to spot phishing emails and dodgy websites, but if not, follow all of the advice above to keep ahead of the fraudsters.

4. Use a credit card

Finally use a credit card for your online Black Friday shopping especially if you are buying goods that are at a higher risk of fraud such as home improvement and DIY products, games consoles, bicycles and clothing. If you buy something with your credit card and the item never arrives, is faulty or damaged, you have the right to claim the costs back through your credit card provider.

In the UK, under Section 75 of the Consumer Credit Act, you’re covered by credit card purchase protection if you use your card to buy goods or services such as clothing, an item of furniture or a computer that costs over £100 and up to £30,000. Debit cards don’t offer this protection, but they do offer lesser protection for purchases under £100 through chargeback.

What to do if you’re a victim of Black Friday fraud

If you do fall victim to a Black Friday scam in the UK, contact your bank immediately to start the refund process. While they are investigating, your bank account may be frozen to prevent any further fraudulent transactions from being taken. You should also report the Black Friday fraud to Action Fraud (you can do this online anytime or by phone Monday-Friday 8am-8pm).