Black Friday and Cyber Monday sales are nearly here! So are the scammers. They will try to trick into shelling cash on items that you will never receive or on the gift cards that never existed.  Unfortunately, during this season of the year, most people let their guards down, making them vulnerable to online fraudsters. To protect our Checkphish community from falling prey such scams, we have decided to do a series of blog posts explaining in detail the latest tricks and techniques used by these fraudsters.

In this post, we explain in detail top 5 scams you might encounter during the Black Friday season. We also give you a few tips to protect yourself from these scammers.

Quick Analysis

Before we jump into the scams, I wanted to share some numbers with you. Last year, e-commerce websites made over $6 billion on Black Friday and $8 billion on Cyber Monday (source: https://www.cnbc.com/2018/11/24/black-friday-pulled-in-a-record-6point22-billion-in-online-sales-adobe.html).

Black Friday 2018 Revenue Distribution
Black Friday 2018 Revenue Distribution

Consumers spent nearly $2 billion through smartphones. When on a smartphone, it is hard to verify the authenticity of a link. For instance, take a look at the page below with URL

hxxps://id[.]amazon[.]corn[.]idmsa-authsighin-verify[.]ugjhbhfh[.]com/ap/signin?session=e662c449c84a70ea6581386ba6cbf8c8ef3f375a

Fake online stores: Amazon phishing page
Fake online stores: Amazon phishing page

Pages like this are hard to identify when you received it as a text message or access it through an email on your phone. Starting next section, we will look the top 5 scams are you most likely to come across during the holiday season.

Gift Card Scams

These are of the most popular ways to trick users into revealing their personal and credit card information online.  The scam starts with the scammer distributing a fraudulent webpage on several social media channels like Facebook, Instagram, and WhatsApp. Once the user clicks on it, he/ she will be redirected to a page that looks like the one below. Here, the user will be asked to enter his personal information along with his credit card details.

Target Gift Card Scams
Target Gift Card Scams

How to avoid falling to such scams?

  1. Always buy gift cards directly from the seller.
  2. Do not buy gift cards that are too good to believe. For example, 'Pay $10 to receive a $1000 gift card'.
  3. Check the URL you are buying a card from. Most of the scammers use webpages that look similar to the original brand. These are called typo squatted domains. For example, you might receive a link that reads 'walmarty.com'. This is not a Walmart page.

Survey Scams

A typical survey scam claims to give away free stuff or gift cards once a user enters his/ her personal and credit card information on the landing web page. They try to replicate the language used on the original page and trick users into entering their information. Below is a sample survey scam flagged by Checkphish.

Walmart Survey Scam

How to avoid falling to such scams?

  1. Check whether the survey is being offered by an authentic party.
  2. Think twice before revealing your personal information online.
  3. Scan any suspicious links on Checkphish.ai before accessing them.

Fake Shopping Sites

Black Friday season is when most of us are looking for the best available deals. This makes us vulnerable to online fraudsters.

A few of us end up on fake shopping stores. These websites trick users into revealing their credit card information by displaying products from other websites (sometimes google images). They neither sell these products nor are a legitimate business. These scammers try to take advantage of the consumer shopping frenzy.

Let me explain this with the help of an example. You see a Facebook post that reads "Nike Black Friday Cheap Deals'. Clicking on the link redirects you to a shady website hxxp://www[.]nikefreeflyknit[.]name/, that looks like

Nike fake Shopping Website
Nike fake Shopping Website

Most of us would back out, but a few would be tempted to get a cheap deal. They end up entering their credit card details online and paying for a product that does not exist.

How to avoid falling to such scams?

  1. Think before entering you credit card/ payment details online.
  2. Scan a suspicious link through Checkphish.ai before accessing it.

Cryptocurrency Discounts

Scammers have found a new to attract crypto traders and enthusiasts by offering huge discounts and cashback offers. It starts with an email claiming to offer steep discounts on bitcoins and other cryptocurrencies. Once the user lands the webpage, he/ she will receive a promo code. They will be redirected to a page with several purchase options. The user needs to opt for a method of payment and enter their banking details. Below are a few examples of such websites.

Phishing Pages

During the holiday season, we observe an upward spike in the number of phishing pages. Last year, the number of phishing pages increased by 1.4 times in November and December when compared to other months. The scammers send messages with phishing links embedded in them. It could be as simple as 'Login into your Gmail account to claim the reward'. Below is an example of such a webpage with URL ‘accounts[.]aboutyou-freedom-fest[.]d’

Gmail phishing page
Gmail phishing page

How to avoid falling to such scams?

  1. Always check the URLs before giving away login/ sensitive information. ‘accounts[.]aboutyou-freedom-fest[.]d’ is not ‘gmail.com’.
  2. If a webpage asks you to sign in through Gmail/ Facebook, the page will be redirected through the official website.
  3. Scan a suspicious link on Checkphish.ai

Conclusion

In this blog post, we talked about several scams that you might encounter during the Black Friday season and provided you tips on how to stay away from them. Stay tuned for the next one and please do checkout Checkphish.ai. It is an engine that can detect scams and counterfeit websites in real time. Please spread the word if you like it.