Today is Cyber Monday, the day when shoppers concentrate on buying the tech they wanted to all year, for a fraction of the original price. In the wake of the “generic” shopping day that is Black Friday, for the ninth time in a row Cyber Monday spending is expected to climb to unprecedented heights.
As many of the shoppers prefer to do their shopping online, cyber crooks are looking to trick them into sharing their personal and financial information, or download malware.
“Cybercriminals are very resourceful, and they know that the siren song of a good deal is almost always irresistible to bargain hunters,” pointed out Dwayne Melancon, chief technology officer at Tripwire. “The number one reason to click is trust in a brand, which isn’t good – I have seen some very convincing phishing emails and bogus websites that look nearly identical to the real thing. Shoppers need to look beyond the facade of convincing branding to make sure they aren’t being conned into clicking on a bogus link.”
The company’s recent consumer survey shows that the percentage of users who believe emails from “trusted brands” are safe to click is alarming: over 40 percent. 23 percent believe links sent from trusted associates are safe to click, and only 28 percent of consumers believe it is never safe to click on email shopping links.
But malicious, fake emails containing “good deals” aren’t the only danger. As Black Friday is behind us, a lot of users already did most of their holiday shopping and are awaiting confirmation of their purchases. Cyber crooks are misusing this fact to send out fake order confirmation details.
ESET’s Aryeh Goretsky provided some examples impersonating Home Depot and Costco.
“It goes without saying that you should delete messages like this right away (if you really are expecting notification about an order from a retailer, confirm it with a phone call, or by typing the company URL into your browser and navigating to the order tracking page),” he advised.
Brian Krebs warns against “phantom” stores.
“It’s not uncommon for bargain basement, phantom Web sites to materialize during the holiday season and vanish forever not long afterward. If you’re buying merchandise from an online store that is brand new, the risk that you will get scammed increases significantly,” he noted.
“But how do you know the lifespan of a site selling that must-have gadget at the lowest price? One easy way to get a quick idea is to run a basic WHOIS search on the site’s domain name. The more recent the site’s “creation date,” the more likely it is a phantom store.”
He also pointed out that each time you purchase something online, and especially on newer stores, it’s good to be wary about hidden surcharges.