Black Friday is just around the corner, and consumers everywhere will look to take advantage of the discount prices and do some Christmas shopping.
Special offers on products are already available as retailers look to get a head-start on the competition – Amazon's deals are live right now, in fact, and will be for most of November.
We're doing more and more of our shopping online these days, thanks to the global pandemic, and this increase in traffic is a scammer's dream. So, staying vigilant whilst bargain hunting – and spotting those dodgy deals – has never been more important. We'll show you what to look out for in this guide to common Black Friday scams.
Black Friday Scams to look out for
What tactics are fraudsters using to dupe even the most tech-savvy online shoppers?
Scammers around the world are still using landline and mobile phone numbers to reach unsuspecting victims – and it's no different during the holiday season. Computer Software Service scams have become particularly prevalent over recent years, however.
In this scam, a victim will receive a call from someone claiming to work for Amazon, informing them about a problem with their Prime account. The caller will then encourage the victim to download a tool on their computer that'll grant them remote access – to ostensibly resolve the problem.
Once the caller has access, however, they'll then demand that the victim log into their bank account and compensate them for their "assistance".
Phishing emails are one of the oldest tricks in a scammer's book, and sadly they're perfect for Black Friday – the average consumer will be receiving more emails from retailers than most other points in the year. Here are some of the more notorious types to keep an eye out for:
'Account verification' scams
Verification scams are a popular choice among scam artists. They'll usually claim that someone tried to hack into your account or that they need to update your information for security purposes – all while intending to steal your personal information. Here's an example:
'Order confirmation' scams
Another common phishing technique to look out for is the fake order confirmation email. These emails will claim that one of your Amazon orders has been confirmed – but they won't tell you what the order actually is. Instead, you'll be encouraged to click on a link to find out. If you oblige, you'll be directed to a page that looks just like the Amazon site, but it'll be the fraudsters who receive your personal information if you input it anywhere.
Alternatively, a scammer may hit you with a fake invoice. The invoice might claim that your payment hasn't been received, that you need to re-enter your bank details, or that someone on PayPal is requesting money from you. If you happen to receive one of these invoices unexpectedly, and regardless of whether you purchased the item in question, it's a good idea to read through it carefully and compare it against your most recent bank statement.
'Problem with your order' scams
'Problem with your order' emails are another widespread phishing format common around this time of year. They sometimes mimic messages from courier services like DPD, and may send you a link to click and ask you to take some sort of action, like rescheduling your order. Here's an example:
'Click and receive' scams
That's exactly what a scammer wants you to think when they use these click and receive scams. Around Black Friday it's entirely too easy to lose track of what you've ordered, too!
Just like the previous examples of phishing emails, click and receive scams contain a link that you'll be asked to click in order to receive the package you supposedly ordered.
'Billing error' scams
Scammers love to make you panic. They'll email you to say that your billing information is incorrect, and that you need to change it immediately, or lose out on your order. That sense of urgency is what they hope will draw you into entering your bank details into a fake website that they've made to look like the real deal. Here's an example:
Instant messaging scams
You've probably received one of these before – a suspicious-looking message with a link to a well-known website, urging you to click on it to secure a great deal. But the link is in fact a fake, and all clicking on it does is unleash a swathe of malware on your device.
Scammers start by replicating both the URLs and website layouts of well-known retailers. They've become extremely efficient at doing so, making it much harder to spot what's fraudulent and what isn't. After laying the trap, they then send phishing messages and keylogging malware straight to their target's phones.
A slightly more contemporary version of phishing emails, instant messaging scams are rising in popularity as they enable fraudsters to circumvent a common obstacle they face on email – the spam folder.
On top of all this, these scams also capitalize on our inclination to respond to texts immediately. An email might not feel as urgent, whereas a text message tends to demand our attention right away – making that much more exploitable.
Black Friday Voucher Scams
Fake vouchers are another "click the link" scam making their way into people's inboxes. Some victims report receiving messages that are, allegedly, from supermarkets wanting to support families during the pandemic by offering them some free shopping.
Worryingly, these messages contain URLs that are incredibly difficult to distinguish from legitimate ones belonging to UK food stores. You can see by this example how easy it is to fool people:
www.asđa(dot)com/my-coupon – Notice the horizontal stroke across the letter d? To an unassuming eye, it could look like nothing more than a mark on the screen and a legitimate link to an ASDA domain page. However, this is actually a URL from a scam voucher message, and the horizontal stroke is deliberate – it's not a letter d at all, it's a different one altogether. As with all scams, the finer details matter.
Membership renewal scams
Most sites and services have subscription models these days, and they’re also popular gifts, so it’s not surprising that scammers take advantage of them during Black Friday. You might receive an email claiming that it’s time to renew your membership (even if you never signed up for the service in the first place) – and that all you have to do is hand over your credit card details.
The best way to determine if an email is legitimate is by visiting the site in question directly.
Social media scams
Social media sites are teeming with dodgy deals throughout the year – but scammers just love taking advantage of the holiday season when they can prey on the increased number of shoppers and blend in with other offers popping up on our newsfeeds.
Be on the lookout for ads from small Facebook pages offering deals on designer goods that seem too-good-to-be-true. Always check the seller's ratings and reviews, and be wary if you end up on a site with an odd domain! Similar to phishing emails, some fraudsters create lookalike sites to try and dupe victims.
Fake product reviews
According to the CEO of Fakespot, a browser extension that identifies fake product reviews, fake Amazon reviews have skyrocketed this year. Bots write a lot of these bogus reviews, and they usually feature unusual turns of phrase and are over-packed with technical jargon.
However, humans are the culprits in many cases, often following a handsome payment from the product manufacturer. There are 'review exchange' clubs online in the dark corners of social media sites, where sellers on sites like Amazon will offer goods in return for overly generous comment.
Be equally aware of upvote hijacking, which is when companies target the most flattering reviews with a barrage of positive engagement to lift them to the top of the customer feedback section.
Some hackers are more ambitious than others, and may go to the trouble of crafting entirely fake websites to dupe visitors out of their financial information. Often, the scammers will create sites that mimic well-known retailers and hope that you won’t notice the difference. If you make a purchase, however, you’re effectively gift-wrapping your credit card information for them – and it’s unlikely that you’ll ever receive the item you paid for. Some of these phishing sites are hard to spot, though they often have strange domains, misspelled URLs, or awkward formatting.
What to do to protect yourself from scammers
The golden rules
- If a deal is too good to be true, it probably is – Of course, Black Friday is all about discounts you can't get at any point in the year, but don't let that cloud your common sense judgements. If you're unsure about a link or a voucher, or a price just seems too low, head over to the retailer's site directly – if the deal is legitimate, it'll be there.
- Don't give out any of your personal information – Legitimate companies will never ask for you to share your bank details or passwords on via text message. If they're the real deal, remember that they will be aware of the prevalence of scams and happily provide you with proof of their legitimacy.
- Treat social media marketplaces with extreme caution – If you're considering purchasing a product from a profile page, check how long it's been around, how many followers it has, and whether the customer reviews come from real accounts.
- Only sign off on secure payments – When entering your details into a website, make sure the address bar has a little padlock symbol in the address bar. On top of this, always check that the URL from the site you're inputting details into begins with "https://" – it signals your details will be encrypted.
Other preventative measures
Ensure your browser and security software is up to date – Browsers will often highlight malicious links and block them before you even reach them, and most antivirus software packages come with a website rating service. Although this shouldn't replace your built-in defense system – common sense – it will at least save you some time filtering out the most blatant scams.
Protect your internet connection – Especially useful if you're using unsecured public networks to shop online, downloading a reliable and secure VPN can prevent DNS servers from redirecting you to malicious websites and scammers monitoring your online activity. Check out our best VPN services pages for a list of the best services in 2022.
Be wise with your passwords – If a scammer manages to get hold of a password to one of your email accounts, their next step will be to see if you've used the same one elsewhere – surveys consistently show that a worrying number of people have one password for all their accounts and devices. By varying your login details, you'll enhance your safety astronomically. If you fear you may struggle to remember them all, here's a guide to the best password managers available.
Create a 'shopping' account – This is not necessarily essential, but if you are worried, it can be a good measure to reduce your anxieties about getting scammed. It only takes five minutes, and dedicating an email account to your shopping exploits and ensuring it has as little additional information as possible can really make the difference if you are scammed.
What to do if you've been scammed
- Contact your bank – This should be the top priority, particularly if money has already been withdrawn from your account. Replacing your cards and changing the security details immediately is advised, and if you have been scammed, your bank is obligated by law to refund you.
- Contact Action Fraud – This is the UK's national fraud and cyber-crime reporting centre. Run by the National Fraud Intelligence Bureau in conjunction with the City of London Police, you can contact them on 0300 123 2040 to report a scam or visit the actionfraud website.
- Contact the police on 101 – If you realize you've been scammed within 24 hours of the fraud taking place, get in touch. The quicker the better.
Reset all your passwords and maximize account security. Choose strong replacements with a variety of upper and lowercase letters, numbers and symbols. Many sites that hold your personal details – such as Gmail – even allow you to add additional security measures, so make use of them.
In numbers: the scammer's playground
A Black Friday in the middle of a global pandemic is a perfect equation for scammers, so it's never been more important to stay vigilant. Unfortunately, increased cyber-crime and low digital literacy mean that plenty of individuals will be caught out.
Poor digital literacy rates in a world full of fraud
11.9m – the number of citizens who do not have sufficient digital literacy skills for everyday life in the UK. That's over one-fifth of the population (Lloyds Consumer Digital Index 2020).
86% – the percentage of people who do not think about whether a website appears fraudulent when shopping in sales (TSB 2019).
96% – the increase in consumer account hijacking between 2018 and 2019 (cifas.org.uk).
26,215- the number of cybercrime offences referred to the National Fraud Intelligence Bureau by Action Fraud for the year ending March 2020, a 23% increase from 2019 (ONS 2020).
46% – the percentage of Millenials who agree that online scams become more prevalent over the holiday season (Adobe Analytics, 2020)
£735 – the average amount lost by fraud victims over the Black Friday week (Barclays, 2020)
84% – the percentage of consumers willing to risk their personal information whilst shopping for bargains (Kaspersky, 2020)
30% – the percentage of Britons who have felt more anxious about cybercrime since lockdown began (YouGov/Get Safe Online 2020).
18% – the percentage of people who had never shopped online before the global pandemic but now have (YouGov/Get Safe Online 2020).