Black Friday is fast approaching, and consumers everywhere will be looking to take advantage of the discount prices to get as much Christmas shopping done as possible.
With retailers looking to get a head start on the competition, special offers on products are already available – Amazon's deals are live right now, for example, and will be for most of November.
This year, due to the global pandemic, more shopping than ever before will likely take place over the internet. The increase in traffic and transactions are a scammer's dream – so staying vigilant whilst browsing and being able to spot dodgy deals has never been more important. In this guide, we show you what to look out for so you can avoid Black Friday scams.
New coronavirus scams in 2020
Before we take a closer look at some of the most common Black Friday scams that crop up in one shape or form every year, it's vital to recognize some of the insidious ways scammers have been taking advantage of the pandemic for personal gain.
- Emails and texts purporting to be from the government – Always make sure to check the URL and compare them to legitimate government messages.
- Life insurance emails – Just when you thought they couldn't stoop any lower, scammers have been mocking up fakes of this type of email during a global pandemic.
- Advertising medical equipment – There has been a huge upsurge in people selling and buying medical equipment online in the last few months, and scammers have been taking advantage. Face masks can be found on legitimate sites for decent prices, so there's no point taking the risk on a social media deal to save a few pounds.
For more information about the scams listed above, check out our article on the top 5 lockdown scams.
Black Friday Scams to look out for
What types of tactic are duping even the most tech-savvy of online shoppers?
Scammers across the world are still using landline and mobile phone numbers to reach unsuspected victims, and there are plenty of Black Friday themed scams. However, this Computer Software Service Fraud Scam is the one everyone is talking about this year.
In the scam, victims will receive a call from someone claiming to be from Amazon to inform you that there is a problem with their Prime account. The caller will then encourage the target to download a tool on their computer that will grant the caller remote access to their device and resolve the problem.
However, once granted access, callers will then demand they log into their online bank account so they can be compensated for the problem – and that's when their personal details are compromised.
Phishing emails are one of the oldest tricks in a scammer's book, and sadly they're perfect for Black Friday – the average consumer will be receiving more emails from retailers than most other points in the year. Here are five types to look out for:
'Account verification' scams
A popular choice among scammers is to send out account verification scams. They'll usually claim that someone tried to hack into your account, or that they need to update your information for security reasons – intending to steal your personal information. Here's an example:
'Order confirmation' scams
Another common one to look out for is fake order confirmation emails. These will often declare that one of your Amazon orders has been confirmed, but not list what that order is – instead, it encourages you to click a link to find out. If you oblige, you will be directed to a page that looks exactly like Amazon, and if you enter your personal info, it's going straight to the fraudsters.
'Problem with your order' scams
'Problem with your order' emails are another widespread phishing format common around this time of year. They sometimes mimic messages from courier services like DPD, and may send you a link to click and ask you to take some sort of action, like rescheduling your order. Here's an example:
'Click and receive' scams
Wait, maybe I did order that package? Well, that's what the scammers want you to think when they use click and receive scams, and around Black Friday, losing track of exactly what you've ordered can happen to the best of us.
Like the other two types of phishing email that scammers use, click and receive emails send you an email with a link in it – in this case, it'll ask you to click it to receive the package you supposedly ordered.
'Billing error' scams
Scammers love to make you panic. They'll often email you to say that your billing information is incorrect, and that you need to change it immediately, or lose out on your order. That sense of urgency is what they hope will draw you into entering your bank details into a fake website that they've made to look like the real deal. Here's an example:
Instant messaging scams
You've probably received one of these before – a suspicious-looking message with a link to a well-known website, urging you to click on it to secure a great deal. But the link is in fact a fake, and all clicking on it does is unleash malware on your device.
Scammers start by replicating both the URLs and website layouts of well-known retailers. They've become extremely efficient at doing so, making it much harder to spot what's fraudulent and what isn't. After laying the trap, they then send out phishing messages and keylogging malware straight to their target's phones.
A slightly more contemporary version of phishing emails, instant messaging scams are rising in popularity as they let fraudsters circumvent one obstacle they face on email – the spam folder.
On top of this, they're also capitalizing on our inclination to respond to texts immediately – an email might make you think twice, whereas answering texts are a lot more impulsive and thus exploitable.
Black Friday Voucher Scams
Another 'click the link' type of scam, Fake vouchers are another form of con making their way into people's inboxes. Since the middle of the year, there have been reports of people receiving messages allegedly from major supermarkets wanting to support families during the pandemic by offering them free shopping.
Worryingly, these messages contain URLs that are incredibly difficult to distinguish from legitimate ones belonging to UK food stores. You can see by this example how easy it is to fool people:
www.asđa(dot)com/my-coupon – Notice the horizontal stroke across the letter d? To an unassuming eye, it could look like nothing more than a mark on the screen and a link to an ASDA domain page. However, this is actually a URL from a scam voucher message, and the horizontal stroke is deliberate – it's not a letter d at all, it's a different one altogether. As with all scams, The finer details matter.
Social Media Scams
Social media is teeming with dodgy-looking deals throughout the year, but an influx around Black Friday can be expected as scammers look to blend in with the offers popping up on newsfeeds everywhere.
Look out for ads from small facebook pages offering too-good-to-be-true deals on expensive designer goods via websites with obscure domains. As with phishing emails, some scammers choose to mimic well-known brands – even ones you might not assume, like Clarke's Shoes.
Fake product reviews
According to the CEO of Fakespot, a browser extension that identifies fake product reviews for users, fake amazon reviews have skyrocketed this year. A lot of fake reviews are written by bots, and usually feature unusual turns of phrase and are overpacked with keywords.
However, humans are the culprits in many cases, often following a handsome payment from the product manufacturer. There are 'review exchange' clubs online in the dark corners of social media sites, where sellers on sites like Amazon will offer goods in return for overly generous comment.
Be equally aware of upvote hijacking, which is when companies target the most flattering reviews with a barrage of positive engagement to lift them to the top of the customer feedback section.
What to do to protect yourself from scammers
The golden rules
If a deal is too good to be true, it probably is – Of course, Black Friday is all about discounts you can't get at any point in the year, but don't let that cloud your common sense judgements. If you're unsure about a link or a voucher, or a price just seems too low, head over to the retailer's site directly – if the deal is legitimate, it'll be there.
Don't give out any of your personal information – Legitimate companies will never ask for you to share your bank details or passwords on via text message. If they are the real deal, remember that they will be aware of the prevalence of scams and happily provide you with proof of their legitimacy.
Treat social media marketplaces with extreme caution – If you're considering purchasing a product from a page, check how long it's been around, how many followers it has, and whether the customer reviews come from real accounts.
Only sign off on secure payments – When entering your details into a website, make sure the address bar has a little padlock symbol in the address bar. On top of this, always check that the URL from the site you're inputting details into begins with "https://” – it signals your details will be encrypted.
Other preventative measures
Ensure your browser and security software is up to date – Browsers will often highlight malicious links and block them before you even reach them, and most antivirus software packages come with a website rating service. Although this shouldn't replace your built-in defence system – common sense – it will at least save you some time filtering out the most blatant scams.
Protect your internet connection – Especially useful if you're using unsecured public networks to shop online, downloading a reliable and secure VPN can prevent DNS servers from redirecting you to malicious websites and scammers monitoring your online activity. An up to date comparison of the best VPNs currently on the market can be found here.
Be wise with your passwords – If a scammer manages to get hold of a password to one of your email accounts, their next step will be to see if you've used the same one elsewhere – surveys consistently show that a worrying number of people have one password for all their accounts and devices. By varying your login details, you'll enhance your safety astronomically. If you fear you may struggle to remember them all, here's a guide to the best password managers available.
Create a 'shopping' account – This is not necessarily essential, but if you are worried, it can be a good measure to reduce your own anxieties about getting scammed. It only takes five minutes, and dedicating an email account to your shopping exploits and ensuring it has as little additional information as possible can really make the difference if you are scammed.
What to do if you've been scammed
- Contact your bank – This should be the top priority, particularly if you think money has already been withdrawn from your account. Replacing your cards and changing the security details immediately is advised, and if you have been scammed, your bank are obligated by law to refund you.
- Contact Action Fraud – This is the UK's national fraud and cybercrime reporting centre. Run by the National Fraud Intelligence Bureau in conjunction with the City of London Police, you can contact them on 0300 123 2040 to report a scam or visit the website.
- Contact the police on 101 – If you realize you've been scammed within 24 hours of the fraud taking place, get in touch. The quicker the better.
Reset all your passwords and maximize account security. Choose strong replacements with a variety of upper and lower case letters, numbers and symbols. Many sites that hold your personal details – such as Gmail – allow you to add additional security measures, so make use of them.
In numbers: the scammer's playground
Black Friday in the middle of a global pandemic is the perfect storm for scammers, so there is even more onus this year on staying vigilant. Combine these events with poor rates of digital literacy, and it's easy to see why so many people get scammed.
Poor digital literacy rates in a world full of fraud
11.9m – the number of citizens who do not have sufficient digital literacy skills for everyday life in the UK. That's over one-fifth of the population (Lloyds Consumer Digital Index 2020).
86% – the percentage of people who do not think about whether a website appears fraudulent when shopping in sales (TSB 2019).
96% – the increase in consumer account hijacking between 2018 and 2019 (cifas.org.uk).
26,215- the number of cybercrime offences referred to the National Fraud Intelligence Bureau by Action Fraud for the year ending March 2020, a 23% increase from 2019 (ONS 2020).
24% – the percentage of 18-34-year-olds who said they'd fallen for a Black Friday scam in the between 2014-2019 (Barclays 2019).
£661 – the average amount lost by a victim of Black Friday scams last year (Barclays 2019).
12% – the percentage of fraud victims to lose over £2,000 of their own cash (Barclays, 2019).
30% – the percentage of Britons who have felt more anxious about cybercrime since lockdown began (YouGov/Get Safe Online 2020).
18% – the percentage of people who had never shopped online before the global pandemic but now have (YouGov/Get Safe Online 2020).