Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season – which includes Black Friday, Cyber Monday, and Christmas — may be their favorite.
As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers’ fun as you celebrate the season of giving.
Keep an eye open for scams while holiday shopping
Along with using antivirus on all your devices, monitoring your credit card accounts, and using an online payment service, learning to spot a scam is one of the keys to keeping your money safe when shopping online.
F-Secure Labs continually monitors the latest cyber threats around the globe. Our experts have pulled together some spam they’ve been seeing in the wild over the past few weeks since Halloween ended, and the holiday shopping season officially kicked off with Singles Day on the 11th of November.
These real-life examples give us the best possible preview of the sort of scams you can expect to see in your inbox before the New Year begins. Looking at them now is one of the best ways you help yourself and educate your loved ones to avoid messy, and potentially costly, mistakes.
Fake Black Friday and Cyber Monday Sale Offers: Ray-Ban and Louis Vuitton
Our Labs has been tracking a spam campaign Louis Vuitton and Ray-Ban products that began to rise around the second week of November.
This campaign presents an excellent opportunity to review what a typical holiday scam looks like from the first email to the last click. By exposing yourself to all the steps of this sort of attack, you can increase your chances of breaking out of the scam’s grasp before it steals your money.
Here’s the bogus Ray-Ban sales offer for Black Friday and Cyber Monday. Notice everything the scammers do to increase the urgency, so you click without too much thought:
The link in this fake email leads to a fake site that resembles what you might expect to see on a legitimate retailer’s site:
As we noted, holiday sales can be good. But they are almost never this good. For instance, $38 for a pair of $280 glasses is a discount of more than 83%. That’s an unbelievably low price. But in the holiday rush, the part of your brain that might alert you to the improbability of this offer may be drowned out by all the other voices trying to get all the gifts you can afford. Below is another example of an email scam promoting Louis Vuitton Bags for “Black Friday Sale”:
Similarly, the user is led to a bogus shopping website. Again, 87% off sounds too good to be true for luxury bags like these:
Let’s say that in your holiday-impaired state you do attempt to purchase one of these bags. The fake site will ask you to enter the shipping address. Our Labs team found that typing anything at all works for all the fields, even the zip code:
Next step, it will ask for a payment method. It says, choose payment mode of “For friends and family” due to “low profits” so the seller can avoid paying fees for transactions while making it harder to get your money back, as with this option you are not covered by Paypal’s fraud protection:
Clicking PAY NOW leads the user to send payment via PayPal to an individual with a person named James.
And for reference, here are the actual websites for Ray-Ban and Louis Vuitton as they appeared when these scams were found:
Trick surveys and bogus gift cards
Scammers use the lure of “free gift cards,” often as a reward for filling out some sort of phony survey, all year long. But during the holiday season, people have even more motivation to make the bad decision click on a suspicious link in an unsolicited email. To increase the chances spam recipients will make a bad choice, free gift card scams often rely on some of the biggest brands in the world.
Below are a wide variety of examples of these scams that F-Secure Labs has identified in November of 2022. Remember that the cost of these allegedly “free” gift cards could easily be theft of your private financial data:
How to spot a holiday scam
- Check for suspicious email sender information.
If the sender’s name and sender’s email address do not match, that is a big red flag. Always check to see if the sender’s email address includes suspicious domain names, such as “buylouisvuittonnow.com” or top-level domains such as “.top” or “.ru”.
- Avoid too-good-to-be-true sale prices.
- Be wary of any errors or oddities on a billing form.
Legitimate retailers ensure that the forms that complete a sale are correct, clean, and functional, as their success depends on making sure customers finish a transaction. Proper forms will verify that the correct characters for each field — such as addresses, zip code, and phone numbers — are entered properly.
- Steer clear of any transaction that results in an unusual payment method, especially to an individual.
- Instead of clicking on sale links in emails, go directly to the retailer’s site. If the seller truly has a sale, it should be visible directly on their site. And you should be able to find the site and the sale via Google.