Scammers use Black Friday deals to trick unsuspecting shoppers: Protect yourself with these 3 tips

Fake e-Shops, bogus charities and sneaky "smishing" scams are especially prevalent around the holidays, a cybersecurity expert told Fox News Digital.

Nov 29, 2024 - 12:00
Scammers use Black Friday deals to trick unsuspecting shoppers: Protect yourself with these 3 tips

Black Friday is the perfect time to pick up holiday gifts at a discount. It's also the most likely day of the year to fall victim to a scam online, according to the director of Norton's Scam Research Labs.

About 50% of online consumers each year are swindled by various schemes to steal money or data, Norton's Leyla Bilge told Fox News Digital. Of those heists, she said, 30% take place on Black Friday, 16% take place on Christmas Day, 14% take place on Christmas Eve; and 11% take place on Cyber Monday. 

But as shoppers take advantage of holiday deals, the cybersecurity company's research lab has identified the most common online scams, and Bilge shared tips on how to evade each one.

TIPS TO HELP YOU TELL IF AN ONLINE STORE IS REAL OR A SCAM

1. E-shop scams

Bilge said "hundreds" of fake shops pop up online each year. 

"It's very easy to create a fake e-shop that looks really realistic. The look and feel is amazing. You won't be able to spot it really easily. So even us, sometimes we struggle to figure out if something is real or not," Bilge said. "You have to think twice with scams because they're really complicated and sophisticated now, especially with AI. Things are becoming much more powerful."

But common sense, new tools and a few tactics can be used to spot them. 

One sign that an online retailer might be fake is that their deals are "too good to be true."

"If something is sold for, let's say, $100, you're not going to get it for $10," Bilge said. "So it's not you're never going to have [a] 90% decrease discount, but typically, you get these kind of crazy discounts on such websites."

Oftentimes, Bilge said, payment pages on these fake sites will provide useful clues. 

"Typically, on the first page you'll have like they will always tell you that you will be able to pay with everything possible, PayPal, with Google, Google Pay or Amazon or Apple Pay or, you know, Visa, Mastercard and so on," Bilge said. "But when you actually check out … they will either tell you to pay with a gift card because it's difficult for us to trace … or they will tell you to do it with PayPal." 

"If you see these kinds of inconsistencies between the first page and the last page, you have to be very careful," she continued.

Taking a look at the URL of a website can also help, Bilge said.

"Let's say that [the fake e-shop] might be an Amazon imitation," she said. "You might want to go and check whether the website's name actually fits the brand, because let's say you would have Amazon.com, [their website could be] Amazonbeautifulverycool.com, something like this."

Paying attention before capitalizing on an attractive deal could save your wallet and private information, she said, and so can looking into the seller itself if you've never shopped there before.

"You might want to be really careful and cross-check with third-party organizations that are actually kind of providing reviews about our organizations," Bilge said. "We actually have an AI-powered chatbot, which we call Norton Genie, that a user can easily just cross-check."

6 SNEAKY GIFT CARD SCAMS TO WATCH OUT FOR THIS HOLIDAY SEASON

Shoppers can also crowdsource to spot cons. Reddit's scam subreddit, Reddit.com/r/scams, has nearly 1 million subscribers, many of whom will quickly answer queries about suspicious websites from experience or using their own tech know-how. 

A quick Google search will often expose fake e-shops as well. The Better Business Bureau also has a searchable list of accredited and non-accredited businesses that can be used.

Always look for the lock icon in the browser address bar, indicating that the website is using a secure connection. You can also check the website's URL to see if it starts with "https" instead of "http," which would also indicate a secure connection.

Finally, check the company's website for a physical address and phone number. If you're unsure about its legitimacy, you can do a quick Google Maps search to see if the business pops up.

2. "Smishing" package delivery scams

Many consumers receive a higher volume of packages around the holiday season as they order gifts from friends and family. 

But this makes them more susceptible to "smishing" scams: fake text messages or emails from UPS, the U.S. Postal Service or Amazon, etc., sent by fraudsters to collect personal information. 

"They will tell you there is a problem with your payment, or you have to make an additional payment so they can actually steal your money," Bilge said. "Or they could try to actually compromise some personal information so they can use it for a different type of attack that can happen later on."

One method to spot these scams is to take a closer look at the phone number or email address that the correspondence is coming from. 

DON'T GET CAUGHT IN THE 'APPLE ID SUSPECTED' PHISHING SCAM

"You can check the sender or email address. In most cases, there will be some random characters and numbers@gmail.com, which is really suspicious. I mean, that's never going to happen," Bilge said. "You will never get that email from Amazon or UPS with an email like that."

Generally, emails like this can be ignored. According to the U.S. Postal Inspection Service's website, it will not send customers or text messages without a customer first requesting the service with their tracking number. Even if emails are requested, the agency said, those correspondences will never contain a link.

"If you did not initiate the tracking request for a specific package directly from USPS and it contains a link: don't click the link," the Postal Inspection Service wrote.

3. Charity scams

Thieves will often impersonate well-known charities through email or text or by using fake websites. They can also entirely fabricate charities for noble causes to fool unsuspecting donors into misspending their hard-earned money.

One way to spot a bogus charity is the way they correspond with you, according to the Federal Communications Commission (FCC). Although charities are exempt from the national Do Not Call list, they must comply if you ask them to stop calling you, the FCC wrote on its website. 

ROMANCE SCAMS ON THE RISE AS AMERICANS LOOK TO DATING APPS FOR LOVE: 5 TIPS TO PROTECT YOURSELF

The agency also suggests verifying phone numbers and URLs for charities before donating to them. Services like Norton Genie or even Google and Reddit.com/r/scams can be helpful tools in doing so.

The FBI's Philadelphia bureau wrote in a warning to consumers that donations should always be made via check or credit card.

Donors should be wary of charities that claim to help victims of recent high-profile disasters and to double-check the name of the charity to ensure that it doesn't have a "copycat name."