Skip to main content
Search

How to stay ahead of the Black Friday/Cyber Monday scammers

Date: 22 November 2023

6 minute read

The biggest shopping weekend of the year - Black Friday/Cyber Monday - falls on 24th/27th Nov this year. Millions of us will use the opportunity to bag a bargain ahead of Christmas, as retailers discount their products both in store and online.

With one in 17 adults falling victim to fraud over the past year, we know that scammers will look to exploit this spending behaviour, trying to siphon as much of that money into their own pockets as possible.
Here are a few reasons why the risk of scams will increase over the Black Friday/Cyber Monday period, and tips on how to protect yourself:

1. Scam messages can hide in plain sight more easily

Think of all the email messages, texts, and ads you’ll see from retailers. Scammers will sneak in amongst these with their malicious content by impersonating brands. They’ll offer fake/counterfeit goods, and try and get you to click on links that lead to fake websites or pages that steal credentials.

ACTION YOU CAN TAKE:

  • Pause and take a breath to slow down any knee-jerk reactions – then, take a moment to check the email again. Things like the sender details, whether the tone or context of the email seems correct for that sender, if there are any emotionally manipulating elements triggering a feeling of urgency, or if an action is being asked for… It might be a good idea to find another way to validate the email (via a separate check to the company website, or a phone call, for instance).
    m Do not click on any links or attachments until you are certain the communication is genuine. There are very few instances where an email or text message requires an instantaneous response from you, so take the time to slow down and really check for red flags – especially during such a busy shopping period!

2. AI tools will increase the sophistication, as well as the number, of scams

The rise of AI tools means that:

More attacks can be deployed in higher numbers by more people – even those with little technical know-how

  • AI language systems such as ChatGPT can create content, messages, sites and even ads with good spelling, grammar and formatting, so we can no longer rely on spotting scams by obvious English errors. These tools can also be used to increase ‘search engine optimisation’ (meaning that a malicious website could appear high in search results, increasing the likelihood that it would seem legitimate – or even sit above a genuine website!)
  • Our data can be harnessed more effectively to create very compelling ‘spear phishing’ attacks. This is when a specific person or group is targeted using information about, or of interest to the target – which makes the messages appear more trustworthy. These can happen across email, text, WhatsApp, and any other messaging platform.

ACTION YOU CAN TAKE:

  • Slow down! Most errors are made when we take fast action. Take a moment to stop and reassess before taking any action – especially if you feel an emotional change as a result of a message (urgency, fear, a worry about missing out, excitement about a ‘deal’ etc)
  • If you do click on a link and a site asks you for any login or personal or financial details, stop! Think before you enter any information. Once you have clicked the ‘submit’ button, it might be too late.
  • If you are worried you have been involved in a scam, don’t ignore it – criminals often rely on their victims feeling a sense of shame, but this should never be the case! Reset any passwords you may have disclosed, and contact your bank or financial adviser through their verified contact details if you are worried that your financial data may have been impacted.

3. Marketing tactics used by retailers are also used by scammers

Black Friday and Cyber Monday are all about time-limited offers and creating a sense of ‘scarcity’ in the potential customer. Tactics such as ‘only for the next 14 minutes’, or ’27 other people are looking at this right now!’, or ‘only 2 left!’ are used by all retailers to prey on our fear of missing out and to create a sense of urgency and even panic. When we are in these impulsive states we are more likely to act fast without thinking too much. This is exactly the reaction a scammer wants from their victim, as it increases the chances of them responding to the bait.

ACTION YOU CAN TAKE:

  • If you’ve received a communication that triggers a sense of urgency, take a second to breathe and think about what’s causing it. Then, slowly and rationally reassess the message – validate it via a separate channel if necessary - to help make sure the offer is above board.

4. Increased relevance of the message

We often spot phishing attempts because they can be unexpected and random – but what if we ARE expecting something similar?

In a period where we expect to receive more offers, more advertising, more delivery and payment notifications – would we spot the malicious one?

Attackers adapt to current events, and we have already seen an increase in fake ‘delivery’ and ‘payment failed’ messages – your awareness of these scams can increase your vigilance and decrease the likelihood of you becoming victim to one.

Image of an example of a Royal Mail scam text

ACTION YOU CAN TAKE:

  • Even when you’re expecting an email or text notification, take a few seconds to scan for any red flags, or get it verified before taking any action.
  • If you spot a scam text, you can forward it from your mobile to ‘7726’ (spells ‘SPAM’ on the keypad) which will send the text on to Ofcom, and alerts your mobile carrier to investigate and potentially block the number.

For final steps you can take to protect yourself:

With scams getting ever more sophisticated, it pays to be prepared. Here are some final ways you can make sure you’re on the front foot:

  1. Make sure you know who you are buying from.
  2. Pay with a credit card if possible as this offers more protection if things go wrong.
  3. If you use simple or reused passwords, spend ten minutes changing them to longer, unique passphrases. Three random words are easy for you to remember but harder to hack.
  4. Set up 2-factor/multi-factor authentication on your accounts, especially your email, PayPal, any personal Office 365, and social media accounts. This will give you an extra line of security to prevent unauthorised access to your accounts, if your credentials are stolen.
  5. ‘If it seems too good to be true, it probably is’ is an old saying, but has never been more apt – apply this mindset to any offers that come your way!

Now you can enjoy the bargains, knowing that you’re staying safe!

Further guidance from the National Cyber Security Centre:

Related articles

Why it’s crucial for over 75s to have a Lasting Power of Attorney in place

2 minute read

Recent figures reveal a staggering 3.4 million individuals over the age of 75 in the UK have yet to appoint someone as their Lasting Power of Attorney (LPA).

Published 23 October 2023

Free menopause support for employees

2 minute read

We have added a significant new benefit to the wellbeing support we offer our colleagues, by partnering with menopause support app, Stella.

Published 18 October 2023