Beware - Black Friday online shopping scams are here now

password manager security
(Image credit: Passwork)

Although Black Friday isn't due for another couple of days, cybercriminals aren't holding back from trying to take advantage of the upcoming shopping spree. 

Cybersecurity researchers from Bitdefender have carried out a wide range of recent analysis, and found numerous scams trying to take advantage of gullible shoppers.

The most popular method seems to be a phishing campaign luring people with huge discounts on designer bags and sunglasses, and then stealing their credit card information, when victims submit this information on specially-crafted landing pages.

Fake surveys, fake sunglasses

Besides fake Louis Vuitton bags, victims are also lured in with fake gift cards from Amazon and Home Depot, worth as much as $1,000, as well as fake surveys promising people major rewards, such as Pixel phones and Samsung Galaxy S21 phones. In some cases, the researchers have also spotted fake PayPal vouchers, too.

With the vouchers and surveys, the victims are invited to complete the task, and then - should they win the award (and they always do, regardless of the answers) - all they need to do is pay the shipping cost, which the fraudsters claim to be around $5.

To make this payment, they’re also required to give away all the credit card information, including the expiry date and the CVV number. So, not only will the victims make a small donation to the fraudsters in ignorance, but they will have also given them access to their accounts, which they can then clear out.

Just as with any other holiday, Black Friday is a major event for fraudsters, and Bitdefender’s researchers are urging customers to be extra careful when on the hunt for great offers. 

“Don’t fall for the impressive discounts that sound too good to be true,” they say. Even if you receive an offer that looks absolutely legitimate, do not click on the link provided, but rather visit the page directly, to make sure you’re not being redirected to a malicious landing page. 

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.