Be careful if you plan to take advantage of Black Friday bargains because scammers might take advantage of you too. Test-Aankoop, the Belgian consumer organisation, has seen an increase in cybercrime over the last couple of months and they fear more consumers might fall for it on Black Friday.
This surge in cybercrime is no coincidence. According to the United Nations Conference on Trade and Development, online shopping has grown due to the corona crisis. ‘If the volume of online sales increases, there will be more opportunities for scammers,’ explains teacher of Security by Design at Thomas More University of Applied Sciences and ethical hacker at Toreon, Alex Hensels
It starts with an email
The fastest way for scammers to cheat you out of your money is by phishing. Here they ‘fish’ for private data such as bank account information. ‘In phishing, they first mimic a storefront (editor: a copy of another website) of a well-known shop like bol.com or Amazon,’ explains Hensels. ‘Then they send an email to a large list of email addresses at the same time, pretending to be this online retailer. The emails will say things such as “we have a great deal for you” or “your order is on its way”.’
‘The story that the scammers fabricate around the scam, is adapted to the medium that is being used’
‘When you click on the links in the email, you will be redirected to their copy of the website where they will ask for your login data. If you fill it in, the attacker will be notified. He can then order things via your account or transfer your money to their own bank account.’
A more reliable medium?
But phishing can go further too because scammers are increasingly using new ways to contact victims. ‘All communication mediums are a way to get someone to share their data and often the story that the scammers fabricate around the scam, is adapted to the medium that is being used,’ states Hensels.
‘If you typed in your data on a false website, you can assume that the attacker has it too’
‘Traditionally scams go via email, but nowadays we also see channels such as texts being used because people often feel that it is a more reliable medium. WhatsApp, Messenger, Facebook Marketplace or other second-hand websites are also targeted.’
To distinguish a fake message from a real one, Hensels advises that ‘if a deal sounds too good to be true, then it will probably be too good to be true’. If you are not sure, however, a few technical pointers can help determine if an email is a scam. ‘Email addresses from the senders will give it away through spelling mistakes in the name. If you then click on a link in the email that redirects you to an online shop, you can look at the domain name at the top to see if it is the real website,’ suggests Hensels. ‘Even better is to directly go to a shop’s website instead of clicking the link in an email.’
And if you did fall for a scam, it is important to diminish the damage that can be done. ‘If you typed in your data on a false website, you can assume that the attacker has it too. So, if you gave out financial data, you should call Card Stop to block the card. If you gave out a password you should change that password,’ explains Hensels.
With data that can’t be changed, such as your name and address, Hensels says the scammer cannot cause further damage the way they can with financial data or passwords. But he might target people who know you by pretending to be you. ‘This is called spear phishing. If they have your parents’ data they can contact them in your name and say: “I have a problem and need money could you transfer it to this bank account?”’
Text: Lisa Poppe, photo: Mohamed Hassan via Pixabay