The holidays are the perfect time for shoppers to hunt for a good deal. It’s also a prime opportunity for bad actors to scam consumers.
Hundreds of malicious Black Friday apps and websites will be looking to steal personal data and credit card information this year in the United States and United Kingdom, according to a new report from cybersecurity company RiskIQ.
Cybercriminals create fake mobile apps and landing pages with realistic branding, especially around major holidays and events like Thanksgiving and Cyber Monday. They want to convince consumers to download bad apps or visit bogus sites and ultimately “phish” for sensitive data.
A scam circulating on popular messaging platform WhatsApp ahead of Black Friday promises 99%-off discounts on Amazon.com. On Twitter, Amazon’s official help account wrote: “Please don’t share your order/account/personal details in such websites.”
Consumers are especially vulnerable when shopping on smartphones.
Mobile browsers have a much shorter address field, and consumers may not see the full URL on their phone. This makes it harder to spot a scam.
According to marketing firm Criteo, over 40% of all sales in November and December 2017 were made on mobile phones, and the trend is only expected to grow.
Steve Ginty, senior product manager at RiskIQ, says to check that the website has a valid "HTTPS" connection with a lock symbol, not "HTTP," which is vulnerable to attacks.
Users should also be careful when downloading apps. Bogus holiday deal apps made by scammers can fool users into typing in their credit card information, while other apps feature malware that can steal personal data or lock a smartphone until the user pays a ransom fee.
According to RiskIQ's recent report, 5.5% out of the 4,324 Black Friday-related apps on global app stores are deemed malicious and unsafe, and 4.6% of Cyber Monday apps are malicious. The firm recommends scrutinizing who developed the app, and only downloading apps from official app stores like Apple and Google.
Yair Levy, a cybersecutity and information systems expert at Nova Southeastern University, says to only shop with retailers you trust.
"Don't try to look for offers that are too good to be true. At the end of the day, that's what they are," he said.
Levy also suggests having a credit card dedicated to online shopping. This makes it easier to track purchases and identify fraudulent activity.
Shoppers should be wary of email deals, too. Phishing emails can look similar to those sent by top retailers, and consumers should ignore or delete these emails, no matter how good a deal seems. Cybersecurity company BullGuard says the aim of these fraudsters is to get consumers to click on a link within the email, and enter their personal information.
Some experts anticipate more scam activity this holiday season than last year.
"Every year we see this growing significantly," said Levy. "Why? Because it becomes more successful. Every year more people shop online."