Black Friday sales has arrived, and phishing attackers and online-shopping scams are using big brands to steal online credentials.

“During the 2020 holiday shopping season, the FBI Internet Crime Complaint Center (IC3) received over 17,000 complaints regarding the non-delivery of goods, resulting in losses over $53 million. It is anticipated this number could increase during the 2021 holiday season due to rumors of merchandise shortages and the ongoing pandemic.” The FBI warns of cyber criminals targeting shoppers hoping to take advantage of online bargains and hard to find gift items for the holidays in a Public Announcement

Kaspersky also warns about how criminals are targeting online shopper. Already scammers have targeted people with fake tickets for FIFA world cup 2022.

Kaspersky was able to detect more than 40 million phishing attacks targeting e-commerce, e-shopping platforms, and banking institutions. These e-commerce platforms include Amazon, eBay, Alibaba, and Mercado Libre. You have to be caution if you receive email promotions on discount from these platforms.

Most common scam is creating fake websites and luring customer in giving details. Some page may ask for completing a survey which ask users their identifying information. Some pages contain fake login pages where users sign into their accounts and scammers get that information. The end result of all these is cybercriminals getting information which will be used in cyberattacks.

How to stay Safe

According to FBI and Kaspersky,

• Verify websites prior to making a purchase. Only purchase items from official, encryption-using websites. Web addresses should begin with https:// and include a locked padlock icon.
• Be wary of online retailers who use a free email service instead of a company email address.
• Do not judge a company by their website; flashy websites can be set up and taken down quickly.
• Pay for items using a credit card dedicated for online purchases, checking the card statement frequently, and never saving payment information in online accounts.
• In order to protect your data and finance, it is safe practice to make sure the online checkout and payment page is secure. You’ll know it is if the web page’s URL begins with HTTPS instead of the usual HTTP; a padlock icon typically appears beside the URL, and the address bar in some browsers is green. If you don’t see this, do not proceed.
• Be wary of sellers who accept only wire transfers, virtual currency, gift cards, or cash, as these are almost impossible to recover.
• Never make purchases using public Wi-Fi.
• Verify the legitimacy of a seller before you purchase, take steps such as looking at consumer reviews and checking with the Better Business Bureau.
• Beware of sellers posting under one name but requesting funds to be sent to another individual, or any seller claiming to be inside the country but requesting funds to be sent to another country.
• Only purchase gift cards directly from a trusted merchant.
• Do not click on links or provide personal or financial information to an unsolicited email.
• Make sure anti-virus/malware software is up to date and block pop-up windows.
• Use safe passwords or pass phrases. Never use the same password on multiple accounts.
• As always – if the deal sounds too good to be true, chances are it is a scam.

Reference 

• FBI Public Announcement
• Kaspersky published detailed report