Two of America’s biggest and busiest shopping days — Black Friday and Cyber Monday — are just around the corner. And as you prepare to shop till you drop, cybercriminals are also hard at it, plotting new holiday hacking tricks to fleece you till you drop if you fall for their trickery.
Unfortunately, cyberpunks seem to get better at holiday hacking, unleashing more sophisticated attacks each year. In 2020, 30% of U.S. shoppers reported receiving a phishing text or email around Black Friday. But such stats from cybercriminals shouldn’t deter or ruin your shopping fun because you can follow these best practices to shop safely during Black Friday and Cyber Monday.
Beware of Common Holiday Hacking Scams
If you know a hacker’s playbook, you’ll be better able to smell a holiday scam from afar and stay clear. Here are some textbook phishing schemes popular during Black Friday and Cyber Monday.
Cybercriminals pose as online merchants, offering you products at a heavily discounted rate. Thinking it’s another Black Friday bargain, you add the item to the cart and check out. But once you’ve clicked the buy button and wired payment, the seller disappears and never delivers your order.
To avoid non-delivery scams, shop from established retailers such as Macy’s, Walmart, or Target. But if you find better deals from newer merchants, ascertain their physical location, contact details, and determine the authenticity of their e-commerce website. A genuine site’s URL should start with HTTPS: and not HTTP:
Website spoofing, also known as domain spoofing, is a sophisticated scam where cybercriminals mimic or clone the websites of well-known brands. In your hurried bargain-hunting state of mind, it’s unlikely you’ll spot the spoofed website. Once you click in, hackers harvest your personal and credit card information and use it to commit fraud or sell it to ad marketers.
Luckily, you can detect and avoid a cloned website if you’re keen enough. Besides checking the URL as we explained above, confirm that the URL is correctly spelled. Also, check if the website is themed with the correct brand colors and if the grammar and spelling are accurate. Fraudsters tend to neglect these aspects in their rush to spoof a website.
Gift Card Payments
Online sellers who require you to pay for your purchases using a gift card only and not a credit card are most likely scammers trying to steal your personal information and money. Gift cards are reliable when you use them to shop at the designated retailer.
Fabricated Order and Delivery Updates
Usually, fraudsters send fictitious order information describing a problem you need to fix urgently by clicking an embedded link. If you receive order tracking information for items you never bought, don’t click the attached links to follow up. These are just hackers trying to steal your credit card and personal information.
Avoid Making Purchases Using Public Wi-Fi
For cybercriminals, public Wi-Fi is the gift that keeps on giving them easy hacking targets. With public Wi-Fi, it’s effortless for an intelligent hacker to infiltrate the public network and intercept data transmission. This way, a hacker will access all the information you type on your device as you complete your order purchase.
While you can reduce your hacking risks by using a virtual private network (VPN) connection, it’s best to keep off public Wi-Fi when shopping and use your cellular network instead.
Ignore Pop-Up Notifications
Most pop-up notifications advertising different offers during the holidays and regular times are usually embedded with dangerous malware. Such pop-up ads may read, “Download this app to clean your computer for Black Friday.” If you click through every other pop-ad, you’ll likely download malware, compromising your computer’s application security integrity in the long run.
Use Strong Non-Repetitive Passwords
Avoid using common passwords or one password on multiple e-commerce websites. Instead, create strong passwords that mix uppercase, lowercase, symbols, and numbers. Long passwords are more problematic for cybercriminals to crack as they require more time to hack. Additionally, avoid sharing your password with family and friends and make it a practice to switch passwords frequently.
Don’t Save Your Credit Card Details on Retail Websites
E-commerce websites will prompt you to populate your credit card details at the check-out process. While you may not sidestep this stage when buying online, you should avoid sharing your banking information with multiple websites.
Only share your banking details when you’re sure of purchasing from that store. This will go a long way to boost your overall data security when surfing various e-commerce stores for the best Cyber Monday bargains.