FBI issues new Black Friday warning for millions of shoppers
With Black Friday now here, it’s clear that the risks facing online shoppers are greater than ever. The latest reports show that scam websites have increased by 89% compared to last year and almost 80% of shopping offers that reach the inbox are scams. We’ve even seen Google search results poisoned to send traffic to dangerous websites.
Little surprise then The FBI has released a new warning for online shoppersidentifying sellers to avoid on Black Friday, Cyber Monday and throughout the holiday season. For all users of Chrome, Safari, and Edge, who control 95% of the US browser market, this is an essential checklist to stay safe.
The FBI’s advice on which sellers to avoid boils down to seven key points, think of this as your online safety check this holiday season—don’t risk it:
- Don’t buy from sites until you’ve carefully checked the URL to make sure it’s “legit and safe.” Websites should have the secure connection indicator padlock in the address bar and https at the beginning of the full address. If the site is not secure at the URL is obviously not correct, move on.
- Do not buy from a website for the first time until you have done some research and checked any available online reviews. Remember, reviews can also be fake, so don’t comment on the first one you find.
- If you use an auction site or similar marketplace, “be wary of sellers with mostly unfavorable feedback ratings or no ratings at all.” You want sellers with a high number of completed transactions and favorable reviews.
- Don’t buy from sellers “who act as authorized dealers or factory representatives of popular items in countries where such agreements would not exist.” This is a well-known scam where these storefronts take orders and rarely ship, and what they do ship is usually fake.
- Also, watch out for any sellers “who post an auction or ad as if they reside in the US, but then respond to inquiries stating that they are out of the country for business, family emergencies, or similar reasons.” Again, this is a typical scam where the seller will offer a plausible excuse for having an overseas address or phone number. Proceed.
- Don’t buy from sites that set unusual shipping deals or that offer to bypass customs checks or fees, and also don’t buy from sellers you don’t know who ask for direct money transfers. Always use a credit card that offers additional checks and protection.
- Don’t pay for products you buy with prepaid gift cards. As the FBI explains, “in these scams, a seller will ask you to send them a gift card number and PIN. Instead of using this gift card for your payment, the scammer will steal the money and you will never receive your product.”
According to the Cyber Research Group at Checkpoint“Cybercriminals are working overtime – with Black Friday and Cyber Monday approaching, threat actors are poised to take advantage of consumers hoping to shop the annual sales.” The group warns that “this year’s increase in Black Friday-related sites is 89% higher than the increase in the same period last year… Almost all of these sites impersonate well-known brands and almost none have been labeled as ‘safe’.”
Check Point offers a similar five-point checklist to the FBI:
- “Check URLs carefully for spelling mistakes or unusual host domains.
- Make sure the url starts with “https:// and shows a lock icon.
- When emails come in, report the sender on emails you know to be genuine. Don’t click on something you’re not sure about.
- Don’t blindly click on QR codes.
- Never enter unnecessary details such as your social security number and avoid entering extra information such as your birthday where it is not required.”
Check Point also provides some examples of the kinds of URLs designed to trick users into visiting fraudulent websites:
- Stüssy (statewear): stussycanadablackfriday[.]com
- Longchamp (bags): longchampblackfriday[.]com
- Wayfair (Online Home Store): wayfarer black friday[.]com
- SOREL (Shoes): soreloutlet black friday[.]com
- Crew (Retail): jcrewblackfriday[.]com
- IUN (Footwear): blackfriday-shoe[.]top
Additional focus on electronic fishing is critical. This holiday season, Bitdefender warns that “cybercriminals have wasted no time trying to take advantage of the frenzy”, with an incredible 3 out of 4 Black Friday marketing themed ‘spam’ emails now actually a scam, out to scam you out of your money or even and install malware on the device to steal your credentials or data.
This year, we’ve seen a deluge of AI-engineered phishing lures that make it very easy to imitate a popular, trusted brand. And these enticing, time-sensitive offers can be pushed to email addresses on an industrial scale.
“Remember,” warns the FBI, “if it seems too good to be true, it is.”
