5 online scams to watch out for this Black Friday and Cyber Monday

library
crime | hacking | security

Millions of shoppers will be searching for online bargains over the next week.

Retailers hope that by offering deals on big ticket items like computers and TVs, shoppers will rise from the couch and their turkey-induced torpor and get out to their stores on Black Friday.

And for those not interested in getting out of the house, retailers have in recent years also extended the bargain shop-a-thon with online deals on Cyber Monday.

But the traditional kickoff to the holiday shopping season is unfortunately also a good time for cybercriminals, scam artists and conmen to gear up their activities in order to make a quick buck from unsuspecting shoppers.

Here are five of the biggest online scams you should watch out for.

1. The bait and switch (no, you won’t be getting a free iPhone 6)

The year’s most popular gadget, the iPhone 6, is sure to be on a lot of wish lists this Christmas, along with other popular but pricey smartphones, tablets and laptops.

So it’s understandably a big temptation to believe online promotions promising “free” iPhones and the like.

One of the scams we’ve seen recently on Facebook uses a “free” iPhone 6 as the bait in a bait-and-switch scam that asks you to “like” a page in order to get your free phone.

Except there is no free phone, as you’ll find out once you click – the “switch” part is the survey you’re asked to fill out to make the scammers money in a pay-per-click scheme.

If a free iPhone 6 sounds too good to be true, that’s because it is too good to be true.

2. Typosquatting and copycat websites

In your rush to track down the hottest deals, make sure you’re typing carefully – your fingers can betray you.

A while back we deliberately misspelled the addresses of popular websites to see what we’d find.

There are literally thousands of websites that use what we call “typosquatting” to stake claim to addresses that closely resemble legitimate domains like Google, Apple, Facebook and Microsoft.

Many of these websites were hosting questionable contests or ads for dodgy services, while others hosted malware that can infect your computer just by browsing to these sites.

For websites you visit frequently, it’s a good idea to save the real website in your favorites, so if you’re in a rush to get to Amazon.com you can browse there automatically and avoid ending up somewhere dangerous because of a mis-typed web address.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)

3. Faux charity rip-offs

You might be feeling charitable at this time of year, but sadly, there are individuals who will take advantage of your good intentions in order to rip you off.

Fake charities can look legitimate, and often prey on those looking to make a quick contribution to those in need.

For example, a couple of years ago when Japan was rocked by a devastating earthquake and tsunami, millions of people around the world wanted to help.

But we found fake charities exploiting the tragedy, including spam messages claiming to be from the Red Cross that asked you to send money to a Yahoo email address via an e-payment website.

If you’re tempted to help those in need, make sure you’re sending donations to legitimate charities: don’t follow links in emails and make sure to visit the charity’s website for information about donating safely.

4. Advance fee fraud

Holiday time can be a lonely time for some people, and if you’re looking for love online you need to watch out for scammers using one of the oldest tricks in the conman arsenal.

This type of scam often targets very vulnerable people, including the elderly.

Called “advance fee fraud,” this scam involves a newfound “friend” asking for financial help.

If you’re asked to send money to someone you’ve never met, with a pledge that you’ll be paid back, perhaps even with a profit, don’t believe it.

5. Unexpected delivery of “gifts”

Watch out for spam emails claiming to come from your national postal service or shipping companies like DHL, Fedex and UPS.

They could be phishing emails, which will ask you to visit a website set up by cybercriminals to steal your personal information like email addresses, passwords, credit card numbers and more.

Emails can also carry unwanted “gifts” – such as the notorious ransomware known as CryptoLocker, which scrambles all the files on your computer and demands a ransom of $300 to $500 to set them free.

CryptoLocker has seen a resurgence in recent months, despite a takedown by law enforcement in May 2014 that knocked out the servers used by the crypto-criminals.

Be careful about opening attachments you receive by email – that special delivery could end up costing you.

Get shopping security tips for Black Friday and Cyber Monday

Naked Security, along with our friends at CIS, the Center for Internet Security, will be co-hosting a Twitter chat today, Tuesday November 25, 2014 at 2pm EST. [2014-11-25T14:00-5]

We’d love you to join in and spread the word to your friends, family and colleagues. Let’s make the holidays happy and secure.