Cyber Monday Cybersecurity 2023

This Black Friday at midnight, you are more likely to be posted up at your laptop than jostling for position in a queue outside of Best Buy. Why stand in freezing rain for two hours when you can plop down in a warm robe in your favorite chair and accomplish the same thing?

You won’t be the only one looking for a lighting deal. Last year, Americans spent a total of $65 billion on Black Friday, and the average shopper went on to spend more than $200 the following weekend. The combination of hype, quick deals, impulsive decisions, and flurrying credit card numbers create a perfect storm that can easily conceal a scam amongst the bargains, creating a once-a-year opportunity for the cybersharks—scammers and hackers.

Be prepared for Black Friday 2023 by doing your research—yes, for bargains, but also for the scams that you are most likely to encounter on Black Friday, Cyber Monday, and even (sadly) on Giving Tuesday.

Here is NOC’s list of the most common shopping scams we expect you to encounter in 2023 as well as our top cybersecurity tips to keep you safe while shopping this year.  

Expected 2023 Cyber Monday Scams

1. Fake websites.

Most of us do not normally shop on unfamiliar websites, preferring to stick to mainstream, trustworthy websites. However, on Cyber Monday, the promise of unbelievable bargains on previously unknown sites often lures even the most skeptical buyer off of the beaten path.

A perennial favorite of scammers, fake websites appear to be legitimate online shopping sites, when in reality, they are just a thin veneer of false bargains. The end goal of most fake websites is to entice a shopper to make an purchase on the site—entering credit card and personal information in the checkout process.

Fake websites take many forms. Some disguise themselves as unfamiliar, yet legitimate, shopping sites, while other intentionally spoof well-known and trusted e-commerce sites. Users frequently arrive to these sites by clicking on ads in social media or elsewhere around the internet. A recent Better Business study reported that a whopping 40% of shopping scams originate from Facebook and Instagram.

Many shoppers go through the entire phony purchase process without realizing that they have just become the victim of a non-delivery scam. The alarm bells should start to go off when purchasers receive no confirmation email, receipt, or shipping information, though the frenzy of cyber weekend shopping means that many shoppers lose track of their purchases.

2. Delivery issue scam

As shoppers rack up purchases throughout the course of the weekend, their text and email inboxes begin to slowly accumulate corresponding shipping notifications. Scammers take advantage of this process to slip in the occasional fake shipping notification from the USPS, FedEx, UPS, or popular online retailers like Amazon, Best Buy, or Dick's Sporting Goods.

Most victims will receive a spoofed notification from a major shipper purporting—

• “We’re sorry, there is a problem with your order.”
• “Your package couldn’t be shipped.”
• “Please update your method of payment.”

3. Shopping App Scams

Some online shops offer exclusive bargains for users of their apps; however, scammers are aware of this dynamic and leverage it to trick users into downloading compromised apps on their devices. In general, during this busy shopping weekend, its best to stick to the apps that you already have and trust in order to avoid any issues.

4. Email phishing scams

As Black Friday offers begin rolling into your email inbox, scammers hide their own messages and malicious links in lookalike messages designed to capture your clicks.

Like we examined in our Dick’s Sporting Goods phishing report, phishing scammers can now be extremely professional in their execution of spoofed emails. Long gone are the days of the Nigerian prince in despair. Modern teams of professional hackers now use generative AI and professional graphic artists to fine-tune nearly undetectable messages.

5. Giving Tuesday donation scams.

Unfortunately, cybercriminals do not stop scamming at 11:59PM on Cyber Monday, they roll right into Giving Tuesday with their next round of traps. Using all of the same tricks (fake websites, phishing emails, smishing texts, and vishing phone calls) fraudsters crank up the emotional appeal in an attempt to guilt and push soft-hearted individuals into providing their payment information for a small donation. The FTC provides helpful advice for recognizing and avoiding such charity scams.

How to separate the real deals from the scams.

1. If it looks too good to be true, it probably is.

Norton warns that if a deal offers more than a 55% percent discount, you should be especially wary. Deals that are 90% off are likely scams, rip-offs, or of dubious quality (we’re looking at you Temu).

2. Do not click on offers received via email or SMS text.

Phishers often obscure the true destination of a link. Always navigate directly to a site by typing the desired site’s home page URL in your browser’s address bar.

3. Do not click on social media ads.

Social media ads have proven to be particularly risky in the shopping season. Once again, the solution is to navigate directly to the desired site through your browser’s address bar.

4. Use PayPal when possible.

PayPal does not want you to make a fraudulent purchase through their service, because it makes them look bad and they do not want to have to reimburse you! Although using PayPal does not guarantee a safe purchase, it does give you another avenue of recourse if things go sideways.

5. Never wire money for payment.

Wire payment services like Western Union and MoneyGram are a one-way pipeline. If you send money to a scammer through wire transfer, you have no recourse to recover anything that was stolen. Most credit cards offer robust fraud protection and provide a far better opportunity for you to recover your money.

6. Learn to identify fake websites.

Aside from obvious grammatical and typographical errors, many fake websites have a few tells to help you call their bluff.

• Examine the domain name to ensure that it is not being spoofed.
• If you simply must click a link in an email (which you should not do), hover over it with your cursor before clicking to examine its actual destination.
• Examine shop policies and contact information. Legitimate e-commerce sites will always make sure that they list a physical address, valid phone number, and shipping/return policies. The absence of any of these elements should raise a red flag.Do a quick web search to see if you are encountering a common scam.

To learn more about identifying fake websites, the Better Business Bureau and MalwareTips both have great articles that can further your knowledge.

7. Only purchase on "https" websites.

Compared to websites with the http prefix, https sites are far safer; in fact, the “s” stands for secure. This is due to an extra layer of encryption that protects traffic to and from the site from prying eyes. Just look for the little padlock in your browser’s address bar that indicates you are on a secure site.

8. Stick to mainstream e-commerce site on Black Friday and Cyber Monday.

Etsy, Amazon, Walmart, Target, Best Buy, and many other mainstream sites offer tremendous deals during the height of shopping season. Although it might be tempting to try your luck on unknown sites, just remember that it’s a gamble—and the house always wins.

If you do decide to purchase on an unknown site, use a strong password that you do not use on any other sites. Better yet, use a password manager that creates and remembers your passwords for you!

9. Use tools that can make your experience safer.

In addition to multifactor authentication (MFA or 2FA) on your payment and banking accounts, consider these free tools that can add a little security boost to your cyber shopping.

• CamelCamelCamel tracks the price of products on Amazon to help you know if you are actually looking at a good deal, a scam, or marketing hype.
• Google Safe Browsing allows users to check the security of a URL in a simple, familiar Google search bar.

10. Use common sense.

Before clicking on a suspicious shipping link, check for information that identifies an order that you know you actually made. If you receive an email saying that your order did not go through, make sure that you actually made an order for that item on the site in question.

Stay safe out there!

At the end of the day, remember that many costly mistakes are made impulsively. A simple pause before the click could save you thousands of dollars and weeks of headaches.