Online shopping scams are on the rise this year, so it pays to keep your wits about you when hunting for a bargain.
These types of scams have gone into overdrive this year, with scammers taking advantage of the huge uptick people now buying online. The Federal government’s Scamwatch recently advised that Australians have lost more than $222 million as a result of scams this year.
In the first two weeks of November, compared to the weekly average in October, Check Point security researchers found an 80 per cent increase in malicious phishing campaigns targeting online shoppers in the form of “special offers”.
Even well-meaning family and friends can put you at risk, with 46 per cent of people receiving a phishing email – such as a bogus promotional offer – that was unwittingly forwarded by someone they know and trust.
Along with offering deals which seem too good to be true, scammers are also impersonating delivery services, according to Mimecast. With the massive increase in legitimate email and text messages coming from delivery services, it’s difficult to tell the real communications from the fakes.
“This year has seen Australians in and out of lockdowns, shopping online and often forgetting about purchases in between clicking ‘Buy now’ and the deliveries arriving,” says Garrett O’Hara – Chief Field Technologist at Mimecast.
“It’s therefore never been easier for cybercriminals to get people to click on malicious links, hand over personal information and end up in a world of pain as they try to limit the damage.”
So what are cybercriminals after? Some are chasing your credit card details, which they’ll use themselves or sell to other attackers. Others want your personal information, either by tricking you into divulging it or by installing malware on your computer to steal it. They’ll use that sensitive personal information to commit identity fraud or create other, more targeted spear-phishing attacks.
What does an online scam look like?
Check Point offers the example of a knock-off Pandora jewellery site which hackers set up to trick recipients of an email phishing attack. The emails features the subject line “Cyber Monday | Only 24 Hours Left!”, with the sender listed as “Pandora Jewellery (no-reply @ amazon.com)”
While the sender contains an Amazon domain, there is no mention of Amazon in the mail or in the links. Further investigation revealed that the email address was faked, to appear as if it was sent from Amazon, when it was not.
The links in the emails led to bogus websites, designed to trick visitors into thinking they have arrived at a legitimate Pandora website, rather than a Black Friday scam. The sites were only registered at the end of October and beginning of November, right before the phishing emails were actually sent.
“We’re living in an age where every email in our inboxes must be treated with caution,” says Omer Dembinsky – Manager of Data Intelligence at Check Point.
“I strongly urge every online shopper to think twice when looking at a ‘special offer’ from their favourite brand.”
How can you stay safe?
Increasingly, cybercriminals masquerade as popular brands on social media, according to Mimecast’s O’Hara. They embed dangerous links and promotions into posts, which trick people into handing over personal information.
This is especially prevalent with promotions and competitions, particularly Black Friday scams. It’s important to double-check that a social media account is legitimate, by searching for the company rather than clicking on a link. If it looks suspicious, don’t take the chance.
Fake delivery messages are the scam of choice for 2021, asking you to click on a link and enter details to check the delivery status of a package. If you’re waiting on a delivery, O’Hara recommends going to the website from which you purchased the goods and confirm the status there, rather than clicking on a message.
To learn more about Black Friday sales, which websites to keep an eye on, and how to prepare in order to get the best deals possible, check out our guide to Black Friday sales.