Black Friday 2022 Scams and How to Avoid Them
It’s almost Black Friday, and that means the scammers are out in force. Here are some Black Friday scams to watch out for in 2022 along with tips for how to stay safe:
Phishing emails that impersonate brands
Scammers love to send out Black Friday phishing emails that promise savings or giveaways — and they know how to impersonate your favorite brands quite convincingly. But of course, these emails are nothing more than scams aimed at getting you to give away sensitive information, download malware, or click on a link that you shouldn’t.
Tip: The trick here is to identify authentic senders. If you use Mail in iOS 16 or macOS Ventura, you’ll have access to BIMI identifiers (verified brand logos in your inbox), which are of some help. You can also use the older technique of checking email headers in order to spot senders using fraudulent domains. If you see anything fishy, delete the email.
But your best bet? Don’t engage with emails containing coupons and special offers around this time of year. If there’s a deal to be had, it will most likely be advertised on a brand’s website as well. Navigate there independently and seek out safer savings on your own!
Not exactly a cybersecurity issue, but scammers love to take advantage of the holiday shopping season to set up fraudulent stores that don’t keep their promises. These old school “take the money and run” sellers often show up on social media sites, but others set up complete websites just in time for the holidays.
Tip: The key to identifying fly-by-night sellers is research. Buy from vendors you know and trust if at all possible. But if you want to purchase something from an online shop you’ve never used before, do some due diligence first. Search online for the business’s name and read their reviews or check out the Better Business Bureau website for information about the company.
You can also do a quick domain name age check to see when a website was first registered. Brand new sites aren’t necessarily scams, of course, but they have a much higher risk factor compared to older, well-established websites.
Last but not least, pay using a method that allows for refunds and disputes, such as a credit card or Apple Pay. Avoid cash, crypto, or wire transfers when dealing with an unfamiliar merchant.
Fake customer service vishing scams
Lots of people are ordering lots of things online right now, and phone scammers see that as an opportunity.
This time last year, scammers sent out emails to random people claiming they’d ordered something from Amazon.com. They also included a customer service callback number. When confused victims called the number to inquire about the order that they’d never placed, a scammer would try to social engineer them into giving out a credit card number in order to “cancel” the nonexistent order.
That’s just one example of a possible pretext, but scammers, while sleazy, are undeniably inventive. So be on the lookout for more fake customer service calls this year.
Tip: If anyone calls you about an order that you didn’t place or anything else related to buying and selling around Black Friday: Don’t engage! Thank the caller and say you’ll follow up on your own. Then check your Amazon (or other) account or your credit card for an unknown charge. If there really is an erroneous order you can cancel from your account or dispute the charge with your card issuer. Lastly, if the caller attempts to argue with you or insists that you “have to” handle the issue with them over the phone, it’s almost certain that you’re dealing with a scammer. No need for manners here. Just hang up.
2FA bypass scams
The UK’s Evening Standard newspaper is warning of a sneaky social engineering scam this holiday season that attempts to get around 2FA account protection. Here’s how it works. A bad guy calls you pretending to be from Amazon or another company that you have an account with. They say there’s a problem with your account and tell you they’ll text you a verification code so that you can prove your identity and resolve the issue. The scam? That code is actually the 2FA code from your own account. The scammer already has your password and has entered it on their end; when that code arrives on your device, it’s all they need in order to log into your account.
Tip: Never give out the verification codes that come to your phone (especially to an unknown caller). A verification code is only to be used when you’re logging into a website and you need the code to complete the authentication process.
The larger principle to remember here, again, is never to deal with unknown callers who say there’s a problem with your account, order, delivery, etc., etc. Thank them and tell them you’ll follow up on your own — either through an online web portal, a customer service number that you find online, or by some other means that guarantees you’re dealing with an actual representative of the company.
Hoax deals via messenger apps
This one is essentially just another form of phishing, but it’s worth a special mention because Black Friday phishing warnings tend to focus heavily on phone- and email-based phishing.
People in Spain have been receiving scam messages via WhatsApp; the scam uses a typical holiday giveaway-type pretext. Alas, Iberia Airlines isn’t actually giving away free plane tickets in a Black Friday contest (¡Qué pena!). If you click the link that the scammers send, you’ll be directed to a malicious website.
Tip: This is a very simple tip — just keep in mind that in addition to phone and email, scammers also use messenger apps and SMS to spread their scams. If you wouldn’t click on a link in an email, then don’t click on it in WhatsApp or iMessage either.
Stock, order, and delivery scams
Scammers play on people’s emotions, and few things upset us like the thought of disappointing a loved one during the holidays. For this reason, scammers create Black Friday scams that use stocking, order, and delivery issues as pretexts.
The exact format varies. Sometimes they’ll say that an order is going to be canceled due to a lack of stock or an issue with the payment. Other scammers set up fake (or hijacked) social media accounts claiming to have stock of a hard-to-find item. Still others run package delivery scams in which they pretend to be from a courier company and claim that there is a shipping issue with an order.
Tip: If you get a phone call, email, text, or even a note on your front door telling you about an order issue, stocking issue, or delivery issue, the most important thing to remember is this: Slow. Down.
Scammers want people’s emotions to overwhelm their better judgment. So simply slow down, take a breath, and think before you act.
If you’ve read this article, or listened to our Checklist podcast, chances are you’ll already know what to do next. Seek out a reliable source of information about the issue by yourself — without using any link or phone number provided by the unknown party. If you’ve ordered from a company that you use regularly, you can check your account area online to investigate. You can also look up your order’s reference or tracking number as a guest on a company website or call a public customer service number for help. If you discover that there really is an issue, you’ll be able to resolve it with a customer service representative that you know to be legitimate. And if you find that there isn’t really a problem…you’ve just avoided a scam!