Black Friday is fast approaching, and shoppers are gearing up. The National Retail Federation expects more than 183 million people to shop over the weekend spanning Thanksgiving to Cyber Monday this year. But fraudsters are preparing for Black Friday too, looking for opportunities to steal your money or personal information.
Before you dive into holiday shopping, learn how to spot common scams and protect yourself.
1. Phony order and delivery notifications
Fraudsters commonly send phishing emails and text messages impersonating delivery services or popular retailers like Amazon. These messages, which typically claim there’s an issue with processing or delivering the order, may request payment information or include malicious links.
A message might say something like, “Part of your address is missing. Please click on this link to complete the address,” says Raj Dasgupta, senior director of global advisory at BioCatch, a fraud prevention firm.
If you get a similar message when you’re not expecting a package, that should raise doubts, Dasgupta says. But even if you have ordered something, don’t overlook warning signs.
It’s unusual for delivery services to hold up packages or seek payment, because shipping costs are almost always charged to the shipper, not the receiver, says Cliff Steinhauer, director of information security and engagement at the nonprofit National Cybersecurity Alliance.
Avoid clicking on links in texts or emails, and don’t share personal or payment details. To verify whether an order update is genuine, “go back to your original order on the site,” Steinhauer says. You can log in and check the order status and reach out to customer service directly if there’s a problem, he says.
Get started with budget planning
Check your current spending across categories to see where you can save
2. Fake websites and products
When shopping online, carefully scrutinize sellers and products to avoid winding up with counterfeit items — or nothing at all.
Sponsored ads on social media sites and search engines aren’t always vetted enough, Steinhauer says, which means you may come across scams.
Fraudsters buy Google ads for popular search terms like “Black Friday deals” or desirable products, such as exercise equipment, Dasgupta says. When people click on these ads, they might land on a “sophisticated-looking fake website” that mimics a well-known site, such as Macy’s, or on a made-up company’s page, he says. Shoppers never receive the product they’re attempting to purchase, or they get an inferior product.
Ignore “sponsored” links, and read URLs closely. There will usually be “something off,” Steinhauer says, such as a slight misspelling or dashes in the website name that aren’t normally there. “The best thing is to go to the legitimate website or app that you know is the right one, and just shop there,” he says.
Watch for third-party seller scams on legitimate websites, too. Some companies, such as Walmart and Target, allow outside vendors to sell merchandise through their platforms — and the reliability can vary. Reading seller reviews before you buy can help you avoid bad actors.
Be wary of sellers who ask for gift cards or peer-to-peer payments. If a service like Venmo or Cash App is the only payment method accepted, that’s an immediate red flag, Dasgupta says. And if a deal seems too good to be true, it probably is.
3. Misleading QR codes
A QR code, or quick response code, is a barcode that usually leads to a website when scanned with a smartphone camera. “Quishing” is when scammers create QR codes that link to fraudulent websites or install malware on devices. These codes may show up on parking meters, in mysterious packages delivered to your physical address or in your email inbox.
For example, a scammer posing as your bank might email you a code and instruct you to update your login credentials. Email services often filter out known malicious links or domains and send them to your spam folder, Steinhauer says, but a QR code can get past these filters because it’s an image.
Don’t scan codes you receive unexpectedly, and closely inspect QR codes in public places for signs of tampering.
Heed the advice above, and follow these additional steps to guard against fraudsters.
-
Freeze your credit. A credit freeze restricts access to your credit report, helping to prevent anyone from opening credit accounts in your name. You can place a free credit freeze with each of the three major credit bureaus.
-
Watch for unusual account activity. Check your free credit reports and credit card or bank statements for accounts you didn’t open or purchases you didn’t make.
-
Shop in person. Consider shopping at trusted brick-and-mortar stores, if you have the option. You’ll know the company and its products are the real deal.
-
Use a credit card. Paying with a credit card is safer than a debit card, gift card or peer-to-peer services. Credit cards offer stronger fraud protection, including the ability to dispute charges, and the money doesn’t come directly from your bank account.
-
Don’t share personal details. It’s normal to provide some information for online orders, like your address and credit card number. But legitimate purchases will never require sensitive information such as your date of birth or Social Security number. If you get a message asking for these details, passwords or account numbers, don’t reply.
-
Report any scams you encounter. Flag scam ads you see on sites like Google and Instagram. If you’ve been scammed, file a report with the Federal Trade Commission at reportfraud.ftc.gov.
Get started with budget planning
Check your current spending across categories to see where you can save
