Black Friday and Cyber Monday alert: beware of scams!

Beware of malware targeting customers during Black Friday and Cyber Monday sales

Various scams target shoppers all over the worldDuring this time of the year when Black Friday and Cyber Monday deals are everywhere, malware creators also use their campaigns more actively.

When the Holiday season is getting closer, people tend to spend more time online than usual. Unfortunately, malware creators take advantage of the matter and create scams more actively than before. While bargains have always been attracting people, scams promising huge prizes or gifts have always been successful.[1] So, how to know what is truth and what is a lie?

Black Friday and Cyber Monday sales are the most popular shopping days in the bigger part of the world. Unfortunately, while people are preparing for holidays, cybercriminals are ready to increase their profit as well. Hackers look forward to these days because they can get a quick pay from unsuspected users.

According to Kaspersky Lab researchers,[2] 14 different malware groups are actively targeting 67 e-commerce[3] brands, half of which are banking trojans, such as Betabot, Zeus, IcedID, SpyEye, TinyNuke, Panda, Gozi, Chthonic, and Gootkit2. Bad actors increased their efforts when it comes to e-commerce websites, as its activity increased from 6.6 million in 2015 to 12.3 million in 2018.

Therefore, be wary of scams this Black Friday and check the tips below.

Gift Card and Reward scams

You may think you are lucky to get an opportunity to win a Walmart Gift Card or Amazon rewards via email or text message. Unfortunately, as long as you believe these hoaxes, feeling lucky is the only kind of benefit you get, as scams can lead to personal data exposure, lost money, malware infection, or even identity theft.

Hackers tend to use messaging apps like WhatsApp[4], and services to deliver messages about giveaways, sale campaigns or promote new online retailers. These messages often ask users to click on a fraudulent link or enter sensitive information into a spoofing site. After the infiltration, users' personal accounts can be used to spam fake messages to everybody on their friends' list on social media, increasing the rate of the infection.

Surveys and lotteries with valuable prizes

Apple or Samsung products, valuable prizes, and other pricey equipment might be used as a “bait” for unsuspected users. Entering your details or answering questionnaires may be required to allegedly receive the gift.

It all starts with the offer of winning a smartphone and then you need to enter your credentials and fill out a survey to participate. But this is a technique scammers use to collect sensitive data and benefit from your clicks on ads and hyperlinks. If you see these offers on legitimate sellers' websites, do not panic, but be aware of suspicious retailers and pop-up reward scams.

Remember, everything that seems too good to be true actually is, so think twice before proceeding with such offers (no, you were not randomly selected out of thousands of visitors).

Social media scams

As with many other scams, social media scams promise valuable prizes, discounts or coupons and deals on Black Friday. However, these Instagram or Facebook posts asking you to “like&win” are empty promises in order to increase the number of likes and views to popularize the page. As soon as that is accomplished, concept or posts changes to promotions of other products.

Unfortunately, these fake pages on social media can also be used to collect personal information about users. Even personally identifiable information can be obtained and later distributed to third-party or even on the dark Web.[5] Holiday themed social media pages and their contests that ask for passwords, credit card information and other personal details should never be trusted.

Fraudulent email campaigns

Many of us shop for gifts online or send and receive holiday favors to their loved ones all around the world. While this practice helps people to communicate, congratulate, gift and be happy, it is also a perfect opportunity for scammers. Therefore, before you get overwhelmed with emotions after receiving multiple emails that state you are going to receive a parcel, make sure it is legitimate, as delivery services like DHL or FedEx are known to be abused by bad actors in fraudulent phishing emails.

Thus, do not click on such links immediately, as they might be fake, even if they look legit. Make sure it is actually the delivery company writing you. Also, you might want to contact the individual who is attempting to send you a gift if you are not expecting the parcel.

Data breaches

Fraud has been around way before the internet was invented. Thus, it is no wonder that malicious actors are using computing platform for their illegal activities. Scams, malware, botnets, RATs, and other threats are prevalent in today's cyber world, especially during the Holiday season. However, probably the most dangerous threat to privacy comes from e-commerce site data breaches, where hackers harvest personal details of thousands of users.

It is safe to say that, if you ever entered your email address, name or similar details somewhere, there is a high chance that somebody used that data per illegal purposes. While there is not much you can do about that, you can always make sure to track your online transactions and frequently change passwords of various accounts.

Consumers and brands should stay safe during this busy season

The most important thing you need to remember during the peak of Black Friday sales is to take precautionary measures:

  • Use reputable, powerful security software and keep that up-to-date.
  • Avoid clicking on unknown pages or advertisements.
  • Do not trust messages that ask you to click on something on social media, even if they come from your friends;
  • Do not open email attachments without making sure it is legitimate.

Retailers should also do everything in their power to prevent hackers from stealing sensitive customer information – use reputable payment services and software platforms, as well as other security solutions.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions