Menu
Blog

Avoid Online Shopping Scams: Fast Facts for Businesses & Shoppers

by ZeroFox Team
Avoid Online Shopping Scams: Fast Facts for Businesses & Shoppers
5 minute read

The Rise of Online Shopping Scams During the Holiday Season

It’s the most wonderful time of the year…for scammers running online shopping scams. The holiday season is upon us, and the retail industry is prepping for the busiest time of year: Cyber week, the five days from Thanksgiving to Cyber Monday.

Last year, cyber week saw $38 billion in sales, up 7.8% year-over-year according to Adobe Analytics. With the rush of shoppers in 2024, this presents a prime period for malicious actors to target consumers with scams.

Common Types of Online Shopping Scams

Threat actors are counting on urgency and enthusiasm created around BFCM to hide in plain sight and defraud their victims. And, unlike other types of scams and attacks, both retailers and consumers are attractive targets during this time of year. 

Retailers Face a Host of Potential Business Threats

  • Impersonations: A hacker pretends to be a trusted friend, colleague or business associate of the target. They then trick the target into divulging sensitive data or sending fraudulent payments.
  • Distributed denial of service attacks (DDoS): A cybercrime that overwhelms a network resource, server, or website with malicious traffic to prevent legitimate users from accessing it
  • E-Commerce skimming malware: Software programs used by digital threat actors to damage, infect, or otherwise compromise targeted systems.
  • Supply chain disruption: Digital adversaries attempt to harm organizations by targeting their supply chains and vendor networks with cyber attacks, social engineering attacks, and other nefarious acts of subterfuge.

Shoppers Should Expect Social Engineering Based Scams 

  • Non-delivery scams: Scammers impersonate reputable retailers or establish a fake online retail presence. Then, consumers visit the fraudulent online store and purchase an item but the package never arrives.
  • Order scams: Threat actors email a person to notify them of an issue with an alleged purchase that the consumer never ordered. Common lures include telling victims that their payment has failed to go through and they must re-enter it.
  • Delivery scams: Threat actors impersonate delivery companies. They email or text consumers stating that there is an issue with delivery that must be rectified by clicking a link. This link is malicious and often asks consumers to enter personal or financial information. The message lure is often intentionally vague, failing to specify product details or purchase method.
  • Gift card scams: These scams typically takes two forms. The first involves threat actors notifying victims that they must purchase something using a gift card. Gift card purchases cannot be tracked, which makes it impossible to retrieve stolen funds. Threat actors may also pose as gift card generators, exploiting victims seeking discounts or purchasing gifts for others and instead installing malware on a user’s device.

The good news? With preparation you can protect the holiday shopping cheer. To help retailers prepare and protect themselves and their customers against scammers, ZeroFox Intelligence created a Black Friday Cyber Monday Scams Report. In this report, we cover key takeaways for both businesses and shoppers to protect themselves. 

Fast Facts to Stay Safe from Black Friday Scams and Cyber Monday Attacks

  • Consumers should be particularly wary of being contacted about BFCM 2024 sales via unsolicited direct messages.
  • Sales forecasts indicate that BFCM 2024 is anticipated to be larger in sales than previous years.
  • Threat actors using BFCM to target retailers and consumers in recent years have had a variety of motivations, including financial gain, political persuasion, and activism.
  • Black Friday scams and Cyber Monday attacks occur in both the physical and cyber domains.
  • ZeroFox Intelligence assesses that social engineering will almost certainly remain one of the most prolific ways financially-motivated threat actors target shoppers.
  • We expect an increase in SMS-based phishing scams and callback phishing throughout BCFM.
  • We anticipate malicious actors will leverage fraudulent domains during BFCM 2024 to: dupe unsuspecting victims into purchasing fake items, harvest financial information, or deploy malware.
  • Threat actors will most likely advertise fake or misleading discounts or prizes in social media posts that contain links to malicious websites.

How to Protect Your Business from Online Shopping Scams

Retailers, both online and in-store, must take proactive steps to safeguard their business and customers during Black Friday and Cyber Monday. One key strategy is to actively monitor social media for phishing posts or malware attempts that misuse your official hashtags, images, or messaging to deceive shoppers. 

To protect consumers, retailers should over-communicate through official channels, clearly stating where shoppers can find legitimate deals and discounts. This reduces the risk of confusion or scams. Retailers should also be vigilant in identifying and reporting impersonator accounts on social media. Work with vendors or directly with the platforms to have fraudulent accounts taken down. 

Additionally, it’s important to search for and monitor infringing domains that may attempt to mimic your website. These can cause reputational damage and expose customers to security risks. Learn more about how you can detect and remediate seasonal risks with ZeroFox.

How Shoppers Can Avoid BFCM Scams

Consumers should take extra precautions when shopping during Black Friday and Cyber Monday to avoid falling victim to scams or fraudulent sites. Be wary of pop-ups, redirects, or any pages that look suspicious. These can often lead to phishing attempts or malware. When you receive deals or coupons via social media or email, avoid clicking on them directly. Instead, go to the retailer’s official website to verify promotions and offers. 

Always hover over links before clicking to check for any misspellings, untrusted email addresses, or inauthentic handles. Additionally, take the time to read reviews of shopping sites—especially for unfamiliar companies—and pay attention to the company’s age and the credibility of its social media presence. 

Unrealistic discounts that sound too good to be true should raise red flags. So should unique payment methods that only allow payment through third-party services like PayPal or Venmo. Finally, never click on links or buttons from unknown or untrusted sources. These can often lead to phishing sites designed to steal your information. By staying vigilant and using these tips, consumers can help protect themselves while enjoying the holiday sales season.

For deeper insights and key takeaways on the potential threats against retailers and consumers Black Friday and Cyber Monday, get the full report. 

Tags: Cyber TrendsThreat Intelligence

See ZeroFox in action