We’re often told if it looks too good to be true, it probably is. That stands doubly true during Black Friday sales season, especially when the internet offers people such an easy way to rip the public off.
Black Friday is a relatively modern American tradition, even by American standards. It’s the Friday following Thanksgiving, which takes place on the fourth Thursday of November, when Christmas sales begin.
It seems to have earned its name courtesy of police complaints in Philadelphia in the US about shopper congestion as consumers flocked to retail outlets at the beginning of the sales season.
Although the day of Thanksgiving remains a purely American event, the global presence of American retailers and the presumably universal joy shoppers get from sales has seen the event become a diary item worldwide.
But how do you stay safe when chasing bargains online? Here are five top tips from Sky News to avoid falling victim to cyber criminals and fraudsters.
1. Install the latest software and app updates
It’s boring to read and it’s boring to do, but the few minutes it takes to update your software could save you a lot of pain.
During the sales season people will often download new apps or visit new retailers online that don’t have a large reputation. Maybe they’re just a boutique outlet you’re one of the first people to spot, but maybe they’re not what they seem.
Criminals can set up websites which can look perfectly real, but will attempt in some way to steal your details and implant malicious software in your web browser. To stop them from doing this, install updates.
Although hacks can exist for software which is fully updated, these are often so rare and valuable that they aren’t used by criminals for commodity theft, but usually by state-sponsored organisations for espionage.
Alex Guirakhoo, a strategic intelligence analyst at cyber security firm Digital Shadows, told Sky News it was worth consumers making an effort to learn about the latest tricks criminals are using.
“There are plenty of ways to stay informed on the latest fraud and scam trends. Some of the most popular sources are StaySafeOnline, FTC’s Scam Alerts, US-CERT National Cyber Awareness System,” he said.
Even that trusty green padlock in the browser window doesn’t necessarily mean that a site is safe – although if one is missing it definitely means that you shouldn’t be conducting any financial transactions in that window.
“Shoppers should be wary of transmitting financial information over an unsecured connection. Still, even if a site has a valid certificate, it doesn’t automatically mean that your data is safe.
“SSL certificates are commonly added to phishing sites to increase their perceived legitimacy. These certificates are incredibly easy to obtain; some are free, whereas others come pre-packaged with e-commerce sites sold on criminal marketplaces.”
2. Protect your accounts – use a strong password
If someone has access to your primary email account they could use it to access almost all of your connected accounts as well as discover critical personal information about you, from your bank details to your home address.
One of the best ways to prevent criminals from doing this is to have a strong, unique, and separate password for your email account, which means even if hackers get access to a lesser account’s details they won’t be able to use that information to access everything else.
According to the National Cyber Security Centre, a good way to create a strong and memorable password is to use three random words – with numbers and symbols if you would like.
The example the agency gives is “3redhousemonkeys27!” while warning that simple substitutions such as “Pa55word!” are too easy to guess.
People should also use two-factor authentication (2FA) for email accounts, the NCSC recommends.
“However good your passwords are, they can only provide so much protection. They could be stolen from your service provider or from your phone, tablet or laptop. Or you could get tricked into revealing them. This is why we want more people to use 2FA, both at work and at home.”
Accounts with 2FA require an extra check, so even if criminals have stolen your password they won’t be able to access your account because they need something that you, and only you, can access – such as a code sent to you by text message.
3. Be wary of phishing emails
Because more people are aware of the importance of strong passwords which are hard to guess, criminals are increasingly deploying phishing emails to try to steal people’s credentials.
Mr Guirakhoo told Sky News: “Though phishing is a year-round nuisance, the holiday shopping season presents cybercriminals with ample opportunities to fuel fraud operations.
“Attackers are continually coming up with more sophisticated and innovative social engineering techniques to make phishing attempts even more convincing.
“Phishing on mobile devices is a big one: Attackers have adapted to take advantage of this as more and more shopping is done from our phones,” he warned.
As an example he noted how fake login pages can be set up to only display content when viewed on a mobile device, while malware sent to mobile phones – claiming to warn users of an unpaid bill – can be configured to target mobile shopping and banking apps.
“Most people are familiar with conventional prevention techniques; following best practices like not clicking shady links or opening attachments from unsolicited emails will prevent the majority of attacks,” he said.
“However, shoppers should exercise extra vigilance around busy holiday seasons where cybercriminals may be looking to make a profit of their own,” Mr Guirakhoo added.
These profits don’t always come directly from stealing shoppers’ details, sometimes they come from more old fashioned mischief.
4. Make sure the site you’re on is legitimate
Sometimes that boutique outlet is what it seems – a real website that wants to enable its customers to purchase things securely. The issue is that the items it is selling aren’t what they seem.
“If you have doubts about the legitimacy of a website, it’s better to be paranoid than sorry,” said Mr Guirakhoo.
“Take a step back and triple check you’re on the site you intend to be before handing over your personal and financial information.
“If you see a deal on a website that seems too good to be true, then it probably is.”
“Fraudsters can use the hype of Black Friday as an opportunity to sell fraudulently obtained or altogether fake items. Seller reviews and trust ratings on sites like Amazon or eBay can help determine if a vendor is legitimate or not.”
5. Avoid the richest scammers of all – the retailers
And, of course, one of the worst ways to be scammed online isn’t even by criminals – it’s by being sold something you don’t need, for money you don’t have.
Consumer group Which? has found that actually only 5% of deals on Black Friday will actually offer products at their cheapest.
Whatever you do, don’t let these “sales” blind you and go into the shopping season unprepared.
Think about what you want or need, make a budget, do your research, and read Sky News’ top five tips for getting the best Black Friday deals online during the sales season.