Blackfriday and CyberMonday and how to protect yourself from online scams

29 November 2023 - Advices

As the end of the year approaches, the big shopping spree begins, and with it the "extended working hours" of cybercriminals, who also have something to offer their "customers". The digital transformation of the economy and society has accelerated in recent years. As connectivity and the interweaving of the digital and physical worlds increase, so do the risks of malicious behavior online.

In the following lines, we will explain good practices on how to check the promotions we see online and how to protect ourselves from having our bank card information stolen.

The maxim "If something's too good, it's unlikely to be" applies in full force. Naturally, there are always exceptions, but it is much safer not to count on this being the exception in question. With the most tempting offers online, online scams are also becoming more frequent.

What should users be aware of? Before clicking on a link, they should check where it leads. With a right click, they can see and copy the content of the given link to a separate place.

Any promotional link should not be clicked, especially one received from a random email promising 60%, 70%, 80% or more percent off. Are there any such offers? We should immediately ask ourselves about the cost of the product - is it possible to sell it at such a price and the merchant will still make a profit, or would the profit come from misleading the customer and obtaining his bank card details in case of a possible purchase.

Extreme caution should also be exercised when you access a website (online store, payment platform, etc.) again via a link received by mail, via social networks, etc. Otherwise, you may become a victim of a phishing attack. Phishing is an attempt to deceive, deliberately deceive, with the aim of sharing access data to bank accounts, online payment processors, licensed service or software provider accounts, online store accounts, personal profiles, social media accounts and any other sensitive information . If the fraud attempt succeeds and the user voluntarily provides the requested access information, the criminals log into the relevant account and the consequences of the victim's momentary inattention or carelessness are established over time such as stolen identity, money siphoned from a bank account, spamming from email accounts or from social network profiles and all such negative scenarios.

How does phishing work? Malicious individuals decide which organization to attack and make an exact copy of its official website with the original graphics (in effect cloning the site) on a server they have access to. They change the original scripts for processing the data received from the fraud victims and save it in some way - in a single file, in separate files, in a database. Next is preparing a message with a link to the cloned site, and the following or similar elements can always be found:

  • contains in the address names of authoritative organizations - most often banks, software or service providers, social sites, etc.;
  • contains frightening information in the subject of the letter about some problem - suspended, blocked, terminated, about to be deleted. Fear is the most commonly used emotion to attack, but it can be any other that causes a strong desire and can motivate the performance of reckless actions;
  • causes urgency and panic - immediately, immediately, urgently, urgently;
  • indicates an easy solution to the problem - the recipient only needs to click the button or link in the letter and fill in the correct data in the form on the web page.

This is also the reason why these attacks are successful in a number of cases - they evoke a strong emotion and contain elements of trust.

How to protect ourselves from them? The best and tried-and-tested way to protect against such attacks is to be suspicious of tempting offers, of messages that invite, inform, threaten us and that require the input of our sensitive information; not to rush to click on links before we are sure about them; to consult an acquaintance or specialist. Only then will we not have to use the line: "Well.. they hacked me..", while at the same time the exact opposite has happened - we ourselves have allowed ourselves to be hacked.

Share the blog:

More news