Black Friday and Cyber Monday: Don't trust every bargain!

24.11.2022 - Online retailers and online shops advertise fantastic discounts for Black Friday and Cyber Monday at the end of November. But these promotion days are of interest not only to trustworthy merchants. Cybercriminals also exploit them by creating fake shops or sending fake parcel notifications via text message and email.

For some time now, November has been called "Black November". It is a month during which many online shops lure customers with various promotions and surprises. The discount campaigns reach their peak on Black Friday and Cyber Monday. However, the promotion days are appealing not only for customers, but also for cybercriminals. Attackers like to exploit precisely these kinds of special dates to lure bargain hunters into their trap and make a profit. Fraudsters use various methods to reach their targets. For example, they like to pose as a parcel delivery company, such as Swiss Post or DHL, in order to obtain your credit card details, or they fake an online shop that is virtually identical to the genuine shop, except for a few small details.

You should therefore be careful when shopping and when you receive the delivery notification.

Fake parcel notification supposedly from a parcel service provider. After clicking on the link, victims are prompted to enter their credit card details and an amount that is usually in the four-digit range is then debited.
Fake parcel notification supposedly from a parcel service provider. After clicking on the link, victims are prompted to enter their credit card details and an amount that is usually in the four-digit range is then debited.

You can reduce this risk of fraud by following the tips below.

Things to consider before making a purchase:

  • Before any purchase, check out the online merchant in detail. Also check the internet address (URL) to see if you have genuinely reached the right merchant.
  • Use customer feedback (reviews) to build a picture of the seller. You can find this feedback by searching for the name of the webshop plus "reviews". Bear in mind that reviews can also be bogus. If you do not find anything, the online shop has most likely been created recently with the intention of committing fraud.
  • Alarm bells should ring if an offer is obviously too cheap. If an offer sounds too good to be true, it often is.
  • Check whether the seller has an "About" section and whether this is complete and plausible. For example, does the seller give a plausible contact address, a correct telephone number or email address, and a commercial register number? It is a typical sign of a scam site if contact is only possible via a form and not via email or telephone, for example.
  • Check the information on cancellation rights, returning goods and postage costs.
  • Check the payment options. If possible, pay on account rather than at the time of purchase/ordering.
  • Be careful when providing your credit card number.

Things to consider after making a purchase:

  • Every day, thousands of fraudulent emails requesting some sort of fee are supposedly sent by parcel service providers. Especially at times when many orders are placed, it is highly probable that such an email will coincide with an actual delivery. Therefore, always be cautious, critically examine the email and under no circumstances click on the link in such emails.
  • Always check your credit card statement. This way, unexpected transactions can be discovered early on and reported to the credit card service provider.
  • Be wary of unsolicited emails.
  • Never enter personal data in a form that you opened via a link in an email. If you are unsure, first clarify with senders whether they actually sent you the email. It is best to do this by telephone, but do not use the telephone number in the email; look for the number on the company's official website instead.
  • Never let yourself be pressured into clicking on a link, opening a document in an email or revealing personal data.
  • Block all email attachments that could contain macros, e.g. Word, Excel and PowerPoint attachments containing macros.

General:

  • Choose a different password for each online service. This will limit the damage in the event of a data leak or password theft.
  • Only reveal details that are absolutely necessary. Online forms usually mark mandatory information with an asterisk: *.

Last modification 24.11.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2022/blackfriday.html