Another year, another Black Friday. And while this Black Friday (and the holidays in general) may look different this year, some things remain the same: an increase in online shopping, and the opportunity for online shopping scams, are upon us yet again. While the pandemic may reduce long lines at Walmart and fist fights over TVs, online shoppers and the scammers that seek to capitalize on those shoppers, are eager to participate in all that Black Friday and Cyber Monday have to offer.
The Evolution of Online Shopping (and Online Shopping Scams)
As consumers, and the economy as a whole, adjust to a remote, digital-first means of consumption, it is no surprise that the consumer goods space, particularly online retailers, have been generally sheltered from the economic impact of the pandemic. Based on data from the U.S. Commerce Department, retail sales were up 2.6% in August 2020 compared to the previous year, with greatest improvements seen by nonstore retailers, with sales up 22.4% over 2019 figures. And while these numbers likely don’t surprise you, they give helpful context for predicting trends as we head into the holiday season.
Scammers are opportunistic, and an increase in online shopping – particularly when it is concentrated within a specific time period like Black Friday – provides opportunity. This time is known for its bargains and increased consumer spending, making it a favorite of fraudsters and other malicious actors. Scammers look to capitalize on the significant increases in deals, special web pages, and other abnormal activity from trusted consumer good companies to increase the success of their malicious activity.
Remember When: Fake Deals Black Friday 2019 Review – What’s Changed in 2020?
In previous blogs, ZeroFOX has detailed the different types of scams that are most used during this time of year, from coupon scams, fake accounts and hashtag hijacking. In 2019, we found that the most targeted retailers were brick and mortar stores like Target, electronics retailers and online marketplaces like Amazon. Scammers relied on obvious hashtags like #giveaway and #blackfriday to reach a large, eager audience.
The most notable change between 2020 and 2019 is actually how little has changed. Fundamentally, the scams that ZeroFOX has identified this year rely on similar tactics and lures. However, there is one clear difference between last year and this year: as online shopping increases, so do online shopping scams.
Black Friday Has Turned into Black November: Online Shopping Scams to Expect in 2020
Let’s cut to the chase: the volume of malicious content ZeroFOX has remediated related to consumer scams thus far in November represents a 383% increase over 2019. This significant spike specifically in November is notable because our 2020 data does not yet include the actual Black Friday shopping weekend. However, this change in malicious behavior parallels what we have observed from trends in the consumer goods market as a whole. Due to significant restrictions around in-person shopping due to COVID-19, sales, especially the advertisement of them, have started earlier than in previous years. Additionally, companies and stores that traditionally haven’t maintained a significant online presence or sale incentive, have embraced the digital strategy in an attempt to maintain market share. This has made a unique landscape for threat actors who can now leverage a more diverse set of brands and a longer time window of opportunity to capitalize on consumers looking for the steal of the year.
When looking at scam trends for all of 2020, ZeroFOX has observed a notable change in scammer behavior: scammers have pivoted from their traditional, year-round focus on retail scams in favor of COVID-19 specific scams. As the pandemic became the single most talked about topic globally, scammers once again found opportunity. This translated to a 94% year-over-year increase in takedown submissions and removal between September of 2019 and 2020 across all verticals and customers that ZeroFOX protects. And yet, when looking at the retail sector specifically, ZeroFOX actually noted a reduction in offending content requiring remediation between July and October of 2020.
With Black Friday and Cyber Monday upon us, scammers have pivoted back to their tried-and-true targets: retailers. As aforementioned, the volume of malicious content ZeroFOX has remediated related to consumer scams thus far in November represents a 383% increase over 2019. This rapid pivot by threat actors over the month of November shows how valuable these sales are for stores and criminals alike.
Electronics Sales Drive Online Shopping Scam Activity
In addition to overall scam activity, ZeroFOX conducted an analysis of newly registered domains leveraging Black Friday and some of the more popular, newly launched electronics.
The comparison between specific consumer products and generic targeting of the event demonstrates the value scammers get out of capitalizing on significant product launches and marketing events. Much like we saw in 2019, electronics continues to be a lucrative target for scammers. With the release of new gaming systems like the Xbox Series X and S, as demand rises, so do scams.
How to Avoid Scams and Fake Deals Black Friday and Beyond
This holiday season, as more people take their shopping online, consumers and retailers need to be ever vigilant to the scams and fraud that awaits them. While the topics are new, and the pivot to consumer goods in November is highly concentrated, the implementation of this malicious activity is largely the same.
Consumers and retailers need to be on the lookout for:
- Fake accounts;
- Shortened referral links; and
Fake accounts, referral links, and plugins/apps claiming to either provide deals or some other advantage often are the mechanism used by malicious actors to divert unsuspecting users to their sites to steal personal and payment information. The number one lure used to get people to traffic this infrastructure is giveaway scams.
For consumers to stay safe this year they need to remember some basic safety measures:
- If it seems too good to be true, it likely is;
- Hover over hyperlinks to see the actual URL and make sure it actually routes to the website you expect;
- Use free utilities to expand shortened URLs on social media; and
- If you are unsure of a site, search its reputation online.
Retailers looking to protect their brand from becoming the next scam target should:
- Be vigilant on social media and with domains to identify any unauthorized usage of branded terms, copyrighted or trademarked logos or images.
- Be clear in messaging and make any special websites tie clearly and directly to the main brand and website.
- Clearly communicate what information will be requested via email or other direct communications.
Stay safe and happy holiday shopping season!