Tis’ The Season For Scams & Phishing

It’s no surprise that online shopping is at its peak over the holidays. Last year online shopping reached a record of £4.77 Billion and is estimated to climb even further in 2021. Black Friday deals play a huge part and with sales popping up all over the place, people will be spending their hard-earned money to stock up on gadgets, winter clothes and Christmas gifts. People have had to rely on online shopping, which has opened more and more people up to scams and fraudsters who are continually inventing new tricks to swindle.


Online retailers such as Amazon, Best Buy and eBay are some of the biggest to roll out Black Friday sales and fraudsters are quick to create fake sites mimicking these online giants, to deceive people to buy products that will never arrive at their doorstep. While other sites are specifically made to gather credit card details and personal information, only to hack bank accounts and steal identities at a later stage.

The range of scams occurring over the festive season is wide. Here are four Black Friday scams to be on the lookout in 2021:


1. The “Secret Sister Gift Exchange”

The “Secret Sister Gift Exchange” first originated on Facebook in the US and dresses itself up as a “secret Santa” type deal, where one person buys another a gift without revealing their identity. But the Secret Sister Gift Exchange is nothing but a pyramid scheme, promising people $360 worth of gifts if they purchase and pay for the mailing of $10 for someone else. However, every single person that fell for this scheme reported that they received nothing of the promised ‘$360 worth of gifts’. Highlighting that one should always be careful when taking part in such an exchange – because if it sounds too good to be true, it more than likely is. 


2. Sites and emails that just look ‘phishy’

Fake sites that are specifically created to steal your personal information, credit & banking details or account password only have one goal in mind – fraud. The way in which these fake sites trick people into handing over their info is by sending texts or emails to their unsuspecting victims which lead to legitimate-looking websites claiming ‘your Amazon order needs verification’ for example. This baits people into entering all of the above-mentioned info into the site, opening them up to fraud.


According to The Federal Trade Commission and StaySafe.Org, this is how you can easily spot phishing:

  • Check the senders’ email: many times fake emails will have misspellings or contain extra characters which are a dead giveaway for fraudulent emails.
  • Also pay attention to the body of the emails themselves, more often than not, they will contain grammatical errors and spelling mistakes.
  • The message of the email is threatening and tries to entice you to take immediate action otherwise something bad will happen (such as your order not arriving etc.) and contains a link to enter your sensitive, personal information. 
  • The way in which the email addresses you can also be telling, normally addressing the recipient as ‘Dear Customer’, ‘Mr or Ms’.
  • When the email promises things like free products, coupons or refunds.
  • The supposed company logo looks low-quality or the branding just looks wrong.


3. Digital credit card skimming

Credit card skimming is one of the oldest tricks in the hacker book. We’ve all seen it in the movies where scammers place an object over a card scanner or replace an ATM’s card reader with a reader of their own that copies your credit card information. Now that everything is digital, credit card skimming has become even easier for scammers. Since the start of the pandemic, it’s been reported that £4M has been stolen per day in the UK by credit card skimmers, and these numbers continue to climb. 

Hackers have found ways to collect your credit card information by adding malicious code to existing websites that do the same thing as old school card readers – aka, it copies down your personal information – which is aptly named ‘e-skimming’. 


Here are a few ways you can protect yourself from e-skimming:

  • Whenever possible, use a third-party app such as PayPal, Apple Pay or Google Wallet to make your online purchases. These have great processes in place to keep your private information confidential and can be hard to bypass.
  • Never save your credit card information on retail sites.
  • Disable international purchases on your credit cards.
  • Enable text or email purchase alerts on your credit cards.
  • Only use your home network (WiFi) or mobile network to make online purchases – never use a public WiFi network as these are super easy to hack into.


4. Feeling generous? Be wary of “online donations”

The festive season is one of the most popular times in which people want to give back, which of course, is a noble cause. Fraudsters are very aware of this and often find ways to play on people’s heartstrings, enabling them to take advantage of people’s goodwill. Often, these faux charities have believable names and their websites look credible – not to mention, their social media campaigns also look professional.

Here’s how they work:

  • Scammers call using local phone numbers, giving the victim a false sense of security
  • They make a fantastic pitch that lures victims in by tugging on their heartstrings – but they never explicitly state how they’re helping their ‘cause’
  • They might even claim that you’ve made a donation before and that if you make one again, it will be tax-deductable – which is a complete fabrication.


How to spot the red flags of these types of scams according to the AARP & FTC:

  1. Always research the charities you want to donate to. One of the best sites to verify charities is Charity Watch which contains a list of credible charities to donate.
  2. Keep a close eye on the donations you make. If you’ve been scammed, ensure that your donation isn’t recurring,
  3. Pay attention to the charity name and site, often scammers will closely mimic existing, credible charities. Again, verify these on sites such as Charity Watch or conduct research via a simple Google search into reviews,
  4. Don’t make a cash donation unless you are 100% certain that the charity is legitimate. 
  5. Never give out your personal information. Your credit card info is fine, but no legit charity will ever ask you for your social security number or bank account number etc.


As the chaos of the holiday season is about to go into full swing, we hope these pointers will help you as you navigate online shopping sales. Just remember, always hold on to a little bit of scepticism before clicking that ‘buy now’ button and always ensure that you’re making purchases from a credible retailer.


YEO prevents scams and phishing with a variety of innovative features. Read more on how YEO helps to protect you and your private information here.