Singles’ Day, or “Worlds Shopping Day”, marks the start of the November shopping season, followed by Thanksgiving, Black Friday, and Cyber Monday. Shoppers from all across the globe participate in this purchasing craze, with a drastically growing number of consumers getting their shopping done online rather than at a brick & mortar store, at a staggering 16% vs. only 2% annual increase last year in the US alone, respectively. They wait anxiously all year long to finally get that brand new TV or car, so much that they stand in line outside these shops hours before the doors open and once they do, all hell breaks loose. Others just use this time to get their holiday shopping done for a better price than they would normally find it for. Whatever the reason may be, popular retailers offer huge discounts that are just too hard to resist.
In fact, e-commerce shopping has gotten so big, that Singles’ Day, the Chinese equivalent of Black Friday, has been growing exponentially year after year with revenues starting in the mere millions in 2009, the year of its inception, to exceeding $54 billion USD in sales in 2018. It is currently the largest shopping day in the world, during which Asian sites like Alibaba and JD.com are leading the day’s online marketplace.
But with all that great shopping, comes a great risk. Online hackers are eagerly waiting to take advantage of innocent, hasty shoppers who are frantically searching for good deals. They attempt to steal their financial information in any way they can, as they become more sophisticated every year. This process is called ‘phishing’, as they ‘phish’ for money in any deceiving way they can.
Just like every fishing attempt starts with a bait, so is the case for phishing. The bait is often in the form of a swank offer, luring people to the hook that depletes their bank account. A consumer sees an irresistible price on the camera they’ve always wanted, such as in an email or a social media ad, clicks on the deal, and is either asked to fill out their personal information, such as their name and address, in addition to their banking information. Little do they know that they are sending this information straight to the phisherman’s rod. Alternatively, they can be transferred to a fake site to ‘finish the job’ should some consumers be skeptical of the initial offering.
Fake sites mimicking popular shopping sites during the cyber shopping season, such as Alibaba and Amazon, are prepared well in advance for the big day. The sites look so real, such as in this image:
or this one of fake Alibaba websites for Singles’ Day:
However, you can see that the URL mentions ‘Alibaba’ in multiple locations, leading the customer to believe he or she is in the right place. Moreover, the image depicts the Alibaba logo and visually appealing graphics to create a feeling of the real site and divert the customer’s attention.
The pages encourage a login in order to get started, which may seem normal to most. However, as soon as you insert your credentials, such as email/username and password, this information gets sent to the people who built those fake sites where they will gain access to your account and steal whatever personal information your account contains. In 2015, more than 5,000 phishing sites in China alone targeting Singles’ Day shoppers were uncovered. This graph depicts the blocked phishing attempts of Singles’ Day in relation to the days preceding it, showing a huge spike in blocked phishing attempts on 11.11 (Singles’ Day):
Oftentimes, scammers will encourage using bizarre methods of payment, such as money orders, wire-transfers, or pre-loaded money cards and vouchers. These methods not only make it harder to detect the recipient, they make it nearly impossible to retrieve the money back.
Purchases are not the only way scammers use to sabotage their victims. Fake returns have become a big player in the e-commerce scam game, whereby users attempting to make a return fill in their information on a fake form which then leads them to a copycat website of the site they made the purchase on, such as Amazon, where they must login to continue, only to be directed to a fake “returns center” to fill in more details which the scammers will then use and exploit.
Fake sites that do not provide adequate contact details for the seller should also raise a concern.
Such as those present in airports and other public places, as suspicious sites are easier to get through to you.
Look for a SSL certificate which enables encryption, marking the site as safe.
For Black Friday, these special sites such as blackfridayscom.tld and black-fridaywalmart.tld were created in order to provide shoppers with a place to verify that the sites they encounter are legitimate during the heightened number of Black Friday scams.
Make sure the website contains real validation icons in the payment section. These icons should be clickable and not just pictures.
It’ll be easier to retrieve the money back and or put the money in an escrow account (such as with PayPal) until the item arrives. Do not make a direct bank transfer or buy a prepaid card.
Take your time and assess the website for the phishing signs we examined in this article.
Ask yourself-who would you email or call should an issue arise? It’s advisable to try a Google search for those contact details to verify their validity. Sites like WHOIS can provide information about the site owner and how long the domain has existed. If the domain hasn’t been around too long, that could indicate that the site was only recently built and is probably fake. If no contact details exist, do not proceed with the purchase.
If it’s not apparent, it’s a good sign that the site is fake, as it’s a standard part of an e-commerce site.
ZoneAlarm Exteme Security includes Web-Secure Anti-phishing Chrome extension. This Web-Secure Anti-Phishing Chrome extension protects your most sensitive information in real-time from creative hackers and their malicious sites, allowing you to shop safely without any worries. It will thoroughly scan and examine every field on the pages you visit, including the site’s URL, title, layout of the page, form, signature, and visible text and links for potential deceptive threats, as it blocks the spaces for inserting your credentials. Should it deem it as a fake site, the page will become blocked, and you will be saved from the phishing attempt.
While rushing through different websites to grab as many of the best deals you can in the limited time given, stop, take a deep breath, and try to be wary of the different red flags discussed in this article. Keep in mind that shopping cautiously rather than hastily will save you much more money in the long run.
Happy shopping season!