Introduction
In recent years, the prevalence of scams associated with Black Friday-themed spam emails has significantly increased, posing a substantial threat to consumers. Cybercriminals are exploiting the holiday shopping season by employing sophisticated tactics to impersonate trusted brands and deceive unsuspecting shoppers. This trend is particularly concerning in regions such as the United States and Europe, where a large proportion of global spam activity is concentrated. As the holiday season approaches, it is crucial for consumers to remain vigilant and adopt protective measures against these fraudulent schemes.
Description
In 2024 [1] [5] [8] [9], a significant 77% of Black Friday-themed spam emails were identified as scams [5] [8], marking a 7% increase from the previous year and a 21% rise from 2022. This alarming trend indicates that nearly every Black Friday marketing email could potentially be fraudulent. Cybercriminals are increasingly exploiting the holiday shopping frenzy [3], employing diverse tactics to impersonate trusted brands and target demographics such as tech enthusiasts and fashion shoppers. The United States and Europe remain the primary targets [3] [8], with the US accounting for 38% and Europe for 44% of global spam activity, particularly in Germany and France [8]. Notably, 30.5% of shoppers have encountered fraud at least once [9], leading to projected losses of $11 billion in the US for 2024 and over 2.8 million expected cases [9].
As Black Friday approaches [2], fraudsters are preparing to exploit consumers through various scams, including phishing emails and text messages that impersonate delivery services or retailers [2], often claiming issues with order processing or delivery [2]. These messages may request personal information or contain malicious links [2], making it crucial for consumers to verify any order updates directly through the retailer’s website rather than clicking on links in unsolicited messages [2]. The emergence of generative AI has made these scams more complex and difficult to trace [6], with scammers employing sophisticated tactics such as fake gift cards and spoofed websites. Unbelievably low prices or “exclusive” offers shared via email or social media should raise red flags [4], as these are common tactics used to lure shoppers into providing payment information [4].
During the holiday season [1] [4], consumers in Britain lost approximately £11.5 million (around $14.5 million) to fraud between November 2023 and January 2024, with a significant portion of these scams involving clothing retail and high-end tech gadgets [7]. In the US [9], the Federal Trade Commission (FTC) reported that Americans lost $95.2 million to fraud during the 2023 holiday season [1], with common scams including counterfeit products [1], phishing emails [1] [2] [3] [5] [9], delivery scams [1] [2] [7], and fake customer service calls [1]. Emails are the primary channel for these fraudulent activities [9], with 43% of victims encountering scams via email and 33% through social media [9]. Notably, another prevalent scam involves fake websites that closely resemble legitimate retailers, luring shoppers into purchasing counterfeit items or receiving nothing at all [2]. Sponsored ads on social media and search engines can lead to these scams [2], so it’s important to scrutinize URLs for misspellings or unusual characters and to shop directly on legitimate websites [2].
Despite a resurgence in brick-and-mortar shopping, 75% of consumers planned to shop online [7], making them particularly vulnerable to cybercriminals who are leveraging artificial intelligence to enhance their scams [7]. The volume of scam messages surged [6], with reports indicating an increase of 170,000 messages monthly since January 2024 compared to the previous year [6]. Kaspersky identified 198,000 Black Friday-themed spam messages in the first two weeks of November, while telecom company Three reported around 3,500 daily scam message reports last year [9]. Spam activity peaked in late October, reaching over 6% of total Black Friday spam email volume by mid-November [8]. Scammers utilize a variety of deceptive strategies, including fake offers [5] [6], phishing tactics [1] [2] [3] [5] [6], and fraudulent giveaway forms [8], to gather personal data such as login credentials and banking information [5]. Misleading QR codes [2], or “quishing,” is another tactic where scammers create codes that link to fraudulent sites or install malware [2], often appearing in unexpected places like emails or public areas [2]. Consumers are advised to avoid scanning QR codes from unknown sources and to inspect them for signs of tampering [2].
Notably, 17% of malicious files during November 2023 were linked to delivery and shipping scams, often masquerading as messages from reputable services like DHL [7], UPS [1] [3] [7] [8] [9], and Royal Mail [7]. Delivery scams have become increasingly prevalent, with fake texts claiming delivery issues prompting recipients to click on links that lead to fraudulent websites mimicking legitimate delivery services [1]. Specific scams have included fraudulent emails impersonating retailers [3], falsely claiming orders were ready for shipment [3], which delivered malware instead. Other scams featured fake gadget deals [3], luxury handbag fraud [3], and phishing emails advertising discounted products [3].
To protect against these threats, it is recommended to delete suspicious emails without opening them [3], avoid unsolicited email attachments [8], and visit websites directly rather than clicking on links in emails [3]. Individuals should safeguard their bank account details and passwords [6], and if compromised, change passwords and enable two-factor authentication [6]. Using credit cards instead of debit cards or peer-to-peer payment services offers better fraud protection [2]. Requests for payment via gift cards or cryptocurrency are strong indicators of a scam [4]. Consumers should verify the content of messages related to deliveries and avoid using contact numbers provided within them [7], as these may lead to scam centers [7]. Ignoring unsolicited calls and verifying any issues directly through official company channels is also crucial [1]. Utilizing robust antivirus tools and enabling two-factor authentication for online banking accounts are advised [8]. Victims of online scams are encouraged to report incidents to their organization or law enforcement to aid in the recovery of lost funds and support investigations against cybercriminals [7]. Additionally, using a PO box or parcel locker for deliveries can help protect personal information from scammers [6]. Consumers should remain skeptical of deals that seem too good to be true [3], especially from unfamiliar sites [3], as urgency and fear of missing out are common tactics used by scammers to manipulate victims into making hasty decisions [3].
Conclusion
The increasing sophistication and prevalence of Black Friday-themed scams underscore the need for heightened consumer awareness and proactive measures to mitigate risks. As cybercriminals continue to refine their tactics, leveraging technologies such as artificial intelligence, consumers must remain vigilant and informed. By adopting recommended security practices, such as verifying sources, using secure payment methods, and reporting suspicious activities, individuals can better protect themselves from falling victim to these scams. The ongoing battle against cybercrime requires collective efforts from consumers, businesses, and law enforcement to safeguard the digital marketplace and ensure a secure shopping experience for all.
References
[1] https://www.news-journalonline.com/story/news/2024/11/21/black-friday-avoid-scams-shopping-online/76473320007/
[2] https://www.nerdwallet.com/article/finance/black-friday-scams
[3] https://www.forbes.com/sites/zakdoffman/2024/11/22/new-gmail-outlook-apple-mail-yahoo-warning-do-not-open-these-black-friday-emails/
[4] https://en.as.com/latest_news/seven-tricks-to-avoid-black-friday-scams-2024-could-be-the-most-dangerous-n/
[5] https://www.infosecurity-magazine.com/news/black-friday-spam-emails-scams/
[6] https://nordpass.com/blog/fraudy-jolly-holidays-ai-scams-are-the-new-hot-deal/
[7] https://emailsecurity.checkpoint.com/blog/black-friday-or-black-fraud-day-cyber-scammers-are-cashing-in
[8] https://www.bitdefender.com/en-us/blog/hotforsecurity/black-friday-spam-report-2024
[9] https://www.vpnranks.com/resources/black-friday-scam-statistics/
