Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

How to avoid Black Friday phishing scams

Experts are warning that fraudsters are exploiting Black Friday sales to target U.S. shoppers with fake websites and ads for major brands like IKEA, Wayfair and The North Face, after online scams hit record highs in 2023.
A new report released by threat intelligence company EclecticIQ identified a campaign that operates a sprawling network of fabricated websites using “Trusted Store” badges to lure shoppers with fake products.
When consumers attempt to make a purchase, scammers steal their personal and payment information. The consumers are often unaware they were scammed until they fail to receive the product.
Reports of online fraud in 2023 exceeded $12.5 billion in potential losses — a 22% jump from 2022, according to FBI data. Officials say increasingly sophisticated scams are using tools including AI to power their campaigns. 
“With the way it now seems like everyone is shopping online, reliance on digital platforms has handed these groups a wider attack surface than ever,” EclecticIQ CEO Cody Barrow told CBS News. “Unfortunately, it’s likely we’ll see its impact stretch into next week.”
EclecticIQ says it identified at least 8,000 fabricated sites that lure shoppers by offering steep “deals” on popular brands. The websites are not affiliated with the brands they appear to represent, but are designed to look like official sites and use URLs that appear authentic. 
In one example, a site posing as Wayfair used the URL wayfairtoday.com. Another site used the URL wayfairblackfriday.com. The website was registered in early November and offered fake “deals” including an $800 mattress reduced to $39. 
CBS News also found an ad appropriating Wayfair’s logo that directed users to another counterfeit site posing as the retailer. It was removed from Meta’s ad library as of Friday. Wayfair told CBS News that it is actively monitoring scams to ensure customers are protected.
Analysts discovered Mandarin coding and Chinese IP addresses on the sites, indicating that the phishing campaign was operated by a China-based group. IKEA told CBS News it was investigating one of the scam websites using its name that EclecticIQ identified.
Separately, an ad on Facebook and Instagram using The North Face logo routed users to a fabricated site. The ad was removed for policy violations, and The North Face told CBS News it was working with Meta and “other partners” to combat scam sites.
“Scammers use every online platform available to them and constantly evolve their tactics in order to evade enforcement,” said Meta spokesperson Erin Logan. “In this instance, our systems proactively detected and removed a number of these ads before they were reported to us.”
The Federal Trade Commission released data in February that shows online shopping fraud was the second most common type of fraud reported in 2023.
Experts say fraudulent sites and ads remain a pervasive issue. “Many of the scam sites are short-lived campaigns, so it’s an ongoing effort to identify new sites,” Ilya Volovik, director of Recorded Future Payment Fraud Intelligence, told CBS News. “Some of the longer living scam sites change their ‘sales’ advertisement based on a holiday.”
Cliff Steinhauer, director of Information Security and Engagement at the National Cybersecurity Alliance, said consumers should take precautions, stay alert when online shopping and act quickly if they believe they have been scammed. 
Secure your accounts. Experts recommend setting up multifactor authentication as well as strong and unique passwords for all accounts, including shopping and bank sites.
Avoid unfamiliar links: Be wary of links from unsolicited emails and text messages. Instead, use a search engine to navigate to the retailer’s website. 
Look for red flags. Be wary of deals that appear too good to be true, as well as websites that use excessive pop-ups and urgent language. If in doubt, leave the site.
Research the website. Look up reviews from other shoppers who have used the site. Visit the Better Business Bureau’s website, which maintains a database with ratings for millions of businesses.
If you think you have been the victim of fraud, immediately notify your bank to reverse the charges. You should also change the passwords to your online accounts. File a police report if you experience harassment or repeated attempts to steal more of your information.
Experts also recommend freezing your credit on the three major credit reporting bureaus if your personal information has been compromised through a data breach. This will ensure your identity can’t be stolen in the event that scammers obtain your social security number.

en_USEnglish