Reported by Dale Smith and Nelson Aguilar

Cyber Monday deals are here, with holiday prices on headphones and air fryers and soundbars, but with all of the money flowing from our wallets to stores, it’s no surprise that cybercriminals will be looking to get their hands on some of it.

While scammers do work year round, they tend to crank up their efforts during the high-spending holiday season to exploit the spirit of giving.

These holiday shopping scams are wide-ranging. As retailers like Amazon, Best Buy and Walmart roll out deals over the holidays, fraudsters create elaborate websites to trick you into spending money on products that you’ll never receive. You may receive text messages or emails claiming you’re eligible for a refund for an item you never purchased, just so thieves can snag your credit card information. You might even be enticed into donating to a charity that provides homes for abandoned puppies — only to find out it doesn’t actually exist.

Scams come in all shapes and sizes, but they always come with red flags that can help you spot them. Here’s what you need to know about Black Friday scams and how to avoid becoming a victim this holiday season.

Fake websites and fraudulent apps go ‘phishing’

In a phishing scheme, the goal is for hackers to get their hands on your personal information, like your credit card number, social security or account password. Pretending to be a large retail corporation, the fraudsters send out an official-looking email or text message, usually with a link to a fraudulent website designed to look just like a legitimate site.

Researchers at security firm Avanan discovered that hackers were sending out spoofed Amazon order notification emails. The email resembled your run-of-the-mill order confirmation, except that the order is false and the charge is significant.

Naturally, if you believe you’re being charged for a substantial amount, you would want to reach out to Amazon. But in this instance, if you use the link in the phishing email to get in contact, you’ll be redirected to a fake Amazon webpage with a false phone number to dial. If you call, the fraudsters won’t initially pick up, but they’ll soon call back, asking you to provide your card number, expiration date and CVV to “cancel the order.” And just like that, they’ve got your information.

These types of attacks are commonplace throughout the year, but expect a surge in messages claiming to be from Amazon, Best Buy, Walmart, Target or other large retailers during the holidays. 

If you receive an email asking you to update your payment method or requesting other personal information, contact the company’s help desk to make sure the email is legit before you do anything else. 

Other ways to identify a phishing email, according to the Federal Trade Commission and StaySafeOnline.org, include: 

• The sender’s email address looks almostright but contains extra characters or misspellings.
• There are misspellings or bad grammar either in the subject line or anywhere in the body.
• They address you with generic terms (“Mr.” or “Ms.” or “Dear Customer”) instead of by name.
• The message warns that you need to take immediate action and asks you to click a link and enter personal details, especially payment information.
• The messages promise a refund, coupons or other freebies.
• The company logo in the email looks low-quality or just plain wrong.

Credit card skimming goes all-digital

You’ve seen it in movies. A hacker places an object over a card reader, disguised to look like part of the ATM, and then waits for people to swipe their cards. A day or week later, the thief takes the object — known as a skimmer — back and collects the mountain of stolen card information stored inside, which they can then use to make purchases, withdraw money and more.

Instead of using physical hardware to steal payment card numbers, hackers can insert malicious code directly on a website to do the same thing as traditional skimming, but with online payment information instead.

Regarding e-skimming incidents — sometimes called Magecart attacks after the name of the software used — Tim Mackey, principal security strategist for Synopsis, a digital security company, warns, “There isn’t an obvious way for the average person to be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.'” 

Mackey suggests a few strategies you can can use to protect yourself: 

• Don’t save your credit card information on retail sites.
• If possible use a third-party payment method like Apple Pay, Google Wallet or PayPal.
• Enable purchase alerts on all your credit cards.
• Disable international purchases on all credit cards.
• Only make purchases over your home network or cellular network, never on a public Wi-Fi where your payment could be intercepted.

Read full report: https://www.cnet.com/tech/services-and-software/shopping-cyber-monday-2023-our-tips-for-scam-protection-and-how-to-shop-smart/