It has become an essential consumer event to anticipate Christmas gifts and save money: 78% of French people plan to make purchases during Black Friday and Cyber Monday, according to a study by PwC France. Problem: “The attackers are intelligent and know that this is the right time to play on the masses and set up scams around known brands,” points out Damien Gbiorczyk, cybersecurity expert at Illumio.
Here are some digital hygiene reflexes to adopt before taking out the credit card.
Check the offer and the merchant
Phishing or smishing with false offers, malicious merchant sites or false advertisements on social networks, the range of cybercriminals has changed little in recent years. But thanks to generative artificial intelligence, they have reached a new level of perfection and illusion.
“Fake merchant sites like emails reproduce brand headers and logos identically, it becomes easy to make a mistake by buying in excitement or in haste,” estimates Vincent Ollivier, cybersecurity expert at Bitdefender.
“You have to keep a cool head even when the offer seems limited in time because scam emails are almost undetectable and increasingly personalized with your first and last name,” adds Damien Gbiorczyk of Illumio. So remember to check the site address (URL) and use your possible customer account rather than a link received.
Be wary of external requests
Brands and retailers are increasing the sending of messages, on WhatsApp in particular, or emails in order to attract customers because they play a large part of their annual results on these sales. “You have to look closely at the sender of the message because large companies use security providers and fraudsters are forced to change the spelling of the sender to pass the filters,” recalls Christophe Collier, Central Europe director of Sinch, a specialist in commercial messages.
In the litany of scams, the most widespread at the moment are the message that redirects to a malicious site that sucks up bank card data to immediately pay for purchases without your knowledge or carry out rebound scams later. The same ploy also exists on Instagram or TikTok where accounts act as touts to fraudulent e-commerce sites. Still a little on the fringes, fake purchase advice or after-sales service chatbots arrive and are interested in your personal data.
You have to take your time, especially when dealing with VIP offers or those that are too good to be true. Same precaution during delivery with the infamous scam of fake undelivered packages, late customs fees or overcharged number that must be called back to avoid late payment.
Avoid using the credit card of the main account
Now is the time to pull out your secondary payment card to avoid a hack that would spread to all your bank accounts. Even better, several online banks like Revolut or Boursorama offer virtual and ephemeral credit cards. If in doubt about a dubious merchant site, it is better to play this card which acts as a buffer with your current account and your savings.
“It will limit the damage to this bad purchase which could have been avoided with a minimum of hindsight,” judges Vincent Ollivier of Bitdefender. And to conclude: “we must learn to be wary of everything”.