It’s that time of year again when our email inbox gets flooded with special offers and not-to-be-missed deals. That’s right, Black Friday and Cyber Monday are upon us again and there can be lots of bargains to be had. But, it’s also the time of year when scammers and cyber criminals know that lots of people will be at their most vulnerable to things like phishing attacks.

Don't be rushed into clicking a link

Attackers are well aware that sales periods increase the chances of getting a user to click on a link, and with many high street stores closed just now as a result of COVID-19, online sales are expected to be bigger than ever. The majority of phishing and scam emails work on a sense of urgency. The rest of the year, the criminals need to try and create that sense of urgency themselves with subject titles and emails worded in a way to make the recipient panic and click a link or download a file. Around Black Friday however, the retailers and media are promoting compelling messages telling us that these special offers are for a limited time period only. In our rush to bag that must have bargain before it’s too late, we are more likely to believe an email from a criminal offering us a ‘great’ deal. My advice is, regardless of how good an offer appears to be, make sure that you don’t rush into clicking the links in emails or text messages for that matter. Open up a browser window and visit what you know to be the genuine website.

Check the URL

It’s also a wonderful time of year for criminals to set up what looks to be genuine websites in an attempt to either steal personal details from users or to take payment for fake or non-existent products. If you think because a company advertises on Facebook they can automatically be trusted, think again. You may be tempted to click on that shiny gadget on your news feed but make sure that you do your research. It is important that you check that you are on the correct page before purchasing anything or entering any details. Look at the URL (the address of the webpage) that you are visiting to make sure that it looks genuine. The best way to do this is to read it from back to front. For example, out of these three URLs, which one do you think is genuine?

  • mobile.facebook.com
  • facebook.mobile.com
  • facebook.fakebook.com

The only one that would take you to the genuine Facebook site is the first one. The other two would take you to different sites.

A URL can be broken down into different parts; sub-domains, domains and top-level domains. The Top-Level Domain (TLD) is supposed to tell you a little about the site and is the last part before any /. For example, .co.uk is a TLD that indicates that the site is probably based in the UK. In the above example the TLD is .com. The part before the TLD is the domain. This is the actual website that you are visiting, in the above its Facebook. This is the section that you really want to check. The first part, or the sub domain, can be made to look like anything.

Read independent customer reviews

Even if you are on what appears to be a genuine website and the URL looks good it is always worth checking for customer reviews via company social media pages and Trust Pilot. Especially if you have not used the company before.

Bag that bargain once you've done your research

No doubt you’ll be tempted by lots of attractive offers this weekend, and time might be limited, but always do a sense check. Is this deal really too good to be true? If it is then there is probably something phishy going on (see what I did there?). Take two minutes to think before clicking any links and have a good look round a website before entering any details. Happy Shopping!