Topics in this article

Phishing is one of the most common types of cyberattacks. It is a fast and easy way for cybercriminals to make money – especially at this time of the year, when they use Black Friday and Cyber Monday as a hook to lure bargain-hunting consumers into falling for their sophisticated attacks.

The hackers impersonate a real company, such as a popular online retailer, to obtain your login credentials. You may receive an email that appears to be from the retailer, asking you to verify your account details – but the link takes you to a fake login screen that delivers your information directly to the attackers. These emails may also contain links that, when clicked, download malicious software to your computer.

As the threat of cyberattacks increases, keep in mind the following tips to avoid being scammed when you’re looking for that great deal.

Know your cybersecurity risks – and how to avoid them

Compromised login details: Many of us have quick-access accounts with online retailers so we can make purchases without having to enter our details every time. It is convenient to use saved personal details to populate online forms automatically, but this may also present a security risk if hackers can access those details on your device.

Email and social media scams: An advertisement on Facebook or an email landing in your inbox could fool you into parting with your hard-earned cash. When you click one of these links, you may fall victim to a phishing attack or be redirected to a bogus website. Be vigilant of “click and receive” scams: emails that ask you to click a link and enter your details to rearrange the delivery of a package or another item.

Typo squatting: Cybercriminals change one or two letters in the website address of a popular brand to trick you into visiting the fake website and sharing your personal information. Before you click any website links, always check the spelling of the domain and compare it with the brand’s actual web address. Similarly, always check the sender’s email address when links are embedded in an email to see if it matches the organization’s web domain.

Unsecured websites and suspicious links: Before you click a link, check the full URL by hovering your cursor over it if you’re on a computer or pressing and holding on your phone. Does it look legitimate? Never buy anything from a website that does not have “https” at the start of its URL – the “S” stands for “secure”. But even when there is a padlock icon next to a URL and it starts with “https”, it may still not be safe. If you aren’t sure a link leads to a genuine website, do not proceed.

Payment options: Be suspicious if a website asks you to make a bank transfer instead of paying by card. If you’re in doubt, use PayPal or another payment method.

WhatsApp messages offering cash or gift cards: Be suspicious, even if they're from your friends (they might not be aware of the implications). You could receive a message offering a gift card that appears to have been sent by one of your own contacts. The link in the message then takes you to an official-looking site that asks for your personal details.

Public Wi-Fi: Internet hotspots at coffee shops, libraries and bars may be convenient but are worryingly vulnerable. It doesn't take much skill for a fraudster to hack into the network and access your details.

What you can do to keep safe

  • Do not click links or attachments from senders you do not recognize. 
  • Do not provide sensitive personal information (such as your username and password) over email.
  • Watch out for email senders who use suspicious or misleading domain names – check the spelling of domain names and email addresses.
  • Inspect URLs carefully to make sure they’re legitimate and not impostor websites.
  • Be especially cautious when you open attachments or click links in an email that contains a banner warning you that it came from an external source.

If you've been scammed out of money, call your bank immediately and ask them to try to stop the payment. The sooner you do this, the better chance you have of getting your money back.

Should you feel your bank has not done enough to assist, you may also be able to turn to a financial or banking ombudsman, in countries where these services are available.

Read more about intelligent cybersecurity and technology trends.

Edy Gasparini is Chief Information Security Officer: Corporate Information Technology at NTT.