By Eric Vanderburg, Information security executive
Cybercriminals are raising the black flag this Black Friday and Cyber Monday. These are the biggest shopping days of the year and these criminals know that the sales ads and offers will soon start pouring in. Buried among those offers will be fake deals from these cyber criminals. Use these tips to stay safe this year.
1. Verify deals
The first thing you can do is verify deals on the retailer’s website. If you receive a deal from a website, go to the site and verify the same deal there rather than trusting the email alone. Do not click the links contained in the email to access the site as these might take you to an attacker site first or direct you to an entirely different site. Please note that phishing sites may look exactly like legitimate sites such as Best Buy or Walmart. Type the address for the site you wish to validate in your browser instead.
2. Verify addresses
Sometimes retailers send out deals only to those who subscribe to their mailing list. In such cases, you will not be able to verify the deal on the retailer’s site. If you still believe the message might be a hoax, you can verify the addresses in the email links. Hover over links in the email to see the address. Make sure the address displayed matches the address in the link. Make sure that links attached to images are going to the retailer’s website address. For example, if the email has a picture of a Dell laptop and it says it is from Dell, make sure that the address is Dell.com.
Also, make sure that there are no additional names following the .com. Dell.com.dealsexpress.fr will not take you to Dell.com. The address is composed of a few elements. Items before the site name are subdomains so support.dell.com is a subdomain of Dell.com. Items listed before the .com, .org, or other top level domain name in the address direct you to a specific site while items following a / will take you to a specific location on that website. For example, Walmart.com/toys/lego.html would take you to a page called lego.html in the toys folder on the Walmart.com website.
3. Browser warnings
If you do click a link and your browser displays a warning, close the browser window or tab and do not proceed to that link. Browser warnings might include “There is a problem with this website’s security certificate” or “This connection is untrusted”. These warnings indicate a problem with the web site’s certificate.
Certificates are used by websites to prove their identity. Certificate issuers are companies that computers are configured to trust and companies go through a validation process and then purchase certificates from these companies. The certificates are installed on a website and then your browser verifies that the certificate was issued for the site you are visiting and that the certificate came from a certificate authority that you trust.
Take these warnings seriously and do not proceed to such sites. While there are some instances where a legitimate site could have a certificate problem, it is generally not worth the risk to proceed.
4. General phishing signs
You should also watch out for other phishing messages in addition to the holiday specials. Some other signs for spotting these messages include bad spelling, the request for personal information or a detailed sad story that requests you to send money.
I hope you stay safe this holiday shopping season. Catch the Black Friday and Cyber Monday deals without getting pillaged by following the tips above. Above all, remember if a deal sounds too good to be true, it probably is a hoax or a scam.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.