Last Updated on Nov 10, 2023

This week we’ve found lots of online shopping scams featuring fake Black Friday sales and phishing attempts in which scammers are impersonating trusted brands, including Walmart, Australia Post, and Google. Would you have been able to spot all these scams?  

Black Friday Shopping Scams

It’s November, which means it’s the month of the biggest shopping festival of the year: Black Friday! Over the past few years, we’ve been tracking and reporting on Black Friday shopping scams, and not surprisingly at all, there are already new ones circulating this year. Since October 1^st, we’ve detected and blocked 34,896 scam URLs — that’s nearly 10% more compared to 2022.

Scammers might impersonate trusted brands or just make up non-existent ones, aiming to trick you into placing an order. Below is a sample fake website:

Sample Black Friday scam shopping websites:

• coatpark[.]com
• nestorliquor[.]com
• annishuan[.]com

Don’t spend a cent on such fake online shops! Chances are that you’ll never receive any products, and scammers can steal your money as well as personal and financial information, which they could sell to cybercriminals on the dark web.

How to Protect Yourself from Scam Sites 

The truth is, there are lots of scams and scam sites on the internet and they’re getting even more difficult to detect with common sense alone. However, for an easy and reliable method of detecting and avoiding scam sites, check out our free Trend Micro ID Protection.         
 
ID Protection can shield you from scams, fake and malware-infected websites, dangerous emails, phishing links, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.        

Phishing Scams  

Besides scam online shops, scammers also use phishing scams to try to trick people:

Posing as well-known brands, scammers spread phishing links via text message and email and attempt to get you to click on them. These links lead to phishing sites designed to steal your personally identifiable information (PII): email address, credit card number, Social Security number, and more.

With your PII, they can commit cybercrimes, such as draining your bank account or stealing your identity.

In many cases, scammers falsely state that you’ve won a prize and ask you to claim it via a phishing link. The link takes you to a fake online form that asks for your PII:

Walmart Scam

We’ve written about fake Walmart text messages several times before. This week, scammers invite you to claim your Walmart+ points using the attached link:

• (<URL> <– Last chance to use your Walmart+ Points. Account ID: 07JUX39G.)

If you take the bait and click, you will be taken to a phishing page disguised as a fake Walmart+ online questionnaire:

As you proceed, you could eventually reveal lots of your PII on the fake page, including your delivery address and credit card details. As mentioned, scammers can use these credentials for their own good. Don’t let them!

Australia Post Scam​

In addition to fake online forms, scammers also often send out fake delivery tracking pages to collect your PII. For example, they pose as Australia Post and prompt you to update delivery information via the attached link:

• Delivery update: Your package is pending. Update info [<URL>

Again, the link will take you to a phishing page where any credentials you enter will end up in scammers’ hands. Be careful!

Google Fake Security Alert Emails

“Open now, you’re at RISK!” Recently we’ve also detected fake security notification emails out there exploiting people. Scammers send a copycat Google email saying they’ve detected a suspicious virus and ask you to perform a security check:

Don’t click! The email is NOT legitimate, and the button will take you to a phishing page that can steal your account credentials.

Tips to Stay Safe Online

• Double-check the sender’s mobile number and email address. Even if it seems legitimate, think twice before you take any action.    
• Never click on dubious links or attachments! Only go to official websites and apps to make purchases, update information, or track a package’s status.
• If you’ve accidentally revealed your PII somewhere, change your passwords immediately and inform your bank and/or other companies that scammers may contact them pretending to be you. 
• Check if any of your PII has been leaked and secure your social media accounts using Trend Micro ID Protection.   
• Finally, add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection will help you combat scams and cyberattacks.  

If you’ve found this article an interesting and/or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider leaving a comment or LIKE below.