U.S. Markets open in 21 mins

5 Cyber Monday Scams to Avoid

Dan Tynan
Yahoo Tech
Mugshot of sinister-looking Santa

(Thinkstock)

It’s the holidays, and everybody wants a piece of you.

“Cyber Monday,” the online counterpart to Black Friday, is not just a busy time for e-tailers. It’s also high season for scammers, who want a taste of the $2.6 billion online shoppers are expected to drop on the biggest online shopping day of the year.

Read: Cyber Monday Roundup: Where to Find the Best Deals in Tech

Cyber con artists usually want one of three things: your money, your identity, or your computer. They aim to drain your bank account, use your online credentials to hide their tracks, and turn your computer into a tool they remotely control and rent out to other scammers.

The standard attack comes to you in a “phishing” email, a message that looks like it came from someone you trust, like your bank, employer, or a brand-name retailer. These emails are designed to lure you into opening a file attachment or visiting a website that steals your information or infects your computer. Phishing attacks can also come in online advertisements.

A recent study by brand protection firm Mark Monitor says one in six online consumers is duped into shopping at rogue sites. Another study shows that a quarter of all Facebook ads for luxury goods are for third-party knockoffs, like fake Rolex watches and faux Louis Vuitton bags.

The key component to these scams: you. You have to think that something bogus is the real deal and, just for a moment, treat it as such. Avoiding these scams isn’t particularly difficult. But if you’re not paying close attention (or you’ve had too much of Uncle Bob’s Southern Comfort eggnog) you could end up making a mistake that will cost you a lot, for a long time to come.

Here are five of the more common scams to watch out for:

1. Craaazy Cyber Monday specials.

Cyber Monday ad featuring 95% off an iPhone 5

OMG, $15 for an iPhone 5 and $76 for an iPad? I’ll take half a dozen of each! (McAfee)

Some crazy Cyber Monday deals are a little too crazy, which is why anything advertising brand-name electronics at bargain-basement prices should be greeted with extreme skepticism. But greed — or unbridled optimism — often tempts you to click anyway. What happens next?

One scenario is that the ad leads you to a website that wants to steal your information or infect your computer. It could be a bait and switch: That super-cheap iPad is suspiciously out of stock, replaced by models with a heftier price tag; or the price doesn’t include extra-cost “accessories” (like a power supply, memory, or a manual). The goods might be customer returns or refurbished models being sold as new. They could be third-party knockoffs or counterfeit items. Or the site could simply take your credit card information and then vanish.

How do you know a site is bogus? It’s often pretty obvious if you know where to look, says Frederick Felman, chief marketing officer for MarkMonitor. Dig into the site’s About page, FAQ, and returns policy, looking for typos or other things that don’t make sense. Then run a search for the company name along with the words “scam” or “ripoff.” If it’s a rogue site, odds are that somebody has already figured that out and raised the alarm.

Tynan’s rule of thumb: If it looks too good to be true, look again. If you absolutely must buy anyway, use a credit card so you can get your money back when if you are ripped off.

2. Faux gift cards: The gift that keeps on taking.

Ad offering a $1,000 Walmart gift card

Nothing quite says Christmas like a Walmart shopping spree. (Facecrooks)

Faux gift card offers from Apple, Starbucks, Walmart, and other brands have been circulating the Web for a few years now. Many are sent via Facebook; those who make the mistake of clicking on one often end up spamming all their friends with the same offer. Happy holidays!

Walmart has a page detailing how these scams work. At best, gift card scammers require you to sign up with dozens of participating merchants before they issue you your “gift” — money they’ve made back many times over by selling your personal information to these merchants. In other cases they simply siphon off your personal information and give nothing back.

Tynan’s rule of thumb: Unless that “free” gift card shows up in your stocking on Christmas morning, it’s not free.

3. Counterfeit coupons.

Fake coupon for Pop-Tarts

$2.50 off every package of Pop-Tarts? Quick, let’s rent a truck and head to the Piggly Wiggly. (Coupon Information Center)

A popular trick is to lure you to malicious sites with what look like genuine supermarket discounts. In reality, they’re usually expired coupons that have been photographically altered; when you click the link to print or redeem them, you’re asked to hand over your name and credit card information.

The Consumer Information Center maintains a running list of the nearly 8,000 coupon scams currently circulating for brands like Coca-Cola, Mattel, Kellogg’s, and others. Blogger Sarah Roe, aka the “Money Saving Queen,” offers some sage tips on how to recognize bogus coupons.

Tynan’s rule of thumb: If that coupon came to you out of the blue, it’s probably not true.

4. Shipping notification scams.

Notification of undelivered package apparently from FedEx

Hey, I just got a package I totally wasn’t expecting. I’ll just print out that receipt and head on down to Kinkos. (FedEx)

With so many packages flying around, it’s easy to get duped by fake notifications from DHL, FedEx, UPS, or the U.S. Postal Service asking you to confirm an address or print out a receipt. One of two things will happen, neither of them good. You’ll be instructed to open an attached file that then immediately infects your computer, or you’ll be sent to a fake website to fill out a form, which will steal your personal information.

FedEx’s Customer Protection Center serves up examples of the most common scams; UPS offers tips on how to identify them.

Tynan’s rule of thumb: If you weren’t expecting a package and don’t recognize the sender’s address — or the email contains obvious grammatical or spelling errors — do not open any links or attachments. If there’s a tracking number associated with the delivery, plug it into the alleged shipper’s tracking page or call its local office to see if it’s legit. Odds are it’s not.

5. Holiday greetings from hell

Christmas card with link


Look, some completely anonymous person has sent me a Christmas card! What the heck, I’ll open it anyway. (MX Labs)

Somebody you know has sent you an electronic Christmas card, so your curiosity kicks in and you click the link inside the email. Congratulations! You just got a virus in your stocking.

This trick has waned in popularity over the past few years, but nothing on the Internet ever disappears. Two years ago, spammers in Belarus sent a fake holiday greeting from the White House to federal employees. Those who opened it had their hard drives rifled for information.

More likely, though, that “Seasons Greetings” card will turn into a Merry Malware message, says Gary Davis, chief consumer security evangelist at McAfee.

Tynan’s rule of thumb: If you don’t recognize the Web address of the e-greetings site or the person who’s allegedly sending you the card, steer clear. Even if you do recognize it, it won’t hurt to ask the sender if he really sent the card before you open it. Your friends and family will understand.

Remember, when it comes to holidays on the Internet, there’s often a fine line between Santa and Satan.

Questions, complaints, kudos? Email Dan Tynan at ModFamily1@yahoo.com.