Try Business for freedownload
Blog
Recent
Blog
Recent
Industry News
LastPass For Admins
LastPass Labs
Product Updates
Tips And Tricks
bg
Industry News

Watch for Cyber Monday Scams

Shireen StephensonOctober 29, 2024
Cyber Monday Scams: What’s New in 2024AI-powered ransom scamsSpoofed websitesAmazon-based scams How scammers target their victimsTips to stay safe while shopping Strong passwords Use MFA to protect from phishing attempts Secure Online Payments Choose reputable retailers Avoid sharing sensitive information Use a password manager with Dark Web Monitoring Protect Personal Information Use VPN and keep your devices up to date Watch for phishing attempts 

The hottest retail event of the year is a magnet for cybercrime. Yet, Black Friday-and-Cyber Monday sales are forecasted to top a record US$ 75 billion in 2024.  

If you’re planning to skip the Black Friday lines, don’t let these Cyber Monday scams discourage you. Below, you’ll find the quickest, easiest ways to spot them so you can enjoy a hassle-free shopping experience. 

Watch for Cyber Monday Scams

Cyber Monday Scams: What’s New in 2024

AI-powered ransom scams

“With great power comes great responsibility” isn’t just a popular superhero mantra -- it’s also true when it comes to deepfake tech.  

Take, for instance, the use of face swapping, voice cloning, and lip-syncing technologies to make credible deepfakes. They enabled David Beckham to “speak” nine different languages in support of a worldwide campaign to end malaria. But attackers have also leveraged AI to part the unsuspecting from their hard-earned money. Here's how: 

  • Using a snippet of someone’s voice (gleaned from phone calls, social media, voice mail greetings, and podcasts) to target the person’s loved ones for ransom payments. One in 10 people have received cloned messages, with 77% of them losing money from it. 

In early 2023, Jennifer DeStefano picked up a terrifying call from her daughter Brianna, who could be heard begging for help in the background. In reality, Brianna was safe with her father on a skiing trip – but the attacker was able to use AI to mimic her voice credibly and demand US $1 million from her panicked mother. In the end, a police dispatcher saved Jennifer from paying the ransom. But it was a close call.  

  • Using celebrity deepfakes to promote giveaway scams. The likeness and voices of celebrities like Taylor Swift, Oprah Winfrey, and Jennifer Aniston have been used to tout fake giveaways of Le Creuset cookware and MacBook Pros. When users click through to claim their free products, they are asked to pay a “small $10 shipping fee.” The scammers wait in the shadows, harvesting payment info to drain money out of their victims’ accounts.   

Here’s how to protect your friends and family from AI-based scams: 

  • Look for misspellings in ads. 
  • Look for lips that don’t sync with spoken words, signifying the use of poor-quality lip-syncing software. 
  • Hang up and call the victim to confirm their request for funds. 
  • Look for unnatural eye movements or unblinking eyes in videos. 
  • Be wary of ads that take you to social media pages with few followers. 

Spoofed websites

Spoofed domains pose a significant threat to all Cyber Monday shoppers. In April 2024, the Justice Department seized four web domains operated through LabHost, a platform that allows users to set up and run phishing sites. The domains were used to create 40,000 spoofed websites of brand names like Netflix, Amazon, Wells Fargo, and Bank of America. 

The scammers stole over one million user credentials such as dates of birth, email addresses, passwords, and credit card numbers. In all, over 500,000 credit cards were compromised and used to make unauthorized purchases.  

Here’s how you can protect your friends and family from a spoofed website: 

  • Help them identify fake ads, especially ones that offer high-end or in-demand products for ridiculously low prices. 
  • Scammers may be able to recreate popular websites, but the URLs give them away. Check the spellings of URLs in his browser’s address bar and in emails. And be sure to look out for Best Buy renewal scams – yes, they’re still a threat in 2024. 
  • Consider using a password manager with autofill capabilities. The benefits? You’ll never need to remember another password again, and autofill ensures your login info won’t be entered on phony websites. 

Amazon-based scams 

With its reputation for offering the best Cyber Monday deals in e-commerce, Amazon is a prime target for unscrupulous scammers. In 2024, you’ll want to watch out for Amazon verification scams. Be wary if you receive a text message, call, or email from Amazon asking you to verify a fraudulent order.  

To help protect friends and family from Amazon verification scams

  • Tell them to access the Message Center to verify any texts, emails, or calls received. To do this, they’ll tap their image at the top right corner of the page and click on “Account & Lists.” In the drop-down, they’ll choose “Account.” On the next screen, they’ll scroll down and click on “Your Messages.” Here, they’ll see all past communications with Amazon. 
  • To get customer or tech support, use the Amazon app or website. 
  • Tell friends and family to be wary of emails or messages claiming to be from an Amazon driver. Never click on a link to confirm a delivery or pay a “redelivery fee.” All legitimate orders can be seen by clicking on “Account & Lists” and then “Orders.” 

How scammers target their victims

Cyber criminals generally target their victims with these methods: 

  • Using fake social media profiles and phone numbers to build credible personas 
  • Using deepfake videos, voices, and images to build trust quickly 
  • Leveraging mutual connections on LinkedIn to target career-oriented, ambitious individuals  
  • Starting victims out on legitimate crypto exchange platforms before encouraging a switch to their own controlled platforms 
  • Using a sense of urgency to precipitate action on the victim’s part 

Memecoin and crypto influencers primarily target the lonely, digital natives, and inexperienced investors. Many of these influencers amass huge followings on platforms like Tik Tok. They hype the value of certain meme coins to encourage people to buy. Once the value hits a peak, they sell all their holdings. This causes the price of the memecoin to plummet – and their followers to lose everything they’ve invested. 

Tips to stay safe while shopping 

Strong passwords 

Due to password fatigue, many of us are either reusing passwords or using common, easily guessable passwords that leave our accounts vulnerable to scammers. 

Strong passwords are a critical first line of defense in our digital age.  

So, what makes a strong password? 

According to NIST, it’s length, rather than complexity. Longer passwords have greater entropy, which is a measure of how guessable a password is. Passwords with high entropy are less likely to become compromised. For this reason, CISA recommends a length of at least 16 characters. This brings us to the million-dollar question: How long does it take to crack a password in 2024

The answer: 37 seconds, if your password is just eight (8) characters in length and consists of only numbers.  

Using a combination of uppercase and lowercase letters, numbers, and symbols adds to a password’s complexity. But this won’t keep your accounts safe forever -- if your passwords are too short. 

For example, it takes seven years to crack a complex password that’s eight (8) characters in length, while it takes 3 quadrillion (3,000 trillion) years to crack one that’s 16 characters in length.  

Use MFA to protect from phishing attempts 

Using multi-factor authentication (MFA) is a defense-in-depth approach to securing your accounts.  

According to Microsoft, 99.99% of MFA-secured accounts are an effective deterrent against credential-based cyber-attacks.  

But not all MFA types are created equal. 

SMS or text-based MFA is highly susceptible to phishing, SIM swapping, and MitM (Main-in-the-Middle) attacks.  

Your best option is adaptive or phishing-resistant MFA, which incorporates device-based, biometric, contextual, and hardware key authentication methods. According to CISA, adaptive MFA is the safest type of MFA; SMS-based MFA should only be used as a last resort. 

Secure Online Payments 

Choose reputable retailers 

The best and easiest way to protect your financial and personal data is to order from well-known, trusted brands such as Amazon, Home Depot, Best Buy, Target, and Walmart.  

Here are four more ways to choose reputable sellers

  • If ordering from third-party sellers on Amazon, choose ones that offer fulfillment by Amazon. 
  • Order from sellers that offer digital wallet services like PayPal and Amazon Pay, which act as secure intermediaries to protect your banking info from exposure during transactions. PayPal also encrypts every transaction so you can shop with greater peace of mind. 
  • Carefully read seller reviews. Look for red flags such as unfulfilled expectations or deliveries, unresponsive customer service teams, or a generally poor shopping experience. 

Avoid sharing sensitive information 

Worldwide, people spend an average of 143 minutes a day on social media. That’s plenty of time to share information that may be of interest to scammers. 

This includes yearbook, graduation, wedding, birthday, and anniversary photos. Other photos may reveal more than you care to, such as the ones featuring your new car.  

You may also have commented on, liked, and shared certain posts. 

Now, scammers know the make and model of your new car, when you graduated, who your spouse is, and who your connections are. They may even be able to make educated guesses about your income bracket.  

With this data in hand, they can guess your answers to security questions and craft elaborate social engineering schemes to entrap you. So, how can you protect yourself? Here are three easy ways: 

  • Set access permissions on photos.  
  • Hide your list of connections from public view.  
  • Get Dark Web monitoring to see if your data has been exposed. 

Use a password manager with Dark Web Monitoring 

What if you could get alerts when your login credentials or personal info are exposed online? With LastPass Dark Web Monitoring, you can receive instant notifications and rest easy knowing that your data is monitored 24/7.  

If any of your credentials have been exposed, you can easily create new ones that are stronger and more protective against credential-based attacks. 

Protect Personal Information 

Use VPN and keep your devices up to date 

Keeping up with Cyber Monday deals shouldn’t be a nerve-wracking experience. Using a VPN for online transactions makes online transactions safer and more secure.  

Another way to protect yourself is to keep your devices updated – this ensures you have the latest security features to guard against the newest threats. 

Watch for phishing attempts 

Phishing is the primary way scammers steal your data to access your accounts, but this needn’t put a damper on your Cyber Monday plans. Here are four easy things you can do to protect yourself: 

  • Read about the latest phishing tactics, such as WormGPT and FraudGPT and its role in helping hackers craft credible phishing emails.  
  • Use a password manager that protects your most sensitive data with military-grade encryption and best-in-class adaptive MFA. 

If you’re ready to get premium protection this Cyber Monday, try LastPass free today (no credit card required). 

bg

Get started with LastPass Business

14-day free LastPass Business trial. No credit card required.