How to outwit cyber-scams this Black Friday

Black Friday – which is a day of deals and discounts – started as an American phenomenon and occurs on the Friday (25 November this year) following the US holiday of Thanksgiving. Cyber Monday (offering online deals) then takes place on the following Monday (28 November this year).

Coinciding with month-end payday and the start of the Christmas shopping period, retailers leverage this perfect ‘spending storm’ by putting on offers and discounts to encourage consumers to spend. Physical shops started this trend, quickly followed by online retailers, resulting in a frenzied weekend of bargain shopping at the end of November.

Clever marketers know that by manipulating cognitive biases such as urgency or a fear of missing out, they can put us into a more psychologically impulsive state of mind, which in turn can lead us to think less and spend more.

However, cybercriminals use these same tactics to exploit fundamental human behaviours in their malicious attacks and Black Friday represents a great opportunity for them to slip these scams in amongst all the other offers aimed at consumers.

Understanding how these scams work – and sharing this information with friends and vulnerable family members – can help you stay safe.

• Reciprocity – this exploits our inclination to give something in return when we feel like we owe someone. For example, a scammer could suggest that they’ve arranged a ‘special deal’ just for you, exploiting your empathy to make you feel indebted to them.
• Obligation – similar to reciprocity, even something as simple as asking a question can elicit a feeling of obligation. If you’re undertaking a transaction and you feel obliged to say yes, stop and think.
• Social Proof – this is about using the actions of others to influence an action. For example, people are more likely to accept a connection request from an unknown (and often fake) social media account if they see that other people have done so (particularly if they know that person), even if they do not personally recognise the account.
• ‘Liking’ online content that you like – cybercriminals try to make their persona similar to their victim because we tend to trust those who are similar to us. So, they may ‘like’ online content you like in an attempt to engage with you.
• Fear of missing out (‘FOMO’) – people tend to view products or services that are positioned as scarce as more desirable and may act more quickly to secure them. When we’re put in a FOMO state – for example with messages like ‘This item is currently in 9 people’s baskets!’ – we’re proven to be more vulnerable online, taking risks like clicking on potentially harmful links and forgoing cyber safety practices to ‘not miss out’.
• Commitment and consistency – hackers use this to hold people to their promises – using the individual’s need to appear consistent to reliably predict that their target will follow through on any stated action that they have been manipulated into.
• Authority – this is a very commonly used tactic by cybercriminals that leverages an unequal power balance to control the actions of another. It’s why we see so many ‘spoof’ emails pretending to come from authoritative sources, such as banks and government organisations.

We’re all going to be receiving more messages at this time of year, confirming deliveries via text or email, or tempting us with a bargain. So, while you’re in a calm state, it’s worth reflecting on your own habits.

When we are excited, panicked, rushed, intimidated, obligated, or even hungry, we can behave in a more unthinking/automated way which plays into the hands of the scammer. Understanding your emotional shifts, how you react to certain stimuli can be powerful. Ask yourself:

• Which of the seven influencing strategies in this article are you likely to be prone to?
• Are there any times, contexts, or situations when you might be more at risk?

Once you’re aware of your personal risks, bear these in mind and stop and think before you exchange any personal details (over text, email, or online) or undertake any transactions this festive season – especially when you feel emotionally under pressure.

Awareness of how persuasion tactics work has been shown to positively affect reactions when exposed to social engineering, so just by taking the time to read this article, you’ve taken a step towards reducing your risk!

Click here for more tips on how to stay safe online.

Remember to stop and think to protect yourself this Black Friday, and happy shopping!