While businesses rely on Black Friday to boost their sales in November, cybercriminals are preparing their own August. Taking advantage of the boom in discounts and online purchases of this period, they devise new strategies to get the consumer to take the bait, such as the launch of attractive offers for low-priced products that expire in a few hours and that are actually false. As soon as the unsuspecting buyer enters their banking details on the website, their checking account is emptied or they are charged improperly.
“Cybercriminals know that on these dates we all focus on making purchases and they intensify fraudulent campaigns,” says Ruth García, technician at the National Cybersecurity Institute (Incibe). One of the most common is the creation of websites that copy legitimate stores. "And not only do they impersonate certain entities or recognized brands, but they also create online sales pages that can be themed - technology, sports products, perfumes or bags, for example - and that mainly use price bait to capture the attention of users," he explains. Those who end up taking the bait neither receive the product nor know who their bank details are in, which is why they often end up detecting unauthorized charges on their account.
According to data managed by Incibe, last year incidents related to cybersecurity grew by 9% compared to 2021. In addition, more than 650 fraudulent online stores were discovered. A type of crime that is increasing at the same time that scammers resort to more cunning and sophisticated tactics, which forces the consumer to be aware of them and know how to protect themselves to avoid falling into their networks.
Despite the tricks that proliferate on the Internet to steal banking data, it is logical to ask how a consumer can detect them before it is too late. "There is evidence that quickly tells us that it is a fraud," says García. In the event that it is a website that impersonates a brand, it will be necessary to review the site address (URL). "What cybercriminals do is change just a few characters so that it looks as similar as possible to the legitimate website," she warns.
In the case of fraudulent stores that do not try to impersonate a company, it is recommended to look at the images, because they are usually of low quality and have watermarks, among other characteristics that make one suspect that the site is not reliable, such as typing errors. and design, descriptions that are not very appropriate for the product offered and prices that are much lower than those set by other stores.
Likewise, García advises the consumer to pay attention to the information contained on the website related to the company behind it and compare it on the internet: the name of the company, what its NIF is, as well as the privacy policy and legal notices that appear. They usually appear at the bottom of the page of electronic stores. However, he admits that sometimes fraudulent websites copy legal texts from others that are legitimate.
Another check that helps to discern whether it is a reliable site or not is the ratings and reviews found about it on Google. You must also look at whether it supports other payment methods other than credit cards, since, although some indicate that the purchase can be made through different methods, at the end of the process they only allow you to finish it by entering the digits of the card. "And the most worrying thing is that they do not then redirect to the secure payment gateway," says García. In this sense, "if we doubt the veracity of the website, we can try entering false data because sometimes it works to realize that it is a fraud."
From Incibe they indicate that the majority of online stores rely on secure payment gateways to avoid directly managing customers' banking data. It is key, therefore, that once the method with which the purchase is to be made is selected, the website redirects to a payment gateway. For example, if you choose PayPal, you must open this company's page and enter the passwords to confirm the purchase, and if you pay with a bank card, you should be able to verify the transaction through an SMS code or by accessing the company's app. financial entity.
While there are ways to expose cybercriminals, it is also true that they use increasingly sophisticated strategies to deceive consumers. That is why Incibe's cybersecurity technician recommends choosing to make purchases in online establishments using credit cards with limited balance or rechargeable ones. Another option is to use intermediary companies considered safe, such as PayPal and Bizum, as well as Google Pay and Apple Pay services. This will avoid having to enter bank details in all the online stores in which the user registers and thus minimize the risk of being a victim of a scam.
