As Black Friday approaches, many consumers in Spain are tempted by numerous online offers. One such misleading offer states, “Congratulations, you have won a check for 150 euros to spend online.” While it may seem appealing, especially considering that Spaniards spend an average of 380 euros during Black Friday, the reality is vastly different. These phishing scams not only require individuals to pay a small fee of 1.99 euros but also ask for personal information that leads to further deception. Such checks, adorned with logos of well-known brands, are never delivered.
Beware of Deceptive Online Stores Shaped Like Major Brands
Cybersecurity expert Martín Vigo explains that fraudulent online shops often impersonate reputable brands to mislead consumers. If you purchase from these sites, you may receive different or no products at all. Authorities are actively working to shut down these schemes, yet they continue to proliferate, as evidenced by a 2024 incident where a counterfeit network masquerading as legitimate fashion brands compromised the data of approximately 800,000 users across Europe and the United States. Here are key tips to avoid falling victim during the upcoming shopping season.
Identifying Fraudulent Messages
Verify the URL: Secure websites start with “https://”, not just “http://”. The “s” signifies a secure connection. Avoid unusual domains such as “.top” or “.xyz”.
Be cautious of unusually low prices that are only available for a limited time.
Examine the website's design and content for red flags, such as poorly translated texts and low-quality images.
Look for company details, legal information, and a return policy. Their absence is a warning sign.
How to Protect Yourself
Google “Store name” + “scam” or “reviews” to see if there are any red flags associated with the retailer. Additionally, check the URL using sites like scamadviser.com. Fraudsters often rely on consumer testimonials posted on platforms like trustpilot.com.
Check the domain age. If it was created recently, exercise caution. Tools such as whois.domaintools.com can provide this information.
Use secure payment methods. Consider these options:
- Credit or debit cards (with strong authentication) offer recourse if products are not received.
- Digital payment platforms that protect user data and facilitate disputes.
- Single-use cards limit theft to the exact purchase amount.
- Bizum payments ensure records remain tied to store data.
Beware of Gift Card Scams That Lure with False Offers
Scammers also exploit prevalent brands to distribute fake offers via email, WhatsApp, and social media. They promise substantial discounts or gift cards in exchange for personal data or a small fee, mimicking familiar e-commerce platforms.
Spotting Fake Gift Cards
Poorly written text, including misplaced capital letters and translation errors.
Unlikely monetary amounts offered as prizes.
Legitimate companies typically promote discounts, not cash offers.
Messages that create urgency, such as “Only today” or “Last hours.”
Prevention Strategies
Verify email addresses. Genuine communications will come from legitimate domains. Be cautious of email addresses from unusual or personal domains.
Examine the links carefully. Ensure you are familiar with the genuine domain and avoid entering your details on suspicious links.
Do not divulge personal data. Authentic promotions never require sensitive information like bank details or verification codes.
Confirm the offer with official sources. Look for promotions listed on the brand's official website or social media pages.
“Your Package is Blocked”, a Common Phishing Scam
A frequent scam involves receiving a message claiming your order is blocked at customs, urging immediate action to “unblock” it by clicking a link. This tactic exploits shopping peaks like Black Friday and Christmas.
Scammers impersonate delivery services, sending emails, SMS, or messages on platforms like WhatsApp to gather personal and financial information. Their messages typically warn of package issues requiring urgent action.
Identifying Phishing Messages
Check the sender's address in emails for slight variations from official addresses.
Watch for spelling errors and generic greetings.
Verify claims with the legitimate transport company through another communication channel.
Check SMSs for confirmation in the official transportation company's communication thread.
Preventive Measures
Be cautious about unsolicited requests for personal information. Transport services will never ask for sensitive details via email.
Risks of malware exist. Clicking fraudulent links can download malicious software. If you suspect a malware infection, disconnect from the internet and run a virus scan.
Contact companies through official channels. Always use the main website or app to verify communications.
What to do if you clicked a suspicious link? Close all windows immediately, and if a file was downloaded, delete it without opening. Change your passwords and notify your bank if you entered sensitive information.
The Bank's Role in Identifying Threats
Banco Santander provides resources to help users protect themselves from digital scams. Their awareness campaigns focus on critical aspects of digital security, such as creating strong passwords. Users can report suspicious communications to designated channels for further assistance.
For any concerns regarding communications from the bank, customers can reach out to official lines or their customer service representatives, available around the clock.
Banco Santander also maintains a WhatsApp channel for clients to receive cyber safety advice and updates on potential scams.
