Fraud experts share tips for combating holiday sale cybercrime


Know what OTP is and how scammers will use it to fool you?

The holiday sales season kicks into high gear this week with Black Friday, November 24, and Cyber Monday, November 27, a perfect storm for cybercreeps to pounce on our hopes and wishes for a good deal and enrich themselves.

ConsumerAffairs gathered a panel of fraud experts to share their best tips on how each of us can keep those fraudsters and scammers at bay and our money out of their hands.

Hack Friday and Cybercrime Monday 

If you plan on hitting the stores on either Black Friday or Cyber Monday, John Watkins, senior vice president of Fraud Strategy at Jenius Bank, suggests you do it early. And, his reason isn’t because you’ll beat the crowds.

It’s because fraudsters prefer to shop in the afternoon and evening after most of the big sales have ended and large crowds are gone. “For fraudsters, crowds mean exposed time, making them more vulnerable to be noticed,” he told ConsumerAffairs.

“If you have been out shopping that morning, it is a good idea to monitor your credit and debit card transactions closely for the remainder of the day, not just immediately after you shop. If you do see a transaction you do not recognize, contact your financial institution immediately.” Also, make sure you set your transaction notifications extremely low so nothing gets through.

Fraudsters also like Black Friday and Cyber Monday for their phishing expedition opportunities. They know it’s a safe bet that your in-box will be as fat as Santa, so they’ll be pushing fake emails and text messages of their own, hoping to catch you asleep at the wheel. 

The key telltale sign of a phishing email/text is the word “click.” That’s a point that a lot of people miss and a trigger point the crooks are just sitting and waiting for you to pull.

Watkins says that before you click on any link in an email or text message, be sure to confirm that the sender is legitimate. Search for them on Google (along with the word “scam” and “fraud”), Reddit, social media, etc. If they’re a bad actor, there’s a good chance someone else has already called them out.


A fraudster’s favorite game show is “The Price is Always Right” and during the holiday season, they play that to the hilt, hoping they can find a target whose FOMO (fear of missing out) is stronger than their FUBB (fouled-up beyond belief).

Sandro Okropiridze, marketing expert, co-founder & CEO of STORI, an AI-powered content creation platform, told ConsumerAffairs that if you see an ad that mimics a well-known brand, offering a price that you know in your heart of hearts is too good to be true, then stop right there and research the price elsewhere. 

How? Like this…

Let’s say you saw a COACH Cross Grain Leather Kitt on Amazon for $175 and then, you saw an ad for the same thing at $95. Before you go any further, go to Google Shopping, type in the name of the product and Google will let you know who’s selling it and at what price. Then, go from there.

It's a counterfeiter's holiday!

FOMO can lead consumers to buy counterfeit products, too. Frank Cullen, C4IP Executive Director, Former Vice President of U.S. Policy for the Chamber of Commerce's Global Innovation Policy Center said that nearly 7 in every 10 consumers have been deceived into buying a counterfeit product online in the past year -- many of them products that can pose physical dangers -- and those numbers will likely grow during the holidays.

Social media is particularly awash with counterfeit products, Okropiridze said. 

“Check their reviews and who posted them. It’s easy to create a bunch of empty accounts and leave fake reviews so don’t assume that a five-star rating is reliable. If they’re not well-known and lack a digital footprint, shop elsewhere.”

In-store/public Wi-fi can be a snake pit of scammers

It’s pretty easy these days for a cybercriminal to sit in their car outside a store, fire up a Wi-Fi router, and give it the name of the store, e.g., “Kohl’s Shopper Network” or jailbreak a store’s Wi-Fi and tap into anyone’s phone that’s connected to it.

Paul Fabara, chief risk officer, at VISA. told ConsumerAffairs that you should avoid public Wi-Fi at all costs. “Always use a secure, private internet connection when you're making purchases. It's safer to shop from a secure home network or use a VPN.”

And VPNs are starting to show up in a lot of mobile and internet plans. AT&T offers a VPN in its unlimited plans as does Google for its Google One accounts.

'One-time passcodes' are new tricks, too

Fabara noted that one time passcodes (OTP) are a new and growing threat, thanks to artificial intelligence (AI) -- those chat “bots” that we’re all having to get used to. He says that the number one angle the scammers play with OTP is impersonating a bank or financial institution.

How does this OTP thing play out? We’ll let Experian explain:

“Some scammers are using so-called OTP bots to trick people into sharing the authentication codes that are sent to them via text or email, or that they have to look up in an authentication app or device,” Experian warns.

“The bots may initiate a robocall or send you a text imitating a legitimate company. For example, the robocall may look and sound like it's coming from a bank. The voice asks you to authorize a charge and tells you to input the code you're texted if it's not one you made.

"In reality, the bot is attempting to log in to your account, which triggers the system to send you the code. If you share the code, the scammer can then log in to your account.”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.