Technologies
2022 Black Friday: Make Sure You Avoid All the Elaborate Scams
Scammers don’t take a break during the holidays. Learn what to watch for to protect yourself.
This story is part of Gift Guide, our year-round collection of the best gift ideas.
Black Friday arrives the day after Thanksgiving — which is Nov. 25 this year. It’ll be a day filled with deals on items like headphones and TVs, but with all that potential money flowing from customers to stores, cybercriminals are unfortunately looking to steal some of it.
Scammers work year round, but they turn up their efforts during the high-spending holiday season to exploit the spirit of giving.
The scams range far and wide — as retailers like Amazon, Best Buy and Walmart roll out deals over the holidays, fraudsters create elaborate websites to trick you into spending money on products you’ll never receive. You may receive text messages or emails claiming you’re eligible for a refund for an item you never purchased, just so thieves can get your credit card information. You might even be enticed into donating to a charity that provides homes for abandoned puppies — only to find out it doesn’t actually exist.
Scams come in all shapes and sizes, but there are always red flags to help spot them. Here’s what you need to know about Black Friday scams and how to avoid becoming a victim this holiday season.
For more about security and privacy this holiday season, check out how to protect yourself from identity theft, how to protect your phone app privacy, and the most common cryptocurrency scams.
Fake websites and fraudulent apps go ‘phishing’
In a phishing scheme, the goal is for hackers to get their hands on your personal information, like your credit card number, social security or account password. Pretending to be a large retail corporation, the fraudsters send out an official-looking email or text message, usually with a link to a fraudulent website designed to look just like a legitimate site.
Researchers at security firm Avanan discovered that hackers were sending out spoofed Amazon order notification emails. The email resembled your run-of-the-mill order confirmation, except that the order is false and the charge is significant.
Naturally, if you believe you’re being charged for a substantial amount, you would want to reach out to Amazon. But in this instance, if you use the link in the phishing email to get in contact, you’ll be redirected to a fake Amazon webpage with a false phone number to dial. If you call, the fraudsters won’t initially pick up, but they’ll soon call back, asking you to provide your card number, expiration date and CVV to «cancel the order.» And just like that, they’ve got your information.
These types of attacks are commonplace throughout the year, but expect a surge in messages claiming to be from Amazon, Best Buy, Walmart, Target or other large retailers during the holidays.
If you receive an email asking you to update your payment method or requesting other personal information, contact the company’s help desk to make sure the email is legit before you do anything else.
Other ways to identify a phishing email, according to the Federal Trade Commission and StaySafeOnline.org, include:
- The sender’s email address looks almost right but contains extra characters or misspellings.
- There are misspellings or bad grammar either in the subject line or anywhere in the body.
- They address you with generic terms («Mr.» or «Ms.» or «Dear Customer») instead of by name.
- The message warns that you need to take immediate action and asks you to click a link and enter personal details, especially payment information.
- The messages promise a refund, coupons or other freebies.
- The company logo in the email looks low-quality or just plain wrong.
Credit card skimming goes all-digital
You’ve seen it in movies. A hacker places an object over a card reader, disguised to look like part of the ATM, and then waits for people to swipe their cards. A day or week later, the thief takes the object — known as a skimmer — back and collects the mountain of stolen card information stored inside, which they can then use to make purchases, withdraw money and more.
Instead of using physical hardware to steal payment card numbers, hackers can insert malicious code directly on a website to do the same thing as traditional skimming, but with online payment information instead.
Regarding e-skimming incidents — sometimes called Magecart attacks after the name of the software used — Tim Mackey, principal security strategist for Synopsis, a digital security company, warns, «There isn’t an obvious way for the average person to be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.'»
Mackey suggests a few strategies you can can use to protect yourself:
- Don’t save your credit card information on retail sites.
- If possible use a third-party payment method like Apple Pay, Google Wallet or PayPal.
- Enable purchase alerts on all your credit cards.
- Disable international purchases on all credit cards.
- Only make purchases over your home network or cellular network, never on a public Wi-Fi where your payment could be intercepted.
Avoid the ‘Secret Sister’ gift exchange — it’s a pyramid scheme
Originating on Facebook, this sketchy gift exchange among internet strangers plays off the popular workplace practice of «Secret Santa,» a game where each person in a group buys a present for one other randomly selected group member, without the gift-giver revealing their identity.
Instead, in Secret Sister, it’s a pyramid scheme dressed up in holiday clothes, according to the Better Business Bureau. The «Secret Sister» exchange invitation promises you’ll receive about $360 worth of gifts after purchasing and mailing a $10 gift for someone else. A variation includes swapping bottles of wine. And there’s even «Secret Santa Dog,» in which you gift money to a «secret dog.»
Unfortunately, bad math hasn’t stopped this scam from resurfacing year after year. If you fall for it, you’ll probably be out 10 bucks when you don’t receive any gifts in return. You might lose personal details too, because the scam involves sending your name, email address and phone number to people you’ve never met in person.
The Better Business Bureau recommends you deal with any request to become a Secret Sister by ignoring it — do not give your personal details to online strangers. You can also report the invitation to Facebook or whichever social network you were approached on.
Your donations might be going to a ‘faux charity’
During the holiday season, it’s not uncommon to give back to the community. In fact, nonprofit organizations typically see an increase during the fall. The last three months of the year make up 36% of all charitable giving during the year, according to Blackbaud Institute, which creates fundraising applications.
Unfortunately, scammers take advantage of this generosity to make a bundle for themselves.
The way these charity fraud scams typically work are by impersonating other successful charities. And it’s no wonder they work: The scammers come up with real-sounding charity names, create credible websites, run successful social media campaigns — and they’re persistent.
Scammers typically call you using local phone numbers, which give you a false sense of security. However, it’s incredibly easy to spoof an area code. Next they’ll make their pitch, and it’ll be a good one. It will tug at your heart-strings, but they’ll never actually specify how they’ll help. And they may even claim that you’ve made a donation before, and suggest that you make another, and that if you do, it’ll be tax-deductible. And it’ll all be a lie.
If you get a call from a charity and sense some red flags, the AARP and FTC suggest that you do the following:
- Do your research. Use a watchdog like CharityWatch to get more information about a charity and learn how credible it is. Or use Google.
- Pay close attention to the charity name and website. False charities like to mimic other popular charities. If it seems too close in name to another, it might not be real.
- Keep track of your donations. Even if you accidentally donate to a scammer, you need to ensure that the donation isn’t recurring.
- Don’t give away all your personal information. Of course it’s normal to provide your card information, but don’t do the same with your Social Security number or bank account number.
- Don’t make a cash donation. Unless you’re certain about a charity’s credibility, don’t give away cash, gift cards, or cryptocurrency.
For any charitable donations that you make, you can also use the IRS tax-exempt organization search tool to make sure that the charity you’re contributing to is legitimate and that your gift can be deducted on your income tax return.
Find The Perfect Gift
Technologies
Google Discover Gains Follow Button and Expands Content Sources
Google’s personalized news feed will feature a wider variety of content in the coming weeks.
Google Discover, Google’s personalized news feed, has largely remained the same since its introduction in 2018, but it’s now receiving some new and helpful features.
On Wednesday, Google announced that Discover will soon expand the type of content found within the feed and allow you to follow publications and creators. You can find Google Discover in the Google app, and it will be built into the home screens of some Android phones.
Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
Instead of just seeing a list of web pages to visit on your feed, you’ll soon see a mix of web articles, YouTube videos and social media posts from X and Instagram, effectively widening the net of content shown in Discover.
Along with expanding content from more sources, Google Discover is allowing users to follow specific publishers and content creators using a «follow» button at the top right of each content card.
Google says that tapping the publication’s or creator’s name will open a new page previewing the content that’s typically shared before you choose to follow the outlet. From our testing across multiple phones so far, it appears the feature is still rolling out.
Your Google Discover feed should now allow you to follow content creators. A more diversified mix of content will roll out over the coming weeks.
Technologies
New Bill Aims to Block Both Online Adult Content and VPNs: How Your VPN Could Be Affected
A proposed bill in Michigan has a broad reach that covers everything from adult AI content to manga and even depictions of transgender people. It includes a VPN ban to avoid workarounds.
If you live in Michigan, you might not be able to legally use a VPN soon if a new bill is passed into law. On Sept. 11, Michigan Republican representatives proposed far-reaching legislation banning adult internet content.
The bill, called the Anticorruption of Public Morals Act and advanced by six Republican representatives, would ban a wide variety of adult content online, ranging from ASMR and adult manga to AI content and any depiction of transgender people. It also seeks to ban all use of VPNs, foreign or US-produced.
Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
VPNs, or virtual private networks, are software suites often used as workarounds to avoid similar content bans that have passed in states like Texas, Louisiana, Mississippi and the UK. VPNs can be purchased with subscriptions or downloaded and are also built into some browsers and Wi-Fi routers.
But Michigan’s bill would charge internet service providers with detecting and blocking VPN use, as well as banning the sale of VPNs in the state. Associated fines would be up to $500,000.
What the ban could mean for VPNs
Unlike some laws banning access to adult content, this Michigan bill is comprehensive. It applies to all residents of Michigan, adults or children, targets an extensive range of content and includes language that could ban not only VPNs but any method of bypassing internet filters or restrictions.
That could spell trouble for VPN owners and other internet users who leverage these tools to improve their privacy, protect their identities online, prevent ISPs from gathering data about them or increase their device safety when browsing on public Wi-Fi.
Read more: CNET Survey: 47% of Americans Use VPNs for Privacy. That Number Could Rise. Here’s Why
Bills like these could have unintended side effects. John Perrino, Senior Policy and Advocacy Expert for the nonprofit Internet Society, mentioned to CNET that adult content laws like this could interfere with what kind of music people can stream, the sexual health forums and articles they can access and even important news involving sexual topics that they may want to read.
«Additionally, state age verification laws are difficult for smaller services to comply with, hurting competition and an open internet,» Perrino said.
The Anticorruption of Public Morals Act has not passed the Michigan House of Representatives committee or been voted on by the Michigan Senate, and it’s not clear how much support the bill has beyond the six Republican representatives who have proposed it. As we’ve seen with state legislation in the past, sometimes bills like these can serve as templates for other representatives who may want to propose similar laws in their own states.
Could VPNs still get around bans like these?
Could VPNs still get around this type of ban? That’s a complex question that this bill doesn’t really address.
«From a technical standpoint, ISPs can attempt to distinguish VPN traffic using deep packet inspection, or they can block known VPN IP addresses,» said NordVPN privacy advocate Laura Tyrylyte. «However, deploying them effectively requires big investments and ongoing maintenance, making large-scale VPN blocking both costly and complex.»
Also, VPNs have ways around deep packet inspection and other methods.
«Some VPNs offer obfuscation — which tries to disguise VPN traffic as standard web traffic — using dedicated servers or custom VPN protocols, like NordVPN’s NordWhisper or Proton VPN’s Stealth,» said CNET senior editor Moe Long. «But note that obfuscation isn’t foolproof.»
There are also no-log features offered by many VPNs to guarantee they don’t keep a record of your activity, and no-log audits from third parties like Deloitte that — well, try to guarantee the guarantee. VPNs can even use server tricks, such as RAM-only servers that automatically reboot to erase data after every browsing session.
If you’re seriously concerned about your data privacy, you can look for features like these in a VPN and see if they are right for you. Changes like these, even on the state level, are one reason we pay close attention to how specific VPNs work during our testing, and recommend the right VPNs for the job, from speedy browsing to privacy while traveling.
Technologies
Today’s NYT Strands Hints, Answers and Help for Sept. 19 #565
Here are hints and answers for the NYT Strands puzzle for Sept. 19, No. 565.
Looking for the most recent Strands answer? Click here for our daily Strands hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections and Connections: Sports Edition puzzles.
Do you drink your coffee black? If so, today’s NYT Strands puzzle might be a puzzler. If you need hints and answers, read on.
I go into depth about the rules for Strands in this story.
If you’re looking for today’s Wordle, Connections and Mini Crossword answers, you can visit CNET’s NYT puzzle hints page.
Read more: NYT Connections Turns 1: These Are the 5 Toughest Puzzles So Far
Hint for today’s Strands puzzle
Today’s Strands theme is: Pour it on.
If that doesn’t help you, here’s a clue: Wow, no cow.
Clue words to unlock in-game hints
Your goal is to find hidden words that fit the puzzle’s theme. If you’re stuck, find any words you can. Every time you find three words of four letters or more, Strands will reveal one of the theme words. These are the words I used to get those hints but any words of four or more letters that you find will work:
- NONE, CONE, RICER, SHEW, FAIR, FAIRY, DRAY, YARD, MILK, CASH, DONE, DRAM, MADAM
Answers for today’s Strands puzzle
These are the answers that tie into the theme. The goal of the puzzle is to find them all, including the spangram, a theme word that reaches from one side of the puzzle to the other. When you have all of them (I originally thought there were always eight but learned that the number can vary), every letter on the board will be used. Here are the nonspangram answers:
- RICE, FLAX, ALMOND, CASHEW, COCONUT, MACADAMIA
Today’s Strands spangram
Today’s Strands spangram is NONDAIRYMILK. To find it, look for the N that’s four letters down on the far-left row, and wind across and down.
-
Technologies3 года agoTech Companies Need to Be Held Accountable for Security, Experts Say
-
Technologies3 года agoBest Handheld Game Console in 2023
-
Technologies3 года agoTighten Up Your VR Game With the Best Head Straps for Quest 2
-
Technologies4 года agoVerum, Wickr and Threema: next generation secured messengers
-
Technologies4 года agoGoogle to require vaccinations as Silicon Valley rethinks return-to-office policies
-
Technologies4 года agoBlack Friday 2021: The best deals on TVs, headphones, kitchenware, and more
-
Technologies4 года agoOlivia Harlan Dekker for Verum Messenger
-
Technologies4 года agoiPhone 13 event: How to watch Apple’s big announcement tomorrow