How to avoid online shopping scams this Black Friday and Cyber Monday

Scams have evolved far beyond misspelled emails from imaginary princes. Today’s fraudsters operate with the polish of legitimate businesses, using artificial intelligence to make their schemes more convincing than ever.

Simon Miller, Director of Policy, Strategy, and Communications at Cifas, joined 1Password’s Random but Memorable podcast to discuss how financial crime has grown faster and more complex – and what we can do to protect ourselves. As the holiday shopping season approaches, when tempting deals abound, his insights serve as a timely reminder: awareness is our best defense against increasingly sophisticated scams.

Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.

Michael “Roo” Fey: So what did financial scams look like when you first entered the field? And how have they evolved in recent years?

Simon Miller: I've been working in fraud for a good few years now. What has really changed is the pace, sophistication, incidence and complexity of them. 

Fraud or scams – as consumers encountered them – used to be really poorly written emails. You may well remember the Nigerian prince scams, or scams telling you that someone had left you a legacy in some small, often-forgotten first world nation and all you had to do was claim it. But now they're much more sophisticated. And the speed and the complexity with which we encounter them is radically different to it once was.

Increasingly, we might find whole firms that have been set up to lure us into investing money illicitly and unlawfully. And then the money is lost to the scammers. And these firms will have utterly legitimate websites that have built a whole world of media infrastructure around them. When you Google them, article after article appears telling you the firm is legitimate and a good financial bet. It isn't. It's a scam and it's a fraud. 

"Grammar mistakes, misspellings, dodgy logos – they're all gone."

All of those telltale signs that used to tell you that maybe something was amiss, like grammar mistakes, misspellings, dodgy logos – they're all gone. AI has made these things utterly flawless so that, for most people, it’s impossible to separate scams from legitimate content. 

MF: What are some wild stories that have really stood out to you?

SM: The most impactful stories are often those involving romance scams, where people are socially manipulated over a really long time and convinced to fall in love with someone. They don’t just lose their money – they also have the heartache and damage that's caused by the loss of relationships. So it's not just about financial loss, it's also the really profound sense of social loss.

With fraud and scams, there's always something new that makes you think,” Oh my God, really?” A couple of years ago in the UK, there was a whole series of caravan scams. Winnebago, I guess, in US parlance. People were buying Winnebagos online through an online marketplace, sight unseen, that simply did not exist.

The photo was probably doctored in any event. But this was all in the wake of a pandemic where suddenly people were free to travel again and often a bit reluctant to travel abroad. So they were deliberately choosing to holiday at home and therefore susceptible to this scam.

That's the basis of trust in our digital economy. And that's the basis through which we should approach life. It's not right that we should approach life in a state of endless fear at the content that we receive. But that confluence of circumstances meant that people were rife to be scammed. 

Whatever the situation is there will be a scam that follows it very quickly. And as we approach Black Friday and Christmas there will no doubt be scams that deliberately seek to entrap people.  

MF: How do scams impact people emotionally and socially?

SM: We all make assumptions about who it is that is scammed. Actually, the truth is that we could all be scammed. We just haven't been found by the right scam yet. We'd be lucky if we haven't been.

The impact can be profound and life-changing. For some people, it may be a loss of trust in the services they use. And we may think, “Okay does it really matter if someone becomes a bit more skeptical about the platform or technology they might use?” Well actually it's really important if people stop answering the phone. It's really important if people become wary of human contact and are skeptical and untrusting of all sorts of interactions. 

When we talk about scams, we need to differentiate between high impact investment scams where the values are really significant and lower impact, high volume scams, which could be about people buying a pair of sneakers that never materialize. If you're a 16 year old and your life savings are the $200 that you've just spent on those trainers that loss is very significant.

"The emotional and financial impact can be devastating."

The emotional and financial impact can be devastating. And all of this is played out against a gradual erosion of trust in our services.

MF: What types of scams do you see during Black Friday?

SM: I now know there is such a thing as a scam calendar. At the end of the financial year, there will be lots of scams involving your tax returns. Romance scams spike around Valentine’s Day. If there's a big sporting event, you can absolutely guarantee that scams in relation to ticketing and touting will be on the march. 

As we run up to Christmas, many of us will be looking to indulge our family and friends and probably spend a bit too freely. That’s when you see offers that are too good to be true. If those offers are from websites that look legitimate, particularly those that offer buy now, pay later opportunities, you need to be really wary.

Those of us who are more financially conscious, and have potentially anxieties about what we spend during the Christmas period, will be targeted with scams seeking to take advantage of that anxiety.

MF: How are AI and deepfakes impacting online scams?

SM: AI in the world of scamming and fraud is absolutely everywhere. It is pervasive. It is using different means all of the time. 

Where we see AI being used the most is in the organization of attacks on systems for malware purposes, extortion purposes. AI enables the training of those attacks in a way that is far more effective and sophisticated than existed in a pre-AI world. So the targeting of individuals, the identification of firms is much more sophisticated and effective as a consequence of the use of AI tools. 

But increasingly where we see AI is in the use of the creation of collateral materials that make the scam convincing. I spoke about scam firms setting up fake websites and media coverage to legitimize their scams. That is where we see it most. It's in the fake letters from banks, the fake documentation from government departments telling you that you need to make a payment now. These things are flawlessly written with all of the right detail in them. 

To any eye they seem legitimate. So that's where we really see AI but also now in replicating figures in authority, people who might convince you or me if they were legitimate and real, to actually invest in a financial product or service.

It’s important to remember that the best defense against the poor use of AI is a good use of AI. We know that fraudsters are able to buy whole fraud as a service AI packages to be able to create an impersonated bank teller. But it will be AI in telephone networks, and AI in your office information security system, that's going to keep us safe.

MF: What's the most popular platform or medium for online scams? Is it social media, DMs, fake display ads, or something else?

SM: It's the whole lot, which is a really terrible answer. The reason why scams have increased is because scammers can bounce between platforms and services with impunity. And different scams will take different forms. 

There's almost sort of a water balloon or waterbed effect where if you take action in one place, it will pop up somewhere else in a slightly different form.

Marketplaces are particularly prone to incidents of fraud as often because the processes through which we engage with the marketplace will have lesser controls around establishing who you are as a user. 

But telecommunications still remains a prime vector through which we receive scams. Recently I received scammed texts telling me that I have parking tickets somewhere. And it sent me to a fake GOV.UK website which has been perfectly mocked up so it's very difficult to distinguish from the original. But the reason I can tell it's a scam is because there's no actual detail about the offence in it. Because that might be a telltale giveaway. 

There's always an incentive for the scammers and fraudsters to use low-cost basic scams because they don't have to invest a lot in them. At the same time, there are massive rewards for scammers who invest in really complicated structures using the latest technologies because that's the route to really significant consumer assets.

MF: What red flags should people look out for so they know when to stop and pause?

SM: Be a bit more skeptical about content you receive unexpectedly. If you receive something and think, “That's interesting,” get a second opinion about it. Always take that time and remember that if someone's putting you under pressure, it's probably for no good purpose. That's a clear flag. 

If you suspect it's a scam, always hang up the phone or close down the website and report it. There's always a really good means of reporting it. Because the better the picture that we can build up around where scams are happening, and through which channels and nations, the more we can do about it.  

"Always have two-factor authentication turned on."

The single greatest thing that a scammer can get is your identity. So make sure that you have appropriate controls around your key accounts. Always have two-factor authentication turned on. It might be a bit of a pain but it's a thing that is going to save you from really significant loss over the long term.

MF: What should you do if you fall victim to a scam?

SM: Always report it. That should be to your provider, so the bank that you made the purchase with, to try and do what you can to get that money back. You should also report it to the police. You should also report it to the platform that you accessed that content through. Because the more those scams are reported, the better the platforms will be at training their algorithms to recognise fraudulent content so it's never served up in the first place.