Column: How to avoid getting scammed amid all those sweet Black Friday deals

Black Friday (or thereabouts) is when retailers roll out their best deals in hopes of attracting your business. It’s also when scammers roll out some of their sneakiest con jobs.

Before you go shopping online or in the real world, take a moment to see what you have to watch out for.

“It’s a game of trust,” said Emory Roane, policy counsel for the Privacy Rights Clearinghouse, a San Diego advocacy group.

He told me that fraudsters no longer make amateur-hour mistakes such as typos or bad grammar that can instantly tip off most people to steer clear of online offers.

“If a scammer puts enough time and effort into it, they can craft emails and websites that would fool anyone,” Roane said.

The National Retail Federation estimates that 164 million people will be shopping between now and Cyber Monday.

Black Friday is expected to get the most attention from consumers, with a projected 116 million whipping out the plastic. About 75 million shoppers say they’ll be on the hunt for online deals on Cyber Monday.

Not surprisingly, experts say scammers will turn out in force as well to take advantage of all this retail activity.

“The one that seems most compelling is coupons on social media,” said Linda Sherry, director of national priorities for Consumer Action. “I can see distracted shoppers clicking on online coupons and giving away info and card numbers to a scam site.”

For example, Facebook users recently might have encountered offers of a $200 Black Friday coupon for the Kroger supermarket chain. All they had to do was like the “Kroger Club” Facebook page.

It turned out, though, that Kroger Club has nothing to do with Kroger. The only thing you got after liking the now-defunct Kroger Club page was a sudden deluge of spam.

“There’s currently an unauthorized ‘$200 Black Friday Coupon’ offer floating around,” Kroger warned on its official page. “It’s not real! We do not recommend engaging with the site(s) or page(s) that are sharing the coupon or providing them with any personal information.”

Keep an eye out as well for sweet-looking offers of gift cards. These too are ways for con artists to get past your defenses.

Perhaps you’ve received an email recently offering you a free Amazon or Walmart gift card. Frequently these are ways that scammers either get you to share personal info or infect your computer with malware.

Nifty prizes and rewards also figure prominently in survey scams that promise a free laptop computer or some other device in return for you filling out page after page of questions.

Again, they’re going for information or luring you into clicking on a link that will unleash some nasty virus on your system, which in turn might ransack your files or even hold them hostage unless you pay a bitcoin ransom.

One of the smartest things consumers can do is to limit their shopping, particularly online, to stores and companies they know and are familiar with.

Even then, however, you’re not in the clear.

Kaspersky Lab, a purveyor of security software, says it has seen a big increase in attempts by hackers to go after online shoppers’ login credentials and other information using so-called banking Trojan programs, which intercept data being entered onto legitimate e-commerce sites.

The firm said 9.2 million such attacks were detected in the third quarter of this year, compared with 11.2 million attempts for all of 2017.

Kaspersky said it found variations of the malware targeting a number of well-known consumer brands, “including fashion, footwear, jewelry, gifts, toys and department stores.” It didn’t name the targeted businesses.

If your computer is infected with a banking Trojan, “criminals are able to steal payment card details when you enter them on a shop’s website,” said Yury Namestnikov, Kaspersky’s principal security researcher.

“After that, it is easy for a hacker to get to your money through a compromised credit card,” he said.

The cybersecurity firm RiskIQ says hundreds of Black Friday-related mobile apps may carry malware and be unsafe. It recommends downloading such software only from Apple’s and Google’s app stores.

Protecting yourself from cyber-scams means being vigilant. Some tips:

• Never click a link without giving it the once-over. That means hovering your cursor over the link and seeing the full web address. If it’s not clearly related to the dot-com you’re seeking, or if you see a long string of gibberish, back off.
• Be wary of any request for personal information. Never, ever give out your Social Security number or bank account number.
• Seek out secure websites. You can usually tell it’s secure if the address begins with “https” rather than “http.” Also look for a green padlock beside the web address. Clicking that will bring up the site’s security certificate. What you want are certificates from trusted sources, such as VeriSign or Symantec.
• At brick-and-mortar stores, don’t let your credit card out of your sight. Unscrupulous salespeople can use hand-held “skimmers” to steal card numbers.

It’s estimated that as much as 40% of holiday purchases will be made via mobile devices. That is a bad idea because it’s much harder to tell if a web address is kosher. Much better to limit such transactions to computers.

Above all, keep in mind the old saw about things being too good to be true. Scammers rely on you putting self-interest ahead of self-preservation.

Real companies may offer terrific deals at this time of year, but they don’t give things away for free and they seldom offer products for substantially less than competitors.

Tobie Stanger, a senior editor at Consumer Reports, said the best way to avoid being cheated is to be the one initiating a transaction, rather than responding to unsolicited offers.

“Don’t jump at stuff that’s thrown at you,” she said.

Stanger observed that most consumers are too busy nowadays to keep their defenses up. Scammers know this, she said, and they exploit our weakness.

“Slow down a little bit,” Stanger advised. “Take the time to exercise some common sense.”

It could spare you a world of hurt down the road.

David Lazarus’ column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to david.lazarus@latimes.com.