Article

Quick guide: Avoid malicious links during shopping season

A person looking at a discount sneaker on a screen
Luciano Mondragon
Luciano Mondragon
|
Nov 26, 2024
|
6 min read

Each year, the holiday shopping season seems to sneak up on us — but for online criminals, it’s a carefully planned opportunity. Today, Black Friday and Cyber Monday are no longer just about finding great deals; they’ve also become prime time for online shopping scams.

And you can find these scams almost any­where: emails, fake ads, social media posts, and even text messages. The tricky part is to spot them, as many of these scam messages and the links they include look totally fine at first glance. That’s why free tools like the F-Secure Link Checker are so useful: by taking a moment to verify a link before clicking, you can shop with confidence and avoid falling victim to online scams.

With 1 in 3 people reporting they’ve fallen victim to online scams in 2023 and a 22% surge in scams during Black Friday, it’s likely you will also encounter scams this shopping season. So, let’s dive into how these scams work, and how a quick check can keep you safe.

Online shopping scams usually involve malicious links — URLs crafted to look trust­worthy but designed to lead you to fraudulent web­sites where online criminals carry out their schemes, such as:

  • Stealing personal information: Fake pages collect sensitive details like usernames, pass­words, and credit card numbers.

  • Spreading malware: The linked sites trigger down­loads that install viruses or spyware on your device to steal money and personal information.

  • Committing financial fraud: Fraudulent payment pages trick you into sending money, with no product or service delivered in return.

Instead of being written as a clear URL (such as www.example.com), scam links are often embedded in catchy buttons with text such as “click here”, “buy now”, or “verify your information”. By clicking such a link, you’re taken to a site specifically designed to deceive and exploit you — making it critical to verify any link before opening it.

However, just opening the link does not yet cause you problems — if you do not do any­thing else on the page. But if you are already there, you’ve taken the first step of falling victim to a scam.

Online criminals are relentless and creative in getting you to click. Here are the most common methods they use to send malicious links:

1. Phishing emails

These emails mimic trusted brands, offering deals or alerts like, “Your order is delayed — click here to track it,” or “Your payment was declined — verify your credit card”. Once clicked, the link takes you to a fake site that harvests your data.

  • Example: A fake email from “Amazon” prompts you to log in to view a special holiday deal. The link leads to a lookalike page that records your login credentials.

2. Text messages (smishing)

SMS phishing (aka smishing) scams use urgency to prompt clicks. Messages might claim suspicious activity on your account or a package delivery issue.

  • Example: “Your package delivery has been delayed. Click here to update your address.”

3. Social media ads and posts

Scammers flood platforms like Facebook and Instagram with fake ads for discounted products. Clicking these ads often takes you to phishing sites or pages that spread malware.

Example: A social media post promises a 90% discount on a luxury brand item but redirects you to a fraudulent checkout page.

4. Fake ads on search engines

Sometimes, malicious links are embedded in ads that appear at the top of search engine results. These ads look official but lead to scam websites.

Online criminals rely on psycho­logical tactics to trick people into clicking without thinking. They play on:

  • Urgency: “Act now — only 2 left in stock!”, “Sale ends in 10 minutes!”

  • Fear: “Your account has been locked”, “There was trouble with your credit card”, “Our delivery partner couldn’t reach you.”

  • FOMO (Fear of Missing Out): “Exclusive offer: 70% off your favorite brand!”, “Selling fast! Click now to get yours.” “Don’t miss this offer.”

These tactics combined with professional-looking designs make the scams so alluring and almost indistinguishable from legitimate messages.

Given how sophisticated these scams are, it’s crucial to double-check any link before clicking. Follow these steps to stay safe:

1. Use a free link checker before clicking

Imagine receiving an email from “PayPal” warning about unauthorized account activity. You’re asked to click a link to confirm your account details. You copy the link into the F-Secure Link Checker, which immediately flags it as malicious. With just a few clicks, you’ve saved your­self from a scam. It’s free and fast, and that’s why it’s the best way to avoid malicious links.

2. Check sender email addresses and URLs

Even if the email or message looks legitimate, examine it closely. Watch out especially for URLs (web addresses) that don’t match the official website. For example, one letter may be replaced with a number. The difference is often very small, which makes these hard to spot.

3. Go directly to the source

If you receive a message claiming to be from a retailer or delivery service, don’t click any links in it. Instead, visit the company’s web­site directly by typing the URL into your browser.

4. Be cautious of social media ads

If you see an ad for a too-good-to-be-true deal, check the seller’s profile and reviews. Fake profiles with fake followers are usually made hastily as social media platforms try to curb them. Such profiles don’t usually have many posts but may still have huge follower counts.

5. Enable two-factor authentication (2FA)

Two-factor authentication adds an extra layer of protection. Even if scammers steal your pass­word, they’ll still need a second verification step. Also, if you have unique pass­words for every account, criminals can’t access your other accounts either.

Create unique passwords for free with FSecure Strong Password Generator.

A person checking on a sneaker sale on a screen

Click smart with FSecure Link Checker

Whether it’s a deal from your favorite retailer or a message about a delayed package, verifying the link with F‑Secure Link Checker ensures you won’t fall into a scammer’s trap. Unlike other verification methods that require effort and searching for details, this tool is:

  • Free: Accessible to anyone without subscriptions or fees

  • Easy to use: Copy and paste a link, and within seconds, you’ll know if it’s safe

  • Powered by experts: Backed by decades of F‑Secure’s cyber security expertise