With the holiday season fast approaching and November coming to an end, it’s time to prepare yourself for all the incredible deals that Black Friday has to offer. And more than ever, in the interconnected digital world we live in, shopping online for the best deals couldn’t be simpler or easier.

However, with online shopping comes the threat of online shopping scams, and, on Black Friday, digital consumers are at a higher risk than usual. With the enormous increase in online commerce and remote working since the global pandemic, consumers should be particularly aware of Black Friday online threats this year. Luckily, our team of cybersecurity experts has put together this guide to shopping online safely and securely in the run-up to Black Friday this year.

Staying Safe from Black Friday Online Threats

The best way to stay secure when you’re shopping online this holiday season is by knowing what cyberthreats are out there and some of the telltale signs that you’re in danger of falling victim for them when shopping online. So, to make sure you don’t get caught out by any holiday attackers, we’ve listed all potential online threats in detail below.

Black Friday Phishing Scams

A consistently popular technique used by cybercriminals all over the world, phishing, (often referred to as a phishing scam), is a cybercrime that all digital consumers should be on the lookout for in the lead-up to Black Friday (and all year round). As phishing techniques have become more sophisticated, cybersecurity experts have noticed an equal rise in the number of scams that require the user to input their personal data via a link to a fraudulent website (often disguised to look like a large retailer’s official webpage) so that an online scammer can steal your information for identity fraud or steal your credit card data. The most common Black Friday Phishing scams to watch out for consist of:

Fake Order Phishing

As the name suggests, this type of threat involves the phisher sending you (by text or by email) a fake notification saying that there has been a problem with your order (even when you haven’t ordered anything). These messages usually require you to click on a link to a fake website where you will be prompted to enter sensitive information for “confirmation” but your data will be collected by the attacker.

The same technique is used with online order confirmation forms and notifications. In some cases, you might even receive a fake confirmation message via phone, text, or email. In all cases, you will be informed that you’ve been charged the incorrect amount and that you should follow a link or go to a certain website to “cancel” your order. But when you call/click on the link, a fraudulent website, or phishers will attempt to collect your credentials or sensitive information. The scammers also can send you fake notification about problem with delivery of your package.

In rare cases, you may be asked to download an attachment from a phishing email and return it with your information to fulfill the cancellation. Beware, not only is the form fake, but the downloaded file may also contain other forms of malware that could infect your system.

Website spoofing

In recent years, scammers and cybercriminals alike have gone to great lengths to create fully functioning fraudulent websites in order to fraud online consumers.

These fake websites may look remarkably similar to their genuine counterparts, with very subtle differences in both the design and the URL structure.

In holiday rush or in sales period, these subtle differences often are missed. But such carelessness can cost the user the loss of his personal data and financial resources.

Remember, if you've unknowingly made an online purchase from a fake website, you are a victim of financial fraud. You should immediately report it to your bank and file a complaint with the relevant supervisory authorities.

Fake Charity

Equally, cybercriminals have been known to take advantage of the season of giving by creating fake websites and social media campaigns under the guise of a charitable organization. In some cases, these fake organizations may even try to contact you directly in the form of a spam email or text message asking for “donations” to be sent digitally, so be careful to research your chosen charity thoroughly before you transfer any money.

How to Shop Safely Online this Black Friday

Even knowing the above threats and scams may not be enough to stop today’s sophisticated scammers and cybercriminals from trying to lure you into paying or disclosing personal details during the days (or weeks) leading up to Black Friday - which is why we’ve put together a handy list of things you can do to avoid getting deceived this year:

Buy from Trusted Retailers Only

This may sound simple but, in practice, buying from respected and known online stores can be a little tricky when you’re shopping around for the best deals. Cybercrime experts recommend that you always Google the website first to see if it’s been reported online already as a scam site, followed by some research into who the brand is and where their stores/head office are/is based. You can do the same thing for the product itself:

Simply search online for “brand + scam” or “product name + scam” in your browser of choice.

Another good advice is to use “WHOIS” services, which can show the creation date of the domain: if the creation date was about a few weeks ago, it can be a sign of fraud website so you need to pay extra attention to it.

Equally, you should always take the time to read the reviews of the products posted on the website where you’re shopping. Consistently highly rated short descriptions are a warning sign when looking through a product’s reviews.

Be Aware of the Website Itself

Even though you may be in a hurry to get the best deal first, slow down and take a look at the website itself. See if any of the colors are slightly different from how you may have seen the website before and check for any spelling mistakes or strange formatting errors in the text of the webpage, or the URL itself.

You should also be careful if the webpage does not have a legitimate SSL certificate; this is indicated by the address of the website beginning with “HTTPS” instead of “HTTP” in your browser and should be accompanied by a little green padlock in the left corner of your browser bar.

Finally, one big warning sign that you’re using a fake/scammer’s website is that the company itself does not have any physical address listed on the website or real contact details.

Never Click Unfamiliar Links in Emails, Text Messages and Notifications

This may sound obvious, but with phishing and scams becoming more and more sophisticated, it’s imperative that you do not click on any unfamiliar links or download any suspicious-looking attachments embedded in emails, links, or notifications on any of your devices. Around Black Friday, look out for any unusual-looking links directing you to go to delivery websites or asking you to resolve a problem with your order; these will most likely be cybercriminals.

Use a Password Manager or Vault

To avoid the perpetrators gaining access to your email account directly or other online accounts (particularly if it is an online shopping account with your bank details in it), we recommend using a password manager to create, store, retrieve, and guard your sensitive passcodes. Our password-management tool allows you to generate “strong” and unique passwords (10-12 characters long, containing a mix of special characters, numbers, uppercase, and lowercase letters), store them, and keep track of them easily (with an auto-fill function).

Use a Respected VPN

With many of us working remotely, you may find yourself doing your Black Friday shopping on an unprotected public WI-FI connection. Unfortunately, public connections often act as easy gateways for attackers to get into your local system. To avoid this threat, we recommend using a VPN. A Virtual Private Network works by creating an encrypted private tunnel between a user’s remote computer and any external servers (such as retailers with Black Friday offers). As a result, your browser and system will be protected from any outside threat.

Use a Virtual Card instead of a Debit Card

Virtual cards offer enhanced security for online shopping compared to physical cards. Since the virtual card details are different from the user’s physical card, the risk of fraud is reduced. Virtual cards can also be disabled or deleted, and they may have transaction limits.

What to do if you get Scammed or phished this Black Friday?

If you do get scammed or phished this Black Friday, then the first thing to do is not panic. Simply follow the below steps to avoid serious personal and/or financial damage:

Cancel your credit or debit card immediately and contact your bank to let them know that they should block future transactions with this card.
Enact a credit lock to freeze your credit.
If possible, cancel any pending payments that haven’t left your account yet.
Change your usernames and passwords immediately so that no further damage can be done with your identifying data.
Perform an antivirus check on your computer to see if there is any lingering malware that has found its way onto your system. We recommend using our dedicated security software Kaspersky Premium, which can offer you total protection, regular updates, and consistent help and support.

Follow the above tips and advice to stay safe online. Happy Holidays!

Recommended Articles and Links:

Recommended products: