Black Friday and Cyber Monday scams: How to detect and avoid them

Cybersecurity Content Writer

For some, Black Friday and Cyber Monday are the perfect time to check the boxes on their Christmas shopping list. For others – an opportunity to use the shopping frenzy against you and steal your data. Today, we’re learning more about the most common Black Friday and Cyber Monday online scams, how to identify them, and what to do if you fall victim to them.

Common Black Friday and Cyber Monday scams

Over the years, scammers have developed numerous strategies to trick people out of their money and sensitive data. Here’s what you should look out for:

1. Websites requiring you to download an app

Imagine you're about to make an online purchase on a website with a killer deal. Suddenly, it turns out that the only way to grab this exclusive offer is by making a purchase through the app.

It’s true that some online shops might offer exclusive deals for mobile app users. However, you need to be cautious here. If you are shopping on a website you’re unfamiliar with and the company asks you to download its app to complete the transaction – it’s time to run. You're most likely being tricked into downloading a fraudulent app designed to steal your payment information.

2. Spoofed websites

Spoofed websites are websites that are designed to look exactly like well-known, legitimate pages. However, what lies beneath them is a system created to steal your passwords, card details, and other personal information.

The good news is that with a few tips and tricks, it’s pretty easy to catch them:

  • Check the URL. Trustworthy websites will always use HTTPS in their URLs, where the “S” stands for “secure.” Most browsers will also have a padlock icon indicating that the website is approved and trustworthy. If you see only HTTP or a broken padlock, the site isn't safe, and you should avoid supplying your sensitive data.

  • Look out for bad grammar. Glaring spelling mistakes usually mean that the website shouldn’t be trusted. Legitimate websites have dedicated teams who put a lot of time and effort into polishing their content.

  • Check the “Contact Us” page. A registered company will typically provide its place of business and contact details. If the only way to get in touch regarding refunds or delivery problems is via email, you should probably steer clear of such a website.

  • Do your research. Look up online reviews about the company across a variety of sources – but take them with a pinch of salt. If they're all new, written in the same tone, or sound too good to be true, they might be falsified – and that’s reason enough to become suspicious.

3. A delivery issue with your purchase

Beware of follow-up emails and text messages you receive after you've made online purchases. These days, scammers send notifications pretending to be from UPS, FedEx, or even online stores such as Amazon or Shein, claiming that they can’t deliver your parcel for one reason or another.

A fake delivery message might read something like this:

“We're sorry, but your package couldn't be shipped. Please click the link to rearrange delivery or update your method of payment.”

Like spoofed websites, scam delivery messages also often contain bad grammar, so keep your eye on that. Don’t click any unfamiliar links. If you’re having goods shipped from abroad, be wary of messages telling you to pay extra customs fees. Pause for a moment and check the delivery status on the website where you placed your order. Also, check whether custom fees were included in the delivery price.

4. Free Black Friday gift cards

Another common scam involves a notification that you won a gift card from a big retailer like Walmart. All you need to do to claim it is text back a random code or click a URL.

In reality, this is how scammers can collect your details and infect your device with malware. The scam might then be sent to all of the contacts in your address book. Simply avoid clicking any suspicious links and don’t interact with the notifications.

5. Phishing scams

In a phishing attack, the victim receives an email or a text message with bait, like a deal that is too tempting to pass up on or information you have to act upon immediately. The purpose of such bait is to lure you into a spoofed website and for you to provide your sensitive data, like your login credentials or payment details.

If you take the phisher’s bait and accidentally reveal your password, the scammers can use this stolen personal information to create fake online profiles, take out loans, ruin your credit score, or even steal your identity.

6. “Money-saving” browser extensions

What’s something people love as much as a good deal? Convenience. Combine the two and you’ll get browser extensions built to find the best deals on numerous e-commerce sites. However, extensions can also be used for more nefarious purposes, like gathering all your browser data.

Before you install a new extension in your browser, do some digging. Check if the developer is reliable – do they have any other extensions, what are the ratings, what do the reviews say? If anything seems suspicious, it’s best not to install the extension. Many browsers and extension catalogs will let you report such extensions as performing illegal activities or actively harming your device.

What to do if you were scammed

If you’ve been scammed, don’t panic. It’s not too late to protect your accounts and money. Here’s what you can do:

  • Check your bank statement. If nothing has happened yet but you think that your details might have been stolen, regularly check your bank statements for any suspicious purchases, no matter how small. Then move to the next step.

  • Notify your bank. Get in touch with your bank immediately if you have seen a suspicious charge or paid for a good or service and realize it’s a scam. Your bank will be able to tell you whether the suspicious transaction was fraudulent (or whether you just forgot about it) and in some cases can stop or revert the transaction.

  • Freeze your card. While you are in contact with your bank, request for your card to be frozen. Some top-up card providers make this solution easy; you can freeze your card in-app. That way, even if someone has acquired your card details, they won’t be able to use it.

  • Notify the seller. It’s a common scamming practice to use well-known brands to lure people into traps. If this happens to you, contact the official seller and inform its customer service that someone is using the brand’s name. The brand can make an official statement, inform its customers directly, and take further security precautions to prevent other people from falling prey.

  • Learn more about cybersecurity. Once all the steps above are completed, all that is left to do is make sure that you don’t fall prey again. The best way to do so is to learn how to recognize and avoid such scams.

Eight easy ways to avoid a scam

Even when you know how to spot a scam, accidents can happen. So to mitigate the risks further, here are some proactive steps you can take to keep your money and data safe:

1. Try alternative payments

Avoid using bank details that are directly tied to your lifelong savings or your wage. Use alternatives such as:

  • Apple Pay or Google Pay. These methods use a combination of biometrics and other digital safeguards, such as 2FA or TOTP, to secure your details.

  • Credit cards offer consumer protection in case you need to claim your money back.

  • Virtual cards can be issued for a one-time purchase or purely for online shopping with a spending limit imposed to prevent scammers from draining your funds.

If you use alternative payment methods and your data ends up in the wrong hands, the damage will be minimal. These payment methods usually don’t create access to huge amounts of money and can be frozen fairly quickly, meaning that your savings will be unaffected.

2. Protect your data with a VPN

If you're shopping on public Wi-Fi, it’s advisable to do so with a VPN. You never know who’s “reading” the online traffic, and it’s really easy for bad actors to do so over an unprotected Wi-Fi connection. A VPN encrypts and hides the data you transmit over the internet, so cybercriminals can't steal a thing. NordVPN can help you reinforce your security on all your devices with Meshnet and Double VPN.

3. Create complex passwords

Setting passwords for a number of online shops can seem arduous and often leads to people using the same easy-to-remember passwords everywhere. However, if the passwords are easy for you to remember, they are often just as easy to crack. And since e-commerce sites have access to your name, address, and payment details, they're a goldmine for hackers.

Make sure you use strong passwords that contain at least 12 characters and include numbers, upper- and lowercase letters, spaces, and special characters, such as .,! @ # ? ];. Don’t worry – you don’t need to do it all on your own. The NordPass Password Generator can help you create complex passwords in a matter of seconds.

4. Keep track of your spending

Keep a close eye on your online accounts and credit card reports, and make sure you see no inconsistencies following the big shopping season. Be on the lookout for suspicious purchases, especially minor ones, because scammers tend to start small before going all in. If you spot any suspicious activity, inform your bank or credit card provider immediately.

5. Choose apps with caution

Inspect the name, description, and icon of an app you are about to download. Fraudulent apps can't use the same name as the real app they want to disguise themselves as, so they'll replace o's with 0's or change the name very slightly – for example, they can replace SwiftKey with SwiftKeyboard or WhatsApp with Update WhatsApp.

If you see the same icon in the app store more than once, be alarmed. A fraudulent app cares little for copyright laws, and not all app stores vet the catalog thoroughly. Unfortunately, it’s up to you to choose a verified app. Take a look at the developer and the number of downloads – if the numbers seem suspiciously low, steer clear of the app.

6. Stay rational

Most scams are designed to use your emotions against you. Read carefully through the sudden notification or email you’ve received. Is it trying to instill a sense of urgency, greed, or fear? These are indications that the deal or the message you’ve just received is trying to trick you into handing over your sensitive details ASAP.

Refrain from clicking on links, downloading files, or entering personal details. If you’re told that your delivery is suspended, contact the seller or the delivery company directly to confirm its status. Check the social media accounts of the stores and see whether the promotion is public and active. If everything aligns, perfect – take advantage of the deal. If not, it’s better to stay away from it.

7. Check for new scams

Scammers are a creative bunch. As such, the average person may find it difficult to keep track of all the new scams that emerge every season. One way to keep up to date is to simply use Google search.

Try running a search with these keywords:

  • Company name + scam (“Amazon scam”)
  • Product name + scam (“new iPhone scam”)
  • New method + scam (“delivery SMS scam”)

You can also check forums or recent discussions on Reddit to see if anyone’s had experiences with recent scamming attempts.

8. Use a password manager

Password managers are tools that store your complex passwords, help you generate new ones, and protect them from intruders. Additionally, they can also make your online shopping experience a breeze.

Password managers like NordPass can store your payment and delivery details, which you can then fill automatically anytime you shop online. You don’t need to cancel the purchase just because you can’t find your wallet – just log in to your NordPass account, and Autofill will do the rest.

Frequently asked questions

What are some of the red flags to watch out for?

  • Suspicious URLs and website design. Never open URLs that you don’t know and check if the domain is legitimate. Furthermore, while it’s possible the site you’re visiting has rebranded, if anything is giving off uncanny valley vibes – say, the fonts, color schemes, or the layout – it’s probably better to double-check.
  • Too good to be true offers. Always check with the official retailer’s site and social media to see the deals they’re running. If there’s no mention of the offer you received, it might be a scam attempt.
  • Unsolicited emails and messages. If you’re not subscribed to the store’s newsletter, you probably shouldn’t be receiving emails from them. Check for suspicious sender email addresses and don’t click on any links.
  • Poor grammar and spelling. Delivering quality is key to maintaining a good brand image, so online stores don’t want their sites to be riddled with typos.
  • Pressure tactics. Some online shops offer limited-time deals and include countdowns in their promotional emails. However, if you’re being coerced into buying something or dealing with your order delivery immediately, you’re probably being pressured into revealing your personal details.

Is it safe to click on ads promoting Black Friday and Cyber Monday deals?

Sometimes, but not always. If you see an ad on social media from a verified account and the information corresponds with the deals on the official website, you can go ahead and shop away. However, if the URLs seem suspicious and the domains are slightly different from the official website, it’s best not to click them.

Are mobile shopping apps safe to use during Black Friday and Cyber Monday?

If you download a shopping app from the official retailer, it’s perfectly fine to use it. However, be cautious with random downloads on the app store. Always cross-check the developer to see if it’s really the official app and check the reviews on the app store and elsewhere on the internet.

Keep a cool head this season

Who doesn't love a good bargain, especially during the busiest shopping season of the year? It can be easy to be swept away by the maelstrom of discounts and deals. Now you’re fully equipped to identify and avoid the most common Black Friday and Cyber Monday scams.

So, shop until you drop – just remember to always double-check the merchant and what they are offering. Keep a cool head before pressing the “buy” button because, as the old adage goes, if it is too good to be true, it probably is.

If you’re looking for ways to stay safe this Black Friday and Cyber Monday, consider the NordPass password manager. NordPass uses encryption to protect your login credentials, credit card details, home address, and more. Create new secure passwords for all your favorite shopping platforms and keep them safely encrypted with NordPass. Enjoy all the best deals of the shopping season – without compromising your security.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.