Steer your online cart safely Black Friday and Cyber Monday 2024

You won’t be the only one looking for a lighting deal. Last year, Americans spent a total of $10 billion online alone on Black Friday. The combination of hype, quick deals, impulsive decisions, and flurrying credit card numbers create a perfect storm that can easily conceal a scam among the bargains, creating a once-a-year opportunity for the cybercriminals.

Another eye-popping figure from the shopping season?

An estimated 34 million Americans were targeted in online shopping scams last year.

Be prepared for Black Friday 2024 by doing your research—yes, for bargains, but also for the scams that you are most likely to encounter on Black Friday, Cyber Monday, and even (sadly) on Giving Tuesday.

Here is NOC’s list of the most common shopping scams we expect you to encounter in 2023 as well as our top cybersecurity tips to keep you safe while shopping this year.  

Expected 2023 Cyber Monday Scams

1. Fake websites.

Most of us do not normally shop on unfamiliar websites, preferring to stick to mainstream, trustworthy websites. However, on Cyber Monday, the promise of unbelievable bargains on previously unknown sites often lures even the most skeptical buyer off of the beaten path.

A perennial favorite of scammers, fake websites appear to be legitimate online shopping sites, when in reality, they are just a thin veneer of false bargains. The end goal of most fake websites is to entice a shopper to make an purchase on the site—entering credit card and personal information in the checkout process.

Fake websites take many forms. Some disguise themselves as unfamiliar, yet legitimate, shopping sites, while other intentionally spoof well-known and trusted e-commerce sites. Users frequently arrive to these sites by clicking on ads in social media or elsewhere around the internet. A recent Better Business study reported that a whopping 40% of shopping scams originate from Facebook and Instagram.

Many shoppers go through the entire phony purchase process without realizing that they have just become the victim of a non-delivery scam. The alarm bells should start to go off when purchasers receive no confirmation email, receipt, or shipping information, though the frenzy of cyber weekend shopping means that many shoppers lose track of their purchases.

2. Promise of a deal in exchange for personal information

We're all pretty accustomed to exchanging information for a deal. Hence all those spammy sales emails filling up our Promotions folder.

But just how much information would you be willing to give out? A recent survey of US shoppers says that 87% of Americans would trade personally identifiable information (including full name, email address, banking information, and more) for a free gift or service or just a discount on a product. And what's worse? Up to 89% of people who have already fallen prey to a scam would provide their personal information again.

3. Don't use public Wi-Fi

Even if you're waiting in the airport through travel delays the day after Thanksgiving, we can't stress enough how important it is to avoid using public Wi-Fi. While that's a general rule that applies all the time, it is even more important that you do not use public Wi-Fi for online shopping.

4. Email phishing scams

As Black Friday offers begin rolling into your email inbox, scammers hide their own messages and malicious links in lookalike messages designed to capture your clicks.

Like we examined in our Dick’s Sporting Goods phishing report last year, phishing scammers can now be extremely professional in their execution of spoofed emails. Long gone are the days of the Nigerian prince in despair. These emails will target your weak points— and the deals you're looking to score.

5. Giving Tuesday donation scams.

Unfortunately, cybercriminals do not stop scamming at 11:59PM on Cyber Monday, they roll right into Giving Tuesday with their next round of traps. Using all of the same tricks (fake websites, phishing emails, smishing texts, and vishing phone calls) fraudsters crank up the emotional appeal in an attempt to guilt and push soft-hearted individuals into providing their payment information for a small donation. The FTC provides helpful advice for recognizing and avoiding such charity scams.

6. AI-Powered scams.

While we're all coming to the uncomfortable realization that AI is here to stay, you do need to be especially aware of it around holiday shopping. AI may be used to create everything from fake product images to natural-sounding phishing scam emails or text messages. Be vigilant of any message asking for money.

How to separate the real deals from the scams.

1. If it looks too good to be true, it probably is.

Norton warns that if a deal offers more than a 55% percent discount, you should be especially wary. Deals that are 90% off are likely scams, rip-offs, or of dubious quality (we’re looking at you Temu).

2. Do not click on offers received via email or SMS text.

Phishers often obscure the true destination of a link. Always navigate directly to a site by typing the desired site’s home page URL in your browser’s address bar.

3. Do not click on social media ads.

Social media ads have proven to be particularly risky in the shopping season. Once again, the solution is to navigate directly to the desired site through your browser’s address bar.

4. Use PayPal when possible.

PayPal does not want you to make a fraudulent purchase through their service, because it makes them look bad and they do not want to have to reimburse you! Although using PayPal does not guarantee a safe purchase, it does give you another avenue of recourse if things go sideways.

5. Never wire money for payment.

Wire payment services like Western Union and MoneyGram are a one-way pipeline. If you send money to a scammer through wire transfer, you have no recourse to recover anything that was stolen. Most credit cards offer robust fraud protection and provide a far better opportunity for you to recover your money.

6. Learn to identify fake websites.

Aside from obvious grammatical and typographical errors, many fake websites have a few tells to help you call their bluff.

• Examine the domain name to ensure that it is not being spoofed.
• If you simply must click a link in an email (which you should not do), hover over it with your cursor before clicking to examine its actual destination.
• Examine shop policies and contact information. Legitimate e-commerce sites will always make sure that they list a physical address, valid phone number, and shipping/return policies. The absence of any of these elements should raise a red flag.Do a quick web search to see if you are encountering a common scam.

To learn more about identifying fake websites, the Better Business Bureau and MalwareTips both have great articles that can further your knowledge.

7. Only purchase on "https" websites.

Compared to websites with the http prefix, https sites are far safer; in fact, the “s” stands for secure. This is due to an extra layer of encryption that protects traffic to and from the site from prying eyes. Just look for the little padlock in your browser’s address bar that indicates you are on a secure site.

8. Stick to mainstream e-commerce site on Black Friday and Cyber Monday.

Etsy, Amazon, Walmart, Target, Best Buy, and many other mainstream sites offer tremendous deals during the height of shopping season. Although it might be tempting to try your luck on unknown sites, just remember that it’s a gamble—and the house always wins.

If you do decide to purchase on an unknown site, use a strong password that you do not use on any other sites. Better yet, use a password manager that creates and remembers your passwords for you!

9. Use tools that can make your experience safer.

In addition to multifactor authentication (MFA or 2FA) on your payment and banking accounts, consider these free tools that can add a little security boost to your cyber shopping.

• CamelCamelCamel tracks the price of products on Amazon to help you know if you are actually looking at a good deal, a scam, or marketing hype.
• Google Safe Browsing allows users to check the security of a URL in a simple, familiar Google search bar.

10. Use common sense.

Before clicking on a suspicious shipping link, check for information that identifies an order that you know you actually made. If you receive an email saying that your order did not go through, make sure that you actually made an order for that item on the site in question.

Stay safe out there!

At the end of the day, remember that many costly mistakes are made impulsively. A simple pause before the click could save you thousands of dollars and weeks of headaches.