Unmissable deals, a limited time period, and billions of pounds being spent online – it’s music to cybercriminals’ ears. This time of year offers scammers the perfect opportunity to trick users into thinking they’ve found a great deal and must act quickly, only to find themselves the victim of a Black Friday scam. The consequences of Black Friday scams can be devastating for both businesses and consumers - here are our top tips for avoiding them.

black friday scams

What is Black Friday?

Black Friday originated in the US and has become increasingly popular in the UK in recent years. Occurring annually, the Friday after Thanksgiving. It’s a huge event that sees thousands of stores slash their prices for the weekend, so shoppers can take advantage of great deals in the run-up to Christmas. Black Friday has even extended into ‘Cyber Monday’ and further into ‘Cyber Week’ where deals can continue to be found online.

 

Black Friday scams will be even more common this year

According to research by finder.com, 59% of UK adults plan to make at least one purchase during the Black Friday weekend in 2024. This shows a significant increase from 51% in 2023.

As AI becomes more prevalent, The National Cyber Security Centre (NCSC) is warning that cybercriminals are more likely to leverage AI technologies. They’ll use tools like large language models, to craft more convincing phishing emails, fake adverts, and impersonation websites. This will make it harder for individuals to detect the common signs of scams.

Data published by the National Fraud Intelligence Bureau (NFIB) revealed that a staggering £10.6 million was lost to online scams among British people from November 2022 to January 2023. An average victim loses £639 to these scams. This is expected to rise this year. AI has made it easier for cyber criminals to develop highly convincing fraud campaigns.

 

What kind of Black Friday scams are out there?

Impersonation sites

Scammers use impersonation (spoofed) websites to advertise fake Black Friday deals, steal your credit card information to use or sell, and possibly grab other personal information such as your name and address.

During Amazon Prime Day 2020, hundreds of sites were found to be replicating the Amazon site in order to trick users into divulging personal and financial information. Emails impersonating Amazon would be sent out, claiming to be about order cancellations or returns. This would lead users to a site that impersonated an Amazon customer service website, asking users to fill out a form with their personal and financial details.

The easiest way to avoid a cloned site is to make sure you’re visiting the official website. To make sure of this, check the URL to see if there are any typos and if the correct domain is being used. For example ‘.co.uk’. You can also bookmark the website you want to visit for easy access.

 

Phishing emails

In Black Friday phishing emails, you may receive an email or other message from well-known retailers suggesting that there’s something wrong with an item you ordered, your account, or claim to share offers that seem too good to be true. Scammers aim to take advantage of your concern – or your eagerness to get a great discount – and lure you into sharing sensitive information.

Phishing emails are meant to trick you into clicking a suspect link, providing your bank login credentials, or other personal information.

If you click on a phishing link, you should act right away. Immediately change your username and password, if you provided login credentials for any site. If you entered any bank details, you should contact your bank straight away and cancel your card. The bank should reissue you with a new card.

 

Messaging apps and social networks

Increasingly, cybercriminals have been using social media and messaging platforms in order to come across as trustworthy to unsuspecting users.

In 2018, WhatsApp was used by hackers to trick users into believing they had been awarded a 99% discount at various retailers. The link exposed victims to malware and other cyberattacks.

The best way to notice a scam via this method is to check for unknown numbers or any misspellings or grammatical mistakes. Also be aware of wording asking you to click a link or forward a message. If you receive a message that matches these criteria’s, you should delete immediately.

 

How to avoid getting scammed on Black Friday

Double-check the web address

Scammers will often create very similar domain names to those they are impersonating, so double-check that you’re on the correct website. They may have added in hyphens or duplicated a letter, which isn’t always easy to spot. Broken links, typos or slow-loading pages can be a giveaway that you’re on a scam site and not an official one.

Always make sure the website you’re using is secure. A secure URL should begin with ‘https’ rather than ‘http’. The ‘s’ in ‘https’ stands for secure, which indicates that the site is using a Secure Sockets Layer (SSL) Certificate. Secure sites will also have the padlock symbol next to the web address. This indicates whether or not your information – such as passwords and card details – is secure and will not be intercepted when sent to this site. Note: the padlock doesn’t guarantee that it won’t be stolen once it gets there, though. So it’s important to check you’re on the correct website before entering any information.

Be cautious of clicking links in emails

Emails about the latest offers and big discounts can be enticing but think twice before you click. Scammers can make it look like their emails are from a established brand. Check the actual email address and you may find that it’s a ruse. Other things to look out for include spelling and grammar mistakes, a sense of urgency persuading you to act immediately, and discounts that are much bigger than usual.

Don’t buy from shops you haven’t heard of

The combination of Black Friday discounts and the rise of e-commerce means that popular items will likely go out of stock quickly. However, this doesn’t mean you should go buying from websites you haven’t heard of before. Instead, stick with the brands you know.

Buying from well-known brands, or supporting local businesses, gives peace of mind. You know your money is going to a legitimate company and you will receive the items you buy.

 

Top tips for consumers:

  • Use credit cards: Shop with a credit card instead of a debit card. Credit cards often provide better fraud protection, easier refunds, and prevent direct access to your bank account.
  • Use secure networks: Avoid using public Wi-Fi for online shopping; these networks are vulnerable to hacking. Stick to your personal, secure Wi-Fi connection.
  • Check suspicious links: If you receive an email, text, or message with a shopping link, go directly to the retailer’s official website instead of clicking the link.
  • Monitor your accounts: Regularly review your bank and credit card statements for any unusual activity. Set up text or email alerts for transactions to catch fraud in real-time.
  • Research sellers: Before buying, seek out reviews and ratings for the seller to ensure their legitimacy. Be cautious of deals that seem too good to be true.
  • Stick to trusted retailers: Shop only from well-known, established retailers or verified online marketplaces to reduce the risk of fraud.
  • Check for HTTPS: Before entering payment details, ensure the website uses HTTPS (look for a padlock symbol in the address bar) to ensure your data is encrypted.
  • Create strong, unique passwords: Use complex passwords for online accounts and consider a password manager for added security.

Top tips for retailers:

  • Ensure secure payments: Verify that your payment systems are PCI-compliant to protect customer data during transactions.
  • Check for brand impersonation: Keep an eye on scams impersonating your brand, such as fake websites or phishing emails, and take steps to report and shut them down.
  • Strengthen your cyber security measures: Employ firewalls, intrusion detection systems, and secure socket layer (SSL) certificates to protect your website from potential attackers.
  • Update software regularly: Keep all software, including payment systems and website plugins, up-to-date to patch vulnerabilities that hackers could exploit.
  • Educate your staff: Train your team to recognise phishing emails, social engineering tactics, and other scams targeting your business.
  • Implement Multi-Factor Authentication (MFA): Ensure your business is using MFA for access to sensitive systems, such as payment processing tools and administrative accounts.
  • Monitor website activity: Use analytics tools to monitor website traffic for unusual patterns that could indicate hacking attempts, such as multiple failed login attempts or a sudden surge in activity.
  • Test your security: Conduct regular penetration tests to identify vulnerabilities in your systems and ensure they’re addressed before the busy shopping season.

 

Strengthen your cyber security

If you’d like help with your cyber security strategy, the specialist team at Air IT is happy to help – please don’t hesitate to get in touch.