The holidays can be a busy time for shoppers and hackers alike. Black Friday and its newer cousin, Cyber Monday, are major economic events. Just last year, Americans spent roughly $5 billion(new window) in the 24 hours that make up Black Friday. Cyber Monday was even bigger: Americans spent over $6 billion(new window) in online purchases. Naturally, numbers like these attract the attention of all kinds of hackers, eager to take advantage of shoppers trying to get an early jump on their Christmas shopping.

We will discuss some of the hackers’ favorite techniques to seize your financial information — and what you can do to protect your online data.

1. Phishing

Phishing(new window) is a popular method of defrauding users because it only requires some social engineering knowledge and the ability to make a convincing email. Given that people are already primed to spend money during the holidays, their work is already half done.

Phishing attacks can range from emails offering incredible Black Friday sales, to offering free gift cards if you fill out a survey, to fake support emails claiming that you missed a delivery. Generally, these fakes try to impersonate well-known brands to gain your trust. In the past, Amazon(new window), Walmart(new window), and Kohl’s(new window) have been used in phishing scams.

2. Spoofed websites

While more technically demanding than crafting a phishing email, creating a convincing clone of an official retailer’s site is still fairly simple. Hackers will create websites that look just like Amazon and tempt you with incredible deals to enter your credit card information.

While the quality of the spoofs varies, from fake sites being littered with grammatical errors to clones that are nearly indistinguishable from the real site, the easiest way to spot a spoof is to check the URL. Check for .com rather than .net or .co, and watch out for similar characters, like “0” instead of “o”.

3. Malicious ads

Another common tactic to stay alert for is malicious ads(new window). Creating convincing ads is even easier than creating a genuine-looking website. Particularly skilled scammers can even get their ads placed on major platforms such as Google. The holidays see a surge in fake ads and, unfortunately, they can be hard to verify.

The best advice to give regarding fake ads is to simply avoid clicking on ads in general. If you are interested in a deal in an ad, the safest thing to do is to navigate to the retailer’s website yourself and find it there.

8 tips to protect your data against Black Friday scams:

  1. Inspect all links before clicking:Then evaluating promotional emails or ads this holiday season, be sure to inspect the hyperlinks before clicking on them. You can do this by hovering your cursor over the hyperlink without clicking on it. The URL for the link will pop up, usually in your browser’s bottom left corner. If the URL is not for the same company that sent you the email or if it looks suspicious, do not click on it. Also be very suspicious of any links you find via social media, especially shortened URLs that are much harder to evaluate yourself.
  2. Do not share your data unnecessarily: If an email is requesting that you respond with personal or financial information, treat that as a red flag. Never share sensitive data with corporations via email. Furthermore, you should never need to share more than your name, address, and phone number when shopping online. There should never be privacy or security questions when you are checking out.
  3. Find the deal yourself: If you are interested in one of the promotions in an ad or an email, it is much safer if you go directly to the retailer’s website in your browser and search for your desired product rather than clicking on the ad or the link in the email itself.
  4. Make sure the website you are on is secure: Before entering any sensitive information — name, address, or credit card numbers — into a website, ensure that the website is using encryption and verify its certificate(new window). A website is encrypted if its URL begins with “https:” rather than “http:” and there is a green padlock next to the URL. By clicking on this padlock you will bring up the website’s certificate. Verify that the certificate: comes from a trusted source, such as VeriSign, Symantec, or Entrust; has been issued for the organization who owns the website you are on; and that it is only valid for a year or two.
  5. Use verified apps: If you are shopping on your mobile device, be sure to only make purchases via apps downloaded from the official app marketplaces, such as Google Play or the Apple App Store. Even then, be skeptical of new or recently released apps that claim to be from a major brands. Each holiday season sees a new batch of fake apps flood the market while most major retailers have had their apps out for several years now.
  6. Protect your Internet connection: The best way to do this is to use a VPN service(new window). This prevents a malicious WiFi hotspot or DNS server from redirecting you to a phishing page if you are on an untrusted network. By using a VPN, you prevent any hackers from monitoring your online activity, especially when using public WiFi.
  7. Set up credit card alerts: Given the additional risk of a hacker stealing your credit card data, it is not a bad idea to set up a purchase alert with your credit card company. They can send you an email or SMS every time your card is charged. Be sure to set the limit as low as possible so that hackers cannot rack up hundreds of $19.99 charges undetected.
  8. Have some healthy skepticism: If you find an incredible deal or if an unbelievable offer is emailed to you unsolicited, there is a good chance you are being scammed. If an ad offers an outrageous deal, do not click on it. Try to find it at that company’s site yourself. Remember, if a deal looks too good to be true it probably is.

Take some additional time while shopping to remember the eight tips above and have a happy holiday season!

Best Regards,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter (new window)| Facebook(new window) | Reddit(new window)

Get a free Proton Mail encrypted email account(new window)

Protect your privacy and security online
Get Proton VPN free

Related articles

Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati