Black Friday scams

The holidays can be a busy time for shoppers and hackers alike. Black Friday and its newer cousin, Cyber Monday, are major economic events. Just last year, Americans spent roughly $5 billion(new window) in the 24 hours that make up Black Friday. Cyber Monday was even bigger: Americans spent over $6 billion(new window) in online purchases. Naturally, numbers like these attract the attention of all kinds of hackers, eager to take advantage of shoppers trying to get an early jump on their Christmas shopping.

We will discuss some of the hackers’ favorite techniques to seize your financial information — and what you can do to protect your online data.

1. Phishing

Phishing(new window) is a popular method of defrauding users because it only requires some social engineering knowledge and the ability to make a convincing email. Given that people are already primed to spend money during the holidays, their work is already half done.

Phishing attacks can range from emails offering incredible Black Friday sales, to offering free gift cards if you fill out a survey, to fake support emails claiming that you missed a delivery. Generally, these fakes try to impersonate well-known brands to gain your trust. In the past, Amazon(new window), Walmart(new window), and Kohl’s(new window) have been used in phishing scams.

2. Spoofed websites

While more technically demanding than crafting a phishing email, creating a convincing clone of an official retailer’s site is still fairly simple. Hackers will create websites that look just like Amazon and tempt you with incredible deals to enter your credit card information.

While the quality of the spoofs varies, from fake sites being littered with grammatical errors to clones that are nearly indistinguishable from the real site, the easiest way to spot a spoof is to check the URL. Check for .com rather than .net or .co, and watch out for similar characters, like “0” instead of “o”.

3. Malicious ads

Another common tactic to stay alert for is malicious ads(new window). Creating convincing ads is even easier than creating a genuine-looking website. Particularly skilled scammers can even get their ads placed on major platforms such as Google. The holidays see a surge in fake ads and, unfortunately, they can be hard to verify.

The best advice to give regarding fake ads is to simply avoid clicking on ads in general. If you are interested in a deal in an ad, the safest thing to do is to navigate to the retailer’s website yourself and find it there.

8 tips to protect your data against Black Friday scams:

  1. Inspect all links before clicking:Then evaluating promotional emails or ads this holiday season, be sure to inspect the hyperlinks before clicking on them. You can do this by hovering your cursor over the hyperlink without clicking on it. The URL for the link will pop up, usually in your browser’s bottom left corner. If the URL is not for the same company that sent you the email or if it looks suspicious, do not click on it. Also be very suspicious of any links you find via social media, especially shortened URLs that are much harder to evaluate yourself.
  2. Do not share your data unnecessarily: If an email is requesting that you respond with personal or financial information, treat that as a red flag. Never share sensitive data with corporations via email. Furthermore, you should never need to share more than your name, address, and phone number when shopping online. There should never be privacy or security questions when you are checking out.
  3. Find the deal yourself: If you are interested in one of the promotions in an ad or an email, it is much safer if you go directly to the retailer’s website in your browser and search for your desired product rather than clicking on the ad or the link in the email itself.
  4. Make sure the website you are on is secure: Before entering any sensitive information — name, address, or credit card numbers — into a website, ensure that the website is using encryption and verify its certificate(new window). A website is encrypted if its URL begins with “https:” rather than “http:” and there is a green padlock next to the URL. By clicking on this padlock you will bring up the website’s certificate. Verify that the certificate: comes from a trusted source, such as VeriSign, Symantec, or Entrust; has been issued for the organization who owns the website you are on; and that it is only valid for a year or two.
  5. Use verified apps: If you are shopping on your mobile device, be sure to only make purchases via apps downloaded from the official app marketplaces, such as Google Play or the Apple App Store. Even then, be skeptical of new or recently released apps that claim to be from a major brands. Each holiday season sees a new batch of fake apps flood the market while most major retailers have had their apps out for several years now.
  6. Protect your Internet connection: The best way to do this is to use a VPN service(new window). This prevents a malicious WiFi hotspot or DNS server from redirecting you to a phishing page if you are on an untrusted network. By using a VPN, you prevent any hackers from monitoring your online activity, especially when using public WiFi.
  7. Set up credit card alerts: Given the additional risk of a hacker stealing your credit card data, it is not a bad idea to set up a purchase alert with your credit card company. They can send you an email or SMS every time your card is charged. Be sure to set the limit as low as possible so that hackers cannot rack up hundreds of $19.99 charges undetected.
  8. Have some healthy skepticism: If you find an incredible deal or if an unbelievable offer is emailed to you unsolicited, there is a good chance you are being scammed. If an ad offers an outrageous deal, do not click on it. Try to find it at that company’s site yourself. Remember, if a deal looks too good to be true it probably is.

Take some additional time while shopping to remember the eight tips above and have a happy holiday season!

Best Regards,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter (new window)| Facebook(new window) | Reddit(new window)

Get a free Proton Mail encrypted email account(new window)

Related articles

How to fix a 502 error
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.
Proton VPN for Windows ARM
We’re pleased to announce a new Proton VPN app with native support for Windows devices that use the ARM chipset.
What is doxing and is doxing illegal
  • Privacy basics
We look at what doxing is, who does it (and why), and at how to protect yourself from doxing .