Unmissable deals, a limited time period, and billions of pounds being spent online – it’s music to cybercriminals’ ears. This time of year offers scammers the perfect opportunity to trick users into thinking they’ve found a great deal and must act quickly, only to find themselves the victim of a Black Friday scam. The consequences of Black Friday scams can be devastating for both businesses and consumers - here are our top tips for avoiding them.

black friday scams

What is Black Friday?

Black Friday originated in the US and has become increasingly popular in the UK in recent years. Occurring annually, the Friday after Thanksgiving, it’s a huge event that sees thousands of stores slash their prices for the weekend, so shoppers can take advantage of great deals in the run-up to Christmas. Black Friday has even extended into ‘Cyber Monday’ and further into ‘Cyber Week’ where deals can continue to be found online.

 

Black Friday scams will be even more common this year

According to research by finder.com, 51% of UK adults plan to make at least one purchase during the Black Friday weekend in 2023, showing a remarkable jump from 39% in the previous year.

As AI becomes more prevalent, The National Cyber Security Centre (NCSC) is warning that cyber criminals are more likely to leverage AI technologies, like large language models, to craft more convincing phishing emails, fake adverts, and impersonation websites, making it harder for individuals to detect the common signs of scams.

Data published by National Fraud Intelligence (NFIB), revealed that a staggering £10.6 million was lost to online scams among British people from November 2022 to January 2023, with an average victim losing £639. This is expected to rise this year as AI has made it easier for cyber criminals to develop highly convincing fraud campaigns.

 

What kind of Black Friday scams are out there?

Impersonation sites

Scammers use impersonation (spoofed) websites to advertise fake Black Friday deals, steal your credit card information to use or sell, and possibly grab other personal information such as your name and address.

During Amazon Prime Day 2020, hundreds of sites were found to be replicating the Amazon site in order to trick users into divulging personal and financial information. Emails impersonating Amazon would be sent out, claiming to be about order cancellations or returns. This would lead users to a site that impersonated an Amazon customer service website, asking users to fill out a form with their personal and financial details.

The easiest way to avoid a cloned site is to make sure you’re visiting the official website. To make sure of this, you can check the URL to see if there are any typos and the correct domain is being used, for example ‘.co.uk’. You can also bookmark the website you want to visit for easy access.

Phishing emails

In Black Friday phishing emails, you may receive an email or other message from well-known retailers suggesting that there’s something wrong with an item you ordered, your account, or claim to share offers that seem too good to be true. Scammers aim to take advantage of your concern – or your eagerness to get a great discount – and lure you into sharing sensitive information.

Phishing emails are meant to trick you into clicking a suspect link, providing your bank login credentials, or other personal information.

If you click on a phishing link, you should act right away. If you provided login credentials for any site, you should immediately change your username and password. If you entered any bank details, you should contact your bank straight away and cancel your card. The bank should reissue you with a new card.

Messaging apps and social networks

Increasingly, cybercriminals have been using social media and messaging platforms in order to come across as trustworthy to unsuspecting users.

In 2018, WhatsApp was used by hackers to trick users into believing they had been awarded a 99% discount at various retailers. The link exposed victims to malware and other cyberattacks.

The best way to notice a scam via this method is to check for unknown numbers or any misspellings or grammatical mistakes, or wording asking you to click a link or forward a message. If you receive a message that matches these criteria’s, you should delete immediately.

 

How to avoid getting scammed on Black Friday

Double-check the web address

Scammers will often create very similar domain names to those they are impersonating, so double-check that you’re on the correct website. They may have added in hyphens or duplicated a letter, which isn’t always easy to spot. Broken links, typos or slow-loading pages can be a giveaway that you’re on a scam site and not an official one.

Always make sure the website you’re using is secure. A secure URL should begin with ‘https’ rather than ‘http’. The ‘s’ in ‘https’ stands for secure, which indicates that the site is using a Secure Sockets Layer (SSL) Certificate. Secure sites will also have the padlock symbol next to the web address – this indicates whether or not your information – such as passwords and card details – is secure and will not be intercepted when sent to this site (the padlock doesn’t guarantee that it won’t be stolen once it gets there, though, so it’s important to check you’re on the correct website before entering any information).

Be cautious of clicking links in emails

Emails about the latest offers and big discounts can be enticing but think twice before you click. Scammers can make it look like their emails are from a particular brand, but on checking the actual email address you may find that it’s a ruse. Other things to look out for include spelling and grammar mistakes, a sense of urgency persuading you to act immediately, and discounts that are much bigger than usual.

Don’t buy from shops you haven’t heard of

The combination of Black Friday discounts and the rise of e-commerce means that popular items will likely go out of stock quickly. However, this doesn’t mean you should go searching elsewhere and buying from websites you haven’t heard of before. Instead, you want to stick with the big brands you know.

Buying from well-known brands, or supporting local businesses that you know of, gives peace of mind that your money is going to a legitimate company and that you will receive the items you buy instead of being scammed.

 

Top tips for consumers:

  • Shop with a credit card instead of a debit card – they add a layer of protection and many come with fraud protection, making retrieving money lost to fraud much easier.
  • Use your own Wi-Fi network rather than a public connection that is easier to hack.
  • If you’re unsure about a link sent to you by email or message, go directly to the official website.
  • Regularly review your bank and credit card statements for unusual activity.
  • Seek out reviews of the seller from other buyers as these can help you decide whether or not to trust the seller.

 

Top tips for retailers:

  • Make sure your payment methods are secure and PCI compliant
  • Actively look out for any potential scams impersonating your brand
  • Implement cyber security measures to protect your website from attackers
  • Ensure software running on computers and network devices is kept up-to-date.
  • Ensure IT infrastructure is patched and updated to a secure standard.

 

Strengthen your cyber security

If you’d like help with your cyber security strategy, the specialist team at Air IT is happy to help – please don’t hesitate to get in touch.