Your IP:Unknown

·

Your Status: Unknown

Skip to main content


10 common Black Friday scams: How to identify and avoid them

While Black Friday is a great day to kick off the holiday shopping season, it’s also a perfect opportunity for scammers to use your enthusiasm to try to steal your money. Or even worse, perform identity theft. Before the annual shopping craze begins, let’s get into the 10 most common Black Friday scams — what they are, how they work, and how you can notice and avoid them.

Oct 24, 2024

13 min read

Black Friday scam

The most common Black Friday scams

The most common Black Friday scams take advantage of the hype and hysteria that come with massive Black Friday discounts. Since the basis of Black Friday revolves around the idea of deals that, on a typical day, would sound too good to be true, scammers have no trouble blending in and using this excitement to dupe online shoppers. With potential fraud lurking left and right, here are the 10 most common online Black Friday scams you should watch out for while shopping online.

1. Fake coupons and vouchers

Fake coupons and fraudulent vouchers are popular scammer tactics that can increase in number noticeably during the Black Friday sales week. The modus operandi of fake coupon scams is simple — scammers share links to websites (via email or social media) that offer, allegedly, legal coupons or vouchers, hoping that users will click on them. In reality, however, these URLs can lead to pages that prompt users to provide sensitive information (for example, their credit card number, email address, and password). If the visitor provides that information, the website automatically collects and forwards it to the scammer, exposing these sensitive credentials. Malicious actors can then use this information to sign into victim’s online accounts (including bank account), commit identity theft, or sell the information on the dark web.

2. Spoofed shopping sites

Threat actors may create replicas of legitimate websites to trick unsuspecting individuals into sharing their login credentials. Cybersecurity experts call this tactic website spoofing, a cyber threat that relies on the user not paying attention to essential details. Spoofed websites include interfaces that closely resemble those of legitimate websites and have altered login fields that capture and send typed credentials (such as usernames and passwords) to scammers.

Since online shoppers frantically browse their favorite internet shops for deals during the Black Friday period, it’s no surprise that the number of spoofed shopping websites can skyrocket. Eager to find the best deals before the items sell out, shoppers may miss signs of a spoofed website, such as slightly different URLs or “updated” website visual designs. And once a Black Friday enthusiast falls for the scam, it may already be too late. With access to the shopping account, the scammers can poach credit card information, restrict user access, and even try to steal the victim’s identity.

3. Account verification scams

"We’ve noticed a suspicious login attempt. Sign in to your account to verify that it was you." If you get a message like this through email or SMS notification, keep your guard up. Fraudsters use the chaos that surrounds Black Friday to launch account verification scams, creating a sense of urgency so that targets take quick action and unknowingly provide sensitive details to these bad actors. Account verification scam emails often contain information about suspected unauthorized logins, come from senders that closely resemble legitimate service providers (such as banks or online retailers), and provide an often suspicious-looking URL that is meant to be a shortcut to the "compromised account" login page. From there, the process follows the spoofed website scams model — victims type in their credentials, scammers capture them, and the trouble begins.

4. Fake delivery notifications

Fake delivery notification scams are similar to account verification scams. While shopping online, users may receive a message via app, email, or SMS about an incoming delivery. The message comes from a sender that may look legit but contains a dubious delivery confirmation with a URL to “track your shipment.” In reality, the URL is actually a phishing link or spoofed website domain.

Fake delivery notifications are particularly dangerous when you are expecting a delivery. That’s why Black Friday is a perfect time for malicious actors to strike. Slipping you a fake delivery notification when you’re waiting for three or four different shipments greatly increases your chances of accidentally clicking on a malicious URL and putting your sensitive data in jeopardy.

5. Fake order confirmation

If the scammer doesn’t get you with a fake delivery, they might try pulling a fake order confirmation scam. This type of fraud is identical to a fake delivery notification scam, the only exception being the content of the message itself. The scammer sends a shopper a confirmation for an order that they never placed. Naturally, the first instinct for the recipient of this message is to get to the bottom of the misunderstanding, which may lead them to click on the URL typically attached to the message. Lo and behold, the link leads to a malicious website that’s either a spoofed page, a phishing scam, or home to some nasty malware.

6. Non-delivery scam

A non-delivery scam is among the most popular Facebook Marketplace scams (although Facebook isn’t the only platform where this fraud occurs, see eBay scams). Non-delivery scams work using a straightforward principle:

  1. 1.Scammers post an ad for a certain item, offering it for a price that’s often too good to be true.
  2. 2.An interested party decides to buy an item without properly investigating the seller or checking for proof of its existence.
  3. 3.The buyer wires the money to the “seller,” and the scammer quickly disappears without a trace, leaving the victim stripped of the item, their money, and, possibly, their dignity.

Black Friday is the perfect hunting season for non-delivery scammers. During this time, most legitimate deals people see online look way too good to be real. That helps threat actors seamlessly blend in and run amok.

7. Billing error scams

Like fake delivery or fake order fraud, billing error scams are a way for threat actors to terrorize you through text or email notifications. Billing error scammers pose as legitimate businesses that send warnings about failed purchases. In these messages, you may find unknown phone numbers, urgent requests to log in to your online purchase account, and links that lead to fake websites.

8. Gift card scams

Everyone likes gift cards and giveaways. Scammers do too, but for a different reason than shoppers. Gift card scams are a popular way to trick people into providing sensitive information. And it doesn’t take much effort for fraudsters to carry out their intent (victims of Amazon scams could attest to that). A fake post on social media or email, a message that mimics a famous brand’s tone of voice, and a suspicious URL to lure excited online shoppers to a fake website could be all it takes to steal login credentials or even credit card info.

9. Fake charity organizations

Similarly to other "fake you-name-it" scams, fake charity organizations are another creative way scammers use to relieve you of your hard-earned money. Threat actors can exploit recent catastrophes and disasters to manipulate individuals into donating money to a non-existent charity foundation. Sometimes, the fraudster may create a fake website to add legitimacy to their claims or to lure unsuspecting people into falling for URL phishing.

10. Facebook listing scams

Facebook listing scams (or simply Facebook scams) is a broad category of different types of fraud that lurk in the Facebook Marketplace. Non-delivery scams and fake product or rental listings are just a few examples of Facebook listing fraud. Needless to say, Black Friday attracts the perpetrators of these scams like a magnet. Therefore, when navigating Facebook Marketplace (be it on Black Friday or any other day), it’s important to be wary of ridiculously good offers, shady sellers, and items with vague descriptions.

How to protect yourself and avoid Black Friday scams

Protecting yourself from Black Friday scams requires vigilance. The retail craze that comes after Thanksgiving can make it difficult to keep a level head, but remember, getting distracted only makes you that much more vulnerable.

Here are some tips on how to maintain your cool, protect yourself from Black Friday scams, and avoid losing your money or exposing sensitive data:

  • Do not click on suspicious links. This should go without saying — never click suspicious URLs, especially those you get in an email or via text messages. If you’re suspicious about a URL, use a link checker to check if a website is a scam.
  • Use two-factor authentication (2FA). 2FA is a simple yet robust security measure that immediately notifies you about any authorized or unauthorized login attempts. Enable it on every account that holds your personal details and only approve requests when you’re 100% sure that it’s you who’s trying to log in.
  • Always double-check the sender’s information. If you receive an urgent message from your bank, service provider, or government agency, carefully check the sender’s email handle and compare it to the official one. Scammers often try to replicate reputable companies' brand books and tone of voice to trick recipients, but they can’t make an exact copy of the email address. So if the email address handles don’t match, someone’s trying to scam you.
  • Use strong passwords and a password manager. Ideally, you should use different passwords for different services. However, people tend to simplify things by using one password for all accounts. If one password is exposed to scammers, that means all accounts that use that password are now in jeopardy. What’s the solution? Use a password manager (such as NordPass) to store your passwords in one secure place, and make sure to create strong passwords that hackers (or scammers) won’t be able to crack easily.
  • Contact service providers directly. If you’re uncertain about the legitimacy of the suspicious email from your service provider, it’s always a good idea to double-check with it directly. Contact the entity that allegedly sent you the letter using the official channels posted on the company’s website. Never directly reply to suspicious emails.
  • Make sure Facebook sellers actually have the item on hand. If you’re looking to buy an item from Facebook Marketplace, make sure the seller is legit. Ask for pictures of the item, and read reviews of the seller. If the person seems dodgy or refuses to provide additional information about the item you’d like to purchase, consider looking for another seller.
  • Research charity organizations before sending donations. Scammers may often create fake websites to trick people into donating. Donating to well-known and properly established charitable organizations (such as the Red Cross or Food for the Hungry) that support a cause close to your heart is a good way to avoid this trap. Take time to research these charities and use their official channels to donate money instead of funding unknown charities spontaneously. If you’re donating to a specific person, ensure they have a legitimate means of collecting funds (such as a GoFundMe page).
  • Use a credit card instead of a debit card. Credit cards come with chargeback rights, which may increase your chances of retrieving funds lost to fraud. Depending on where you live, the government can offer more protection for consumers with a credit card (such as the Fair Credit Billing Act in the US or the Payment Service Directive 2 in the EU), reducing consumer liability in the case of fraud as long as the victim reports the fraud immediately.
  • Check online reviews. The great (and not-so-great) thing about the internet is that people are quick to voice their opinions about anything, including products and services. For safe online shopping, consider looking into product or seller reviews before buying. It can help you protect yourself from scams.
  • Use NordVPN’s Threat Protection Pro™ feature. NordVPN’s Threat Protection Pro™ is an effective countermeasure when dealing with scams. The feature includes tools such as malicious website blockers and malware scanners capable of blocking phishing links and URLs that contain malware. The feature can also safeguard your downloads, instantly blocking the files containing malicious software. This means that even if you accidentally click a suspicious URL, Threat Protection Pro™ will keep you safe. Plus, NordVPN Black Friday deals are too good to not fortify yourself with a little extra cybersecurity.

Online security starts with a click.

Stay safe with the world’s leading VPN

What to do if you have fallen for a Black Friday scam

You must act fast if you’ve become a victim of fraudulent Black Friday deals or any other financial scam. Here’s a crash course on how to minimize or avoid painful consequences.

  • Change your passwords immediately. If you’ve clicked on a suspicious URL and typed in your login information, you’re now racing the clock against the scammers. To prevent account takeover, change the compromised password immediately.
  • Report the situation to your bank. A successful Black Friday scam can leave you with stolen financial information (such as bank account logins or credit card numbers). Contact your bank and credit card issuer immediately to warn them of unexpected changes to your account. You can also ask your bank to temporarily freeze your account, preventing scammers from siphoning your money into their accounts.
  • Report the scam to the company that the scammers impersonated. If you suffered a gift card scam or noticed a scammer trying to impersonate a well-known entity, don’t sit still. Inform the company about the impersonators to let it know about the situation and potentially safeguard other people from getting duped.
  • Report the fraud to authorities. Reporting the scam to the bank also means you should contact authorities such as the Federal Trade Commission (for US citizens) or the European Cybercrime Center (for EU citizens). Doing so may help the authorities protect the public from future attacks and slightly increase your chances of retrieving stolen money.

FAQ

Also available in: Português Brasileiro, Deutsch, Polski.


author Lukas T png

Lukas Tamašiūnas

Lukas Tamašiūnas is a content creator with an interest in the latest developments in the cybersecurity industry. He follows his curiosity to discover and share practical knowledge about online safety.