Black Friday scams to watch out for this year — and how to avoid them

Victims of Identity Theft
(Image credit: Antonio Guillem/Shutterstock)

The holiday shopping season has started early this year and there are already some great Black Friday deals to be had. However, while Black Friday is one of the busiest days of the year for retailers, this also holds true for cybercriminals.

According to Adobe (opens in new tab), American shoppers spent almost $9 billion last year on Black Friday alone and cybercriminals certainly want a piece of the action. This is why they’ve already begun setting up fake websites, email addresses and more to try and con shoppers out of their hard-earned cash.

Checking off everyone on your list this year while saving quite a bit of money is one of the best reasons to shop online this Black Friday. However, if you have your bank account emptied or your identity stolen in the process, you’ll actually end up losing more than you saved. 

To help you safely find the best deals on the biggest shopping day of the year, these are the most common Black Friday scams along with some tips on how to avoid falling for them and even some steps you can take if you do get conned. 

The most common Black Friday scams

The cybercriminals behind many of the Black Friday scams detailed below are trying to play on your emotions to instill a sense of urgency. When you’re excited about a great deal or worried you might miss out on it, you are much more likely to take unnecessary risks like shopping at an unfamiliar site or providing sensitive information you wouldn’t normally give away. In order to shop safely on Black Friday, these are the top six scams you’ll want to be on the lookout for.

1. Fake order scam

If you’re buying gifts for all of your friends and family this Black Friday, you may find it difficult to keep track of all of the order confirmation emails in your inbox. Cybercriminals are well aware of this and use it to their advantage to send out fake order confirmation emails. These emails will likely have links to fake websites that are used to harvest your credentials but they may also arrive in your inbox with malicious attachments that contain malware. It's worth noting that we've also personally seen fake text messages impersonating Amazon trying to achieve the same result.

To avoid accidentally opening and interacting with one of these fake order scam emails, McAFee recommends in a blog post (opens in new tab) that you should keep track of your orders on the sites where you purchased them instead of in your inbox.

2. Fake delivery scam

An Amazon delivery agent carrying an Amazon shipping box in Berlin, Germany, January 2020.

(Image credit: Cineberg/Shutterstock)

If you’re ordering lots of things online this Black Friday, you’re going to get a lot of delivery notifications. Cybercriminals use this to their advantage to send out fake delivery notifications impersonating popular shipping companies like FedEx, UPS or USPS either by text or email. Just like with fake order scams, these messages contain a link and encourage you to click on it to accept your delivery. However, these links will take you to a phishing page instead where your credentials and other sensitive information will be harvested by cybercriminals.

3. Fake website scam

Cybercriminals and other scammers will often purchase the domains of misspelled sites that are close to those of actual retailers. Some examples include ‘amozon.com’ instead of Amazon or ‘homdepot.com’ instead of Home Depot. This is called typosquatting and this scam is used to target shoppers who misspell a website’s URL in their browser’s address bar. 

Even if you’re a great speller, someone may send you a link to one of these websites in an email or text message. This is why you want to go to the sites of retailers directly or use a search engine if you don’t know the address of their website.

4. Gift card scam

A display showing gift cards for various retailers

(Image credit: Shutterstock)

Besides targeting Black Friday shoppers through email or text, cybercriminals also do so at checkout. One of the ways they do this is through gift card scams where they ask them to pay using a gift card instead of a debit or credit card. The reason for this is that gift card purchases can’t be tracked which makes it impossible to retrieve your stolen funds. It’s also worth noting that scammers can imitate popular gift cards in an attempt to steal any cryptocurrency you may own according to a blog post (opens in new tab) from Aura.

5. Fake charity scam

During the holiday shopping season, many retailers give shoppers the option of donating to charities at checkout. This has also become a popular gift for those on your list who may not need anything. Cybercriminals often take advantage of the season of giving by setting up fake charities. You can spot a fake charity by the language used in any emails or messages you receive as the scammers behind it will often urge you to “act now.” At the same time, these fake charities will ask for payment in the form of gift cards, wire transfers, money orders or even cryptocurrency because just like with gift card scams, once money is sent using these methods, it can’t be recovered.

6. Hot deal scam

When it comes to Black Friday scams, scarcity is something cybercriminals often try to exploit. Each holiday season, there is usually a super-popular gift that everyone wants to get their hands on (like Tickle Me Elmo back in 1996). To target shoppers looking for this particular item, cybercriminals set up fake websites (often using typosquatting) and they may even buy ad space online to promote them. If you fall for the hot deal scam, not only do you not receive the item you thought you purchased but your payment information is now in the hands of scammers.

How to avoid getting scammed on Black Friday

Now that you know the most popular Black Friday scams, here are some tips on how you can avoid falling victim to them. Keep in mind though that new scams are discovered every day. However, if you follow these tips and remain vigilant when shopping online, you can get some great deals on Black Friday without getting hacked.

1. Only shop at known, trusted online retailers

Black Friday, Cyber Monday and other big shopping days are a terrible time to look for and try out new online retailers. Instead, you want to stick with the big brands you know like Amazon, Best Buy, Target and Walmart. This way you can be sure that you will receive the items you buy on Black Friday instead of being scammed.

If you see a deal that seems too good to be true this Black Friday, the Better Business Bureau (opens in new tab) recommends that you “read product reviews on extremely discounted items” as they could actually be a cheaper model and not what you expected.

2. Carefully examine every site you shop at

Problems like broken links, typos or slow-loading pages can be a dead giveaway that you’re on a scam site and not an official one. Likewise, you will want to carefully examine the web addresses of all the sites you visit on Black Friday. If you see a typo in the URL or the wrong TLD (top-level domain) like .live instead of .com, you’ve found a scam site. 

To see full web addresses in Chrome, right click on your address bar and then click on “Always show full URLs” to enable this feature.

3. Use a credit card instead of your debit card

Person holding a credit card in one hand and a phone in the other

(Image credit: Shutterstock)

Even though your debit card is where the money you have to spend actually is, you’re going to want to use a credit card to shop on Black Friday instead. Unlike with a debit card, you can get your money back when using a credit card to shop online. This is because the Fair Credit Billing Act (FCBA) makes both credit card companies and retailers liable if a product arrives broken or doesn’t arrive at all. Retrieving money lost to fraud is much easier with a credit card. 

4. Enable two-factor authentication on your accounts

Even though this is a good idea in general, you’re going to want to make sure that two-factor authentication (2FA) is enabled for your accounts this Black Friday. 2FA adds an extra layer of protection to your online accounts by requiring you to enter a one-time-use code sent via text or email when you login. If your passwords get stolen, a hacker won’t be able to login into your accounts unless they also have access to your smartphone or email account.

5. Sign up for identity theft protection

Credit cards on a laptop's keyboard

(Image credit: Virrage Images / Shutterstock)

In the same way that 2FA adds an extra layer of protection to your accounts, the best identity theft protection can also help you stay safe when shopping online this Black Friday. If you do happen to fall for a scam and have your accounts or even your identity stolen by cybercriminals, these services have experts on staff that can help you recover stolen funds along with your identity. Likewise, one of the best VPN services can come in handy if you plan on shopping online while on public Wi-Fi.

What to do if you fall victim to a Black Friday scam

Even if you follow all of the recommendations above, you may still end up falling victim to a Black Friday scam since the cybercriminals behind them are persistent and quite clever. In this case, you need to take action immediately to limit the damage that one of these scams can do. 

1. Immediately notify the companies involved

If you see a strange charge on your bank statement or discover a fraudulent account when checking your credit report, you should contact the bank or organization involved immediately to let them know that you suspect fraud or theft. This will get the investigation process started and most companies have fraud departments with experts that can help you out.

2. File a police report

A police officer seated at a desk speaking on a landline telephone.

(Image credit: Photographee.eu/Shutterstock)

In addition to contacting a company, you should also file a police report so that you can get a case number to complete your claim as many businesses require you to do so. Even if they don’t, filing a report is a good idea as it can help clear your name if you do have your identity stolen. Also, you will want to save any statements or documents you receive as they can prove invaluable when dealing with fraud or identity theft.

3. Contact the FTC

If you believe you may have fallen victim to identity theft, you should contact the Federal Trade Commission (FTC) at this website (opens in new tab) to report fraud. Once you file a report, the FTC will provide you with a step-by-step recovery plan to get your identity back. By setting up an account with the FTC, they can even walk you through this process. At the same time, reporting theft to the FTC can be useful if debtors try to collect fake charges in your name.

4. Lock or freeze your credit

A credit freeze or credit lock can help stop cybercriminals that have stolen your identity from opening new accounts or taking out loans in your name. If you previously signed up for an identity theft protection service, this will be easy to do but if not, you will need to contact each of the major credit bureaus on your own to do so.

To make things easier, here's how to freeze your credit with Equifax, how to freeze your credit with Experian and how to freeze your credit with TransUnion.

5. Monitor your online accounts for signs of fraud

Credit score on phone and laptop

(Image credit: Shutterstock)

After falling victim to any scam, you’re going to want to keep a close eye on all of your online accounts, bank statements and credit reports for the next few months. Identity theft protection services include the tools to do this automatically but you can also do so on your own.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.