Skip to main content

How to shop safely on Black Friday

Black Friday shopping

If you're heading to the shopping mall or to retail websites to look for the best Black Friday deals, better beware — your money and your privacy will be under attack by both criminals and advertisers. (Same goes for Cyber Monday deals.)

The crowds in the malls will probably be a bit smaller in 2020 than they have been in previous years, but crooks will still be out in force both in the brick-and-mortar world and online. 

Fortunately, there are a few simple ways you can protect yourself and make sure your holiday season isn't ruined by incessant ads, identity theft or an emptied bank account.

1) Turn off your smartphone's Bluetooth, Wi-Fi and GPS when you leave the house.

It's bad enough that most modern shopping malls track which stores you go into by tracking your phone's unique wireless IDs. But criminals can also set up rogue Wi-Fi hotspots in shopping malls to gain access to the phones of passersby. Avoid both phenomena by switching off everything but the cellular signal.

2) Don't let your credit card leave your hand.

Underpaid cashiers can make an extra buck by "double-swiping" a customer's card to steal the card number. The proliferation of customer-use point-of-sale terminals and of "chip" cards has reduced the frequency of this threat, but it still happens. If you must hand your card to a cashier, don't let it out of your sight.

3) Check your credit-card statements every few days during the holiday shopping season.

Both point-of-sale terminals in brick-and-mortar stores and checkout pages on online shopping sites can be infected with card-number-stealing malware. So can the databases of the companies that process all those charges. 

Criminals will want to use stolen numbers quickly, so any fraudulent charges will show up on your account within a few days, or even hours, of the theft.

Call the customer-service number on the back of your card to check your balance and recent transactions, or do so online (but make sure your computer's software is up to date first). If anything looks amiss, tell your card's issuer immediately.

4) Use debit cards only at familiar retail stores, and never use them online.

Debit cards help you avoid interest costs and spending limits, but credit cards offer much better protection against fraud, theft and scams. If someone steals your credit-card number, you'll be on the hook for at most $50; if they steal your debit-card number, they could clean out your checking account before you even find out.

For these reasons, don't ever use a debit card online. And if a site asks you to pay with a gift card or a direct bank transfer, that's a huge red flag — run away fast.

5) Make sure the ATM you use isn't compromised.

Card "skimmers" glued onto ATMs are getting smaller and more sophisticated. See if the card-slot housing on the ATM wiggles when you tug it, or whether it looks different from the slots on other ATMs in the same bank vestibule. 

Don't ever use stand-alone ATMs placed outside shops in public places — stick to bank-branch ATMs in dedicated vestibules.

6) Stay off the shopping-mall Wi-Fi network.

Public Wi-Fi networks are easy pickings for credit-card thieves and identity thieves, even if the networks ask you for a password. To stay safe, stick to your phone's cellular data plan or use a VPN service. Don't ever shop or bank online using a public Wi-Fi network.

7) Be very careful when responding to deal offers.

Criminals will try to lure to you malicious websites with email messages, online ads, social-media postings or even text messages promising fantastic deals.

If you're on a computer, hover your cursor over the links in the ads, emails, Facebook postings and tweets to see where the links really lead. If you're on a smartphone, don't click at all, especially not on a link in an unsolicited text message.

Don't click on anything that looks strange. For example, "" is legit, but "" probably isn't. And beware shortened URLs that are only a few characters long — they could lead anywhere.

Your best bet is to simply avoid embedded links. If you get a message about a great new deal, skip the link and instead go to the retailer's website and search for it there.

Don't forget — if a deal seems too good to be true, it's probably fake.

8) Stay home and shop online instead.

You don't really want to deal with stampeding crowds, do you? Unless you're willing to show up at 4 a.m. for a crack at a heavily discounted TV, you'll find most of the same deals online. 

Of course, you'll have to read our guide to online shopping precautions first. But here are some highlights.

9) Update your computer and smartphone software. 

Cybercriminals most frequently prey on machines with out-of-date software that has well-known vulnerabilities. Keep your operating systems and web browsers up-to-date and you'll be way ahead of the crowd. 

10) Stick to familiar brands when shopping online. 

We hate to bash the little guy, but shoppers are at much greater risk buying items from a store they've never heard of than from a familiar brand. So play it safe and keep to the familiar side of the street.

11) Don't use a search engine to find deals.

Crooks will create fake shopping pages and then rig things so those pages show up near the top of search results. Don't click on those. Instead, go to your favorite online retailers and use their internal search engines to find deals.

12) If possible, don't create an account, and don't let the site save your credit-card number.

When you type a credit-card number into an online shopping site, don't let the site save the card number. Yes, you'll have to type in the card number again next time you visit the site (although one of the best password managers can fill it in for you), but you'll have one less thing to worry about when that site gets hit by a data breach.

Likewise, most retail websites (though not Amazon) will let you buy things without creating an account. If you're only shopping on that site once or twice a year, there's no real reason to create an account. Shop as a "guest" instead.

Paul Wagenseil
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. That's all he's going to tell you unless you meet him in person.