While you are searching for the best Black Friday deals, beware of the impending Black Friday scams that come along with them. With so many purchases and transactions taking place on this day, cyber criminals seek to take advantage of all the personal information being shared online. This is why it is critical to take extra care while making purchases or surfing deals come November 24th.

If you are a security professional, share this article with your team to help them protect their personal information, and if you are just an everyday bargain shopper, here’s everything we can tell you about the most popular Black Friday and Cyber Monday scams:

Spoofed order confirmation emails 

What happens

One of the most popular Black Friday and Cyber Monday scams is the fake Amazon order emails. Targets will receive emails that look the exact same as a typical Amazon order confirmation, except the order is one they never made. This causes them to investigate, clicking on the link in the email which brings them to a fake website with a fake customer service number. When the victim calls the customer service desk the scammers don’t answer but call back later ready to take their credit card information.

Black Friday shopping

Photo by rupixen.com on Unsplash

"It’s been a “super-fantastic” experience to see people learning and talking about security threats."

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

The most difficult part of this scam is that the email, website, and phone call will look the exact same as when Amazon does it, making it hard for anyone without prior knowledge of this scam to realize that they are being taken advantage of. 

What to do

Always do your own research rather than following a link. First, check if the email address the message is coming from matches previous real emails you’ve received from the company. If not, the message is likely not real. 

If you’d like to investigate more, open a new window and go to your Amazon account yourself to verify if the order is real. If you are still concerned, do your own search for the Amazon help desk number and call the number you find rather than the one given in an email. 

Spoofed “your transaction didn’t go through” emails

What happens

Cyber criminals track your shopping and are able to send emails that notify you that your transaction did not go through. The attacker preys on the urgency of sales by claiming that you’ll lose out on the deal or not receive your items if you don’t confirm your credit card information now

What to do

Again, cyber criminals have gotten so good that it is extremely difficult to tell their emails from an actual transaction failure email. An email prompting you that a payment has failed is uncommon, as companies will typically not let you off the site unless payment is confirmed, so if you receive this email, immediately be suspicious. 

The name of the game of Black Friday and Cyber Monday should be to verify, verify, verify. If you receive an email claiming one of your purchases didn’t go through, verify if this is true. Go to the website yourself (not the one linked in the email) and see if your order is there. Check your bank statement to see if the money was taken out. And when in doubt, do your own research to find the Help Desk of the company and ask them for help. 

SMS phishing fake sale scams

What happens

Amongst the influx of real Black Friday SMS notifications, attackers will send fake SMS messages claiming to have an urgent, incredible sale at a well-known store. The SMS contents often include an offer link, which, once clicked, requests your payment details, all in an attempt to steal your personal data. The scammers typically prey on urgency, claiming that you will only receive the deal by clicking this link within a certain amount of time. 

What to do

Before clicking on any SMS (or email) link you receive, preview the URL. Is the domain the same as the real website of who the sender is claiming to be? Be careful of URLs that are only one letter or punctuation off. 

Even if the URL looks real, take the time to shop the sale in another way. Go to the store’s website through your own search and see if you can find the sale there. 

Fake charities 

What happens

Scammers seek to take advantage of the generous holiday spirit by luring people into donating to them during Black Friday. The scammers will reach victims through email, text, and most commonly, phone calls. Over the call, they’ll play into people’s emotions by using storytelling and social engineering claiming to be a fake charity looking for donations. They’ll then ask for the victim’s card information in order to obtain access to their banking. 

What to do

If you’d like to donate to a charity this holiday season, choose a trusted charity that is verified to be legitimate. Start the process yourself by finding out how to donate by going to their website or in-person locations. Donating physical items or volunteering your time are both great charitable options that help avoid giving out your financial information over the phone. 

If you find yourself in the situation of being on a phone call with a charity and you feel the urge to help or donate, ask them the name of the charity, tell them you’ll donate on your own time, and hang up. Then, do your own research to see if the charity is legitimate and discover how you can donate in a safer way. 

Socially Engineered Secret Santa Groups

What happens

During Black Friday and the holidays, scammers use social engineering tactics to create fake Secret Santa groups on social media. They prompt people to join these groups by claiming that it’s a fun Christmas tradition and you can receive hundreds of dollars in gifts by only giving a small gift yourself. Victims send their $10 gift card and then likely receive nothing in return. 

What to do

Keep gift-giving in-person and to people you know. While this may seem like a fun way to connect with new people, you are likely to end up with no gifts and out the $10.00 you spent. If you want to get into the Secret Santa spirit, create a group with people you know and trust and consider giving the gifts in person. 

It’s essential to take extra caution during Black Friday and Cyber Monday sales. These sale holidays are filled with urgency and quick decisions, but do your best to encourage yourself and others to take the time to pause and question the messages you are receiving. When in doubt, verify the source, do your own research, and check for known domains or addresses. Happy shopping and stay safe!


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.