Black Friday 2020: How to avoid getting scammed

Shopping online (Photo by In Pictures Ltd./Corbis via Getty Images)

Black Friday and Cyber Monday are not only peak season for online shopping but for cybercriminals too.

Criminals are out to steal your personal information and credit card details, and usually they’re pretty successful. Over 2 billion account details were stolen and circulating on the cybercriminal underground after last year's holiday shopping season, according to computer security giant McAfee.

That annual mega-heist of sensitive information is serious enough that the Cybersecurity and Infrastructure Security Agency (CISA) issued a fresh warning on Tuesday urging consumers to be “vigilant” about cyber scams.

“Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions,” CISA said.


If you use a payment method like Apple Pay or PayPal, the payment data is typically “tokenized” – rendering the data unusable to cybercriminals. Shopping on major retailers like Amazon is typically safe because your credit card data is already stored on the site.

Shoppers get into trouble when they manually enter credit card information on a web form. That’s where a credit card skimmer – such as the notorious “Magecart” – could be lurking.

This happened recently to online stores that use Magento software. The hackers broke into the sites and inserted malicious scripts within the stores’ own code, which “logged payment card details that shoppers entered inside checkout forms,” according to ZDNet.

“Limit the number of times you have to manually enter your credit card data. Rely on platforms where that information is already stored in your account or use one-time payment options,” Malwarebytes Lab wrote in a blog post.


All those deals on sites like Amazon and Walmart during the holiday season mean a flood of marketing, advertising and notification emails from retailers touting deals or offering shipping updates.

That “makes it easier for cybercriminals to hide their malicious messages and prey on individuals who are not security savvy,” cybersecurity firm Tessian explained.

Last year, 74% of those who responded to a McAfee survey lost more than $100, and 30% lost more than $500 to shopping scams.

Typically, this starts with a scammer's phishing expedition. Shoppers will get an email that looks like it’s from a major retailer urging them to visit their site for a great deal.

MORE NEWS: FOX 35's Black Friday Guide: Online deals and in-store steals

Red flags for these fake retail sites include bad spelling and grammar, no contact information, no physical address or phone number, according to MyChargeBack, a company that resolves transaction disputes.

If a deal “looks too good to be true, it probably is,” Michael B. Cohen, MyChargeBack's vice president global operations, said in a statement, adding that you should always search online for user reviews of a company.

Criminals may also set up original websites, according to Comparitech.

“Phishing sites often imitate well-known sites such as the login page for PayPal, but during the holiday shopping season cybercriminals set up original scam websites with tempting deals and rewards,” said Comparitech.

Over 5,000 new sites registered between Nov. 1 and Nov. 20 using the keyword “Black Friday” are probably scam and phishing sites, Comparitech added.

Get updates on this story from