The holiday shopping season, especially Black Friday and Cyber Monday, is a prime time for cybercriminals. McAfee Labs consistently observes a significant spike in malicious activity during this period, fueled by the combination of high web traffic, deals that create a sense of urgency, and a massive increase in card-not-present online transactions that create a perfect storm. Attackers exploit the chaos, knowing shoppers are often distracted and rushing to find the best Black Friday deals, making them more susceptible to phishing scams, fake websites, and malware designed to steal financial information.
As we gear up to feast with family and friends this Thanksgiving, and prepare our wallets for Black Friday and Cyber Monday, let’s look at how these two popular shopping events can impact your online security, and how to protect yourself from scammers.
Stolen credentials and identity theft
The consequences of falling for a holiday scam can be devastating. Beyond the initial financial loss from a fraudulent purchase, victims often face the long-term nightmare of identity theft. According to the Federal Trade Commission (FTC), consumers reported losing $12.5 billion to fraud in 2024, with online shopping scams as the second most commonly reported incident. Recovering from identity theft is not just costly. It’s also incredibly time-consuming. On average, it can take victims months to clear their names and correct their credit reports, adding significant emotional stress during what should be a joyful season.
The Black Friday shopping phenomenon
Historians trace the use of Black Friday to the 1960s, when Philadelphia police officers named the day after Thanksgiving as Black Friday because they had to work overtime to manage the mob of holiday shoppers and attendees to the traditional Army-Navy football game on Saturday. Later on, Shop.org coined the term Cyber Monday as a way for online retailers to participate in the Black Friday shopping frenzy.
Since the beginning of these two massive shopping holidays, both have seen incredible growth as more shoppers are turning to the Internet to participate in holiday bargain hunting. In the US, consumers reportedly spent $10.8 billion online on Black Friday 2024, a 10.2% increase from 2023, while Cyber Monday brought in a record $13.3 billion.
The uptick in online shopping activity provides cybercriminals the perfect opportunity to disrupt shoppers’ holiday activities and compromise their online security. During this festive season, it is best to take proactive measures to safeguard your digital presence.
Black Friday risks versus Cyber Monday risks
Historically, Black Friday was initially focused on in-store shopping, while Cyber Monday centered on online deals. As such, each shopping event presented its own cyber risks:
Black Friday risks
- Mobile-first scams: Shoppers often hunt for deals on their phones on the go before heading to the physical stores, making them more susceptible to smishing and malicious links sent via text.
- Public Wi-Fi dangers: While in-store, shoppers usually connect to unsecured public Wi-Fi at malls or cafes, exposing their data to hackers on the same network.
- Fake QR Codes: Shoppers could click on malicious QR codes on posters or flyers that promise exclusive deals, but lead to phishing sites.
Cyber Monday risks
- Sophisticated phishing emails: Attackers often use data from weekend shopping activities to launch targeted email campaigns with fake shipping notifications or order confirmations for incredible deals.
- Desktop-based Malware: With more people shopping from work or home computers, there’s a higher risk of encountering malicious ads or downloading fake browser extensions that steal data.
- Lookalike websites: Scammers create highly convincing replicas of popular retail websites to trick users into entering login and payment details.
As retailers embrace both in-store and online platforms, cyber fraudsters are blurring the lines to take their scams to both domains.
How to protect yourself from these scams
With the surge in online shopping during both shopping holidays, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. It’s essential to approach every email or text message suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday.
- Never give your information. Be suspicious of unsolicited messages, even if it appears to be from a trusted source. Hover over links in emails or texts to see the actual destination URL before clicking. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there.
- Eye the website with skepticism: If you happen to click the link and are led to a website, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that have misspelled domain names, as they could be fraudulent. Learn more about the traits of a fake website.
- Use credit instead of debit cards. Credit cards generally offer better fraud protection and make it easier to dispute unauthorized charges.
- Enable multi-factor authentication (MFA). Add this extra layer of security to your email and retail accounts whenever possible.
- Beware of too good to be true offers. Extreme discounts are a common lure for scams. If a deal seems unbelievable, it probably is.
- Verify the seller. Shop with well-known, reputable retailers. For unfamiliar sellers, look for reviews and a physical address.
- Avoid public Wi-Fi for purchases. Your personal data is vulnerable on unsecured networks. Use your mobile data or a secure VPN instead.
- Keep your software updated. Install updates for your operating system, browser, and security software to address known vulnerabilities.
- Install a reputable security software. This can provide you with real-time protection and alert you to a malicious website or link.
Use virtual cards and trusted payment gateways
One of the most effective ways to protect your financial data is to avoid entering your actual debit or credit card number directly on websites. Instead, use payment methods that act as a buffer. Virtual credit cards, offered by many banks and privacy services, generate a unique, temporary card number for a single transaction or vendor, making your real account information useless to thieves if a site is breached.
Similarly, digital wallets such as PayPal, Apple Pay, and Google Pay use tokenization to mask your card details. When using browser extensions for coupons, be cautious. Only install trusted extensions and check their permissions.
Monitor price drops without sacrificing security
Everyone wants to find the best price, but be wary of how you track those Black Friday deals. While some deal-tracking apps and browser extensions are helpful, others are privacy nightmares, requesting broad permissions to read all your browsing data.
Before installing any price tracker, carefully review the permissions it requests. Better yet, use well-known, reputable services or set up price alerts directly on major retail websites. Before you download any new app to your phone or computer, use a security solution with a safe-app check feature to ensure it doesn’t contain malware or spyware.
Invest in McAfee security software
Keeping your digital data and identity safe during the holiday shopping fever might be the best gift you could give yourself and your family. Consider these top features:
- McAfee® Total Protection: This powerful solution provides essential antivirus and web protection to block malicious websites and phishing links in their tracks while you hunt for online deals.
- McAfee® Scam Detector: This feature uses patented AI technology to detect and protect you from risky links in texts, emails, and social media, stopping scams before you can even click.
- McAfee® Mobile Security: This comprehensive protection on the go helps shield you from risky Wi-Fi networks and malicious apps.
- Identity Monitoring: Get alerts if your personal information, like email addresses or credit card numbers, is found on the dark web, allowing you to take action quickly to prevent identity theft.
FAQs: Stay protected while holiday shopping
Is it safe to shop Cyber Monday deals on mobile?
Shopping for Cyber Monday deals on your phone can be convenient, but it requires extra caution. The biggest pitfall is using unsecured public Wi-Fi networks in places like coffee shops or malls, allowing criminals to intercept your data.
Another major threat is fraudulent shopping apps designed to steal your information. For another layer of protection, use mobile wallets like Apple Pay or Google Pay as they use tokenization to process payments without exposing your actual card number.
Are deals advertised on social media legitimate?
They can be, but social media is also rife with scams. Instead of clicking links in ads, go directly to the retailer’s official website to find the deal. Scammers often create fake storefronts on social platforms to steal your money and data.
Do retailers release Cyber Monday deals early?
Yes, many retailers start their Cyber Monday deals during the Black Friday weekend or earlier. However, be cautious of unsolicited emails announcing “early access.” Always verify these offers on the retailer’s actual website, as this is a common phishing tactic.
Is it safe to pay with a QR code?
Only use QR codes from trusted sources. Criminals can place malicious QR code stickers over legitimate ones, redirecting you to a phishing site. When in a store, confirm the QR code is legitimate with an employee. When shopping online, only scan codes on a retailer’s official site or app.
What should I do if I get a suspicious shipping notification?
Do not click any links in the email or text message. Scammers send fake shipping alerts to get you to click on malicious links or provide personal information. Instead, go to the retailer’s website and use your official order number to track your package directly.
Final thoughts
Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys.
One effective way to do so is by investing in top-tier online protection solutions. McAfee offers award-winning cybersecurity solutions developed to shield you from the ever-evolving threats. Explore the features of our McAfee+ Ultimate and Total Protection plans and stay informed about the latest cyber threats with McAfee Labs.
Always strive to shop wisely and stay safe, and remember that if an offer seems too good to be true, it probably is.