10 Worst Black Friday Scams and How to Avoid Them

'Tis the season to be wary. Learn about the nine most common holiday shopping scams and the best ways to keep your data safe.
Robin Moore, Author
Catherine McNally, Editor
Last updated Nov 11, 2022

If you plan to shop online this year, you’re not alone. In 2020, there was a surge of shoppers who shopped online due to the pandemic, with 2020’s Cyber Monday breaking $10 billion, which was a jump from the previous year’s $8 billion in sales.

But online shopping also comes with the risk of online shopping scams. Three out of four adults in the U.S. reported having been affected by online fraud. Thankfully, awareness of common scams and learning how to protect yourself is the best defense against online schemes. Here’s what you should know about Black Friday scams.

In this article
10 fake Black Friday and Cyber Monday deals to watch out for
1. Fake coupons and vouchers
2. Spoofed shopping sites
3. Account verification scams
4. Fake delivery notifications
5. Fake order confirmation
6. Non-delivery scam
7. Billing error scams
8. Gift card scams
9. Fake charity organizations
10. Facebook listing scams
How to boost your Black Friday cybersecurity
What to do if you have been scammed on Black Friday or Cyber Monday
Black Friday scam FAQs
Bottom line

10 fake Black Friday and Cyber Monday deals to watch out for

While malware has existed on the web since 1988, scammers are getting creative beyond spoofing shopping websites and tainting links. Social media scams have taken off, with one in four individuals reporting that they were scammed through social media communication or advertising in 2021.

It’s important to know how to stay safe on social media, but Facebook and TikTok aren’t the only places scammers look for a quick buck, especially when it’s time for Black Friday shopping. Let’s review the most common ecommerce scams and red flags so you can easily spot and avoid them.

1. Fake coupons and vouchers

Everyone loves a coupon, especially during the holiday shopping season. You may try to save money by entering your contact information into an official-looking website to receive an online coupon code.

But after your contact information is entered, you could be taken to an untrustworthy site and be shown an advertisement for an unrelated product. Not only is there a possibility that the coupon code doesn’t work, but your contact information could be sold to third parties.

To avoid these risks, it’s best to take advantage of coupons only from trusted websites, preferably directly from the retailer. Be sure to read the terms and conditions of each coupon before you use it, and always remember to use caution when giving out your personal information online.

2. Spoofed shopping sites

Domain spoofing is when a scammer uses fake websites that mimic the real websites of businesses. Outside of the domain name, the website can look identical to the trusted site. The spoofed website might collect personal information, including payment details, when you try to make a purchase or it could download malware to your device.

How can you identify a spoofed site that may be infected with malware? By checking the website URL in the address bar for “https://” and the website itself for suspicious content, such as grammatical errors and typos.

If you suspect the website to be a fraud, don’t enter any personal information or click on any links. You should also report the website to the Internet Crime Complaint Center (IC3).

3. Account verification scams

Account verification scams occur when fraudsters ask for your personal information to secure your account. You may receive a text message or email that looks like it’s an official communication from a company, and it may sound urgent — a common theme with these scams is a warning that someone has compromised your account.

This is known as phishing, where cybercriminals try to trick you into sharing your passwords, credit card numbers, or other personal information.

A survey conducted by AARP found that only 31% of U.S. adults know that online retailers won’t ask for login info to provide customer support. Never give out your personal information, such as your social security number, credit card number, or bank account information, unless you’re certain you’re dealing with a legitimate company.

4. Fake delivery notifications

Smishing is a type of phishing that happens when scammers send text messages from what looks like a legitimate company to lure you into revealing your personally identifiable information such as credit card information, passwords, or Social Security number.

Delivery cons use smishing to alert you about a fake package delivery, which may include a link that asks you to update your personal information. If you click the link, you’re taken to a website that not only asks for personal details but could also install malware on your device.

Fake delivery notifications could also include phone calls from a fraudulent call center with a scammer asking to verify your personal information. This type of fraud is frequent enough that the U.S. Postal Service posted an alert regarding this scam, and UPS shared examples of this type of fraud to inform its customers.

5. Fake order confirmation

Everyone is concerned about receiving their packages in a reasonable amount of time before the holiday season. Scammers exploit that concern by creating fake order confirmation scams.

You might receive a message via a phone call, email, or text that looks like an official order confirmation. The message might list the total amount to be charged to your bank account for a product or service with cancellation instructions included. The problem is, you don’t remember placing the order. But when you call to cancel the fake order, “agents” are waiting by the phone to steal your banking details.

Another tactic involves asking you to download an attachment from a phishing email and return it with your information filled out in order to have the order canceled — beware, the file likely contains malware.

If you receive a surprise order confirmation but don’t remember ordering the item or shopping at the store, don’t click any links. If it looks like a reputable seller, contact the retailer directly to confirm your purchase and delivery date.

6. Non-delivery scam

Another form of order confirmation fraud called a non-delivery scam, involves not receiving an order confirmation at all.

After making an online purchase, you naturally anticipate receiving an order confirmation with a tracking number. But with this type of fraud, you receive nothing in terms of an order confirmation or package tracking number. If you try to inquire about the purchase, the seller or website has usually disappeared.

It’s recommended to double-check a store’s physical address, phone number, and secure HTTPS web address before making a purchase. And remember: if a deal seems too good to be true, it probably is.

7. Billing error scams

As with fake delivery notifications and fake order confirmation scams, a billing error scam falsifies a sense of urgency.

You may receive an invoice or phone call about products you didn’t order. Counterfeit invoices can be sent as email attachments that might infect your computer, or a scammer may call you to confirm your payment details to settle the bill. Both methods are used to illegally obtain your information.

Again, if you don’t remember placing the order or shopping with that particular business, don’t click on any links, give out any info, or download any attachments. Instead, contact the seller directly to discuss the order.

8. Gift card scams

In this type of scam, an online company may ask for an unusual method of payment such as a prepaid card, gift card, or a wire transfer, and chances are you’ll never receive your purchase.

With the addition of cryptocurrency as a payment medium, new gift card scams include gift card generators designed to install malware that detects the buyer’s cryptocurrency wallet address on the blockchain.

To spot this type of scam, make sure the retailer has terms or conditions on their website and only send payments through a secure method such as a credit card or Venmo.

9. Fake charity organizations

Two out of three people donate money without first looking deeper into the charity. Fake charity organizations arise each year, impersonating legitimate organizations and contacting you to request donations or to provide personal information.

It’s important to research a charity before you donate. You can look up the organization on the Better Business Bureau's website or visit Charity Navigator, which rates charities on various factors related to financial transparency.

You may also want to contact the charity directly and inquire about the ways your donation will be used. A legitimate charity should be able to give you clear answers about what your money will be used for.

10. Facebook listing scams

Facebook scams encapsulate most of the fraudulent activities listed above and include cons such as:

  • Asking you to pay a fee in advance and not sending the product
  • Linking to malicious websites
  • Sending counterfeit inventory

One scam that stood out in 2021 involved Google Voice. In this type of fraud, scammers might contact you about a listing on Facebook Marketplace and say they wanted to purchase the item but first needed to verify your listing is legitimate. They then send a text with a Google Voice verification code and ask you to send them the code.

Once they receive it, the scammers try to forge a Google Voice number that’s linked to your phone number. This means they can use this Google Voice number to scam others and hide their identity, or gather information about you.

How to boost your Black Friday cybersecurity

You can keep your holiday spirits high and feel safer by implementing some personal protection strategies.

Check online reviews

A simple Google search for online reviews can help you determine whether a company or product is legitimate.

It’s important to educate yourself on exactly what you’re buying, including various features and warranties, and the company you’re buying it from. Reviews allow you to properly assess the pros and cons of the product as well as verify the company promoting the inventory.

Of course, if a product has only five-star reviews, it may be another case of “too good to be true.” This could be related to another type of scam called Amazon brushing, where sellers try to boost their product rankings on Amazon’s search pages by sending items that weren’t ordered.

Shop only on secured websites

If you look at a web address, the “s” in “https://” tells you the website has a security certificate. Some browsers also show a lock symbol near the domain name to show that encryption is present and the website is safe. Many larger businesses also utilize a trust seal to demonstrate credibility.

As online scammers get more experienced, it’s important not to rely on the security certificate and trust seal alone. Always double-check the URL and website for spelling and grammatical errors before entering your payment details. If a site suddenly tries to redirect you to another URL, close out of the site immediately and re-enter the correct company web address.

Set up antivirus software and get a virtual private network

Antivirus software is a great defense when it comes to protecting your personal information. This software scans your personal computer to remove malicious software that may have infected your operating system. Antivirus software is also a precautionary measure, as it can prevent viruses from being downloaded on your device.

Adding a virtual private network, or VPN, as an additional protection feature is also a good plan. A VPN uses encryption to keep your internet protocol (IP) address and online activity confidential while you roam the internet.

AVG offers both antivirus and a VPN with its Ultimate plan. You’ll also get phishing and ransomware protection, as well as unsafe email attachment blocking with AVG antivirus.

NordVPN is another service that offers a suite of solutions for consumer privacy. You can use its Threat Protection feature to avoid ads, trackers, and malware without connecting to the VPN.

Use a credit card instead of a debit card

Using a credit card during the checkout process offers better protection than using a debit card because credit cards may not tie up a shopper’s funds during a fraud investigation. Some credit cards also come with purchase protection — for example, Chase has its own purchase protection program.

Don’t click suspicious links

Make it a practice to review links and ensure they begin with https:// and end with a reputable domain name such as .com or .org. Hover over images or text links before clicking on them to make sure the actual link matches what’s in the message.

You can hover over an image or text link and see the full web address in the bottom-left of your screen to check if it matches.

A domain that’s made entirely of a series of numbers is most likely suspicious and should be avoided. Characters and numbers are more likely to make up a legitimate website domain name.

Install a password manager

It’s human nature to use the same password over and over, and this is what scammers count on. Cybercriminals can easily guess simple passwords, so the best source of protection is to obtain a password manager that will remember more complex and safer passwords for you.

A password manager not only stores passwords but also creates new ones. Here are some popular password managers we recommend:

  • 1Password can help you autofill your login information for easy access to multiple accounts. It also syncs your information across multiple devices so you always have access to your passwords.
  • With ease of use and two-factor authentication, LastPass is one of the most popular choices. LastPass also includes monitoring alerts if your information is compromised.

Beware of sharing personal info

It’s generally best practice to avoid sharing your personal information online. Hackers and identity thieves may use your personally identifiable information to break into your accounts or build synthetic identities.

Synthetic identity fraud occurs when your personal information is used in a damaging way to create a fake person or organization that commits financial crimes.

Want to see whether a company is legit? Go to Google and search “company name” + “scam” to see if anyone else has reported a scam related to it.

Avoid shopping on social media

Scammers invent fake profiles, marketplace listings, and social media ads that could look legitimate. You should remain cautious and verify the offer is legit before clicking on an ad or responding to a listing. And remember, using social media for purchases exposes your personal details and might compromise your financial safety.

What to do if you've been scammed on Black Friday or Cyber Monday

There are steps you can take if you suspect that you’re a victim of a holiday shopping scam, whether there was payment fraud or a breach of personal data.

  • Monitor your credit card and bank statements for fraudulent activity.
  • Call the company that issued your credit card or debit card and report the fraud. Ask for the transaction to be voided and request your money back.
  • If you’re a victim of gift card fraud, report a fraudulent transaction to the company that supplied the gift card and ask them to refund your money.
  • If you paid through a peer-to-peer payment application such as PayPal, contact the service and ask them to overturn the payment.
  • If you believe you logged into a fraudulent site, change your usernames and passwords immediately. Use a password manager to store your private information and antivirus to check for malware.
  • Ensure your computer antivirus software is updated and run a full scan often.
  • Report the attempted or actualized fraud to the correct governing bodies, such as the State Consumer Protection Office, the IC3, and the Federal Trade Commission (FTC).

Black Friday scam FAQs


+

Is ebuyblackfriday legit?

Ebuyblackfriday is a website that claims to offer deeply discounted products during Black Friday. However, there have been many reports of purchases from the website being a scam, with people never receiving products or receiving incorrect products.


+

What is a fake veteran Black Friday scam?

A fake veteran Black Friday scam is a fraudulent scheme where criminals pose as veterans or military personnel to take advantage of Black Friday sales and discounts. These scammers may also try to collect donations or other forms of financial assistance.


+

How do I protect myself on Black Friday?

You can keep your data secure and avoid most online scams by following these Black Friday online safety tips:

  • Only shop on secure websites. Look for the https:// in the URL and make sure the site has a valid security certificate.
  • Don't click on any links in emails or social media postings claiming to be Black Friday deals. These are often scams.
  • Use a credit card for your online purchases. Credit cards offer better protection against fraud than debit cards.
  • Keep a close eye on your credit card and bank statements. Watch for any unauthorized charges.
  • Use a VPN to encrypt your data when shopping online.

+

Is it safe to shop online on Cyber Monday?

With so many deals and discounts available, it can be tempting to take advantage of the savings by shopping on the busiest online shopping day of the year. However, there are some risks to consider before you make your purchase. Here are a few tips to help you stay safe while shopping online on Cyber Monday:

  • Only shop on reputable websites.
  • Make sure the website is using secure encryption.
  • Don't click on any links or attachments from unknown sources.
  • Don't enter any personal or financial information on a website that doesn't have a secure connection.

Bottom line

Every year, millions of people are scammed out of their hard-earned money by dishonest businesses and individuals. Although the internet has made shopping more convenient than ever, it has also made it easier for scammers to take advantage of unsuspecting consumers.

Although there are many ways to protect yourself against online scams that aim to take your identity, purchasing an identity theft protection program may be a proactive measure. This type of protection monitors your personal information, including your credit reports, and alerts you to any questionable activity. Some services can help you reclaim your identity if you are a victim of identity theft.

Author Details
Robin Moore
Robin Moore writes and edits on a variety of topics concerning blockchain technology and finance.