10 Worst Black Friday Scams and How To Avoid Them

With Black Friday sales come Black Friday scams. Some of the worst Black Friday scams include fake delivery notifications, spoofed shopping sites, account verification scams, and more.

Four out of five adults in the U.S. reported having been targeting by or experienced at least one form of fraud.^[1] Thankfully, awareness of common scams and learning how to protect yourself are the best defenses against online schemes. Here’s are 10 Black Friday scams to watch out for and tips to protect yourself from these scams.

10 fake Black Friday and Cyber Monday deals to watch out for

While malware has existed on the web since 1988, scammers are getting creative beyond spoofing shopping websites and tainting links. Social media scams have taken off, with one in four individuals who reported losing money to fraud since 2021 saying it started on social media.^[2]

It’s important to know how to stay safe on social media, but Facebook and TikTok aren’t the only places scammers look for a quick buck, especially when it’s time for Black Friday shopping. Let’s review the most common ecommerce scams and red flags so you can easily spot and avoid them.

1. Fake coupons and vouchers

Everyone loves a coupon, especially during the holiday shopping season. You may try to save money by entering your contact information into an official-looking website to receive an online coupon code.

However, after entering your contact information, you could be taken to an untrustworthy site and shown an advertisement for an unrelated product. The coupon code may also not work, and your contact information could be sold to third parties.

To avoid these risks, it’s best to use coupons only from trusted websites, preferably directly from the retailer. Be sure to read the terms and conditions of each coupon before you use it, and always exercise caution when sharing personal information online.

2. Spoofed shopping sites

Domain spoofing occurs when scammers use fake websites that mimic the real websites of businesses. Except for the domain name, the spoofed website can look identical to the trusted site. The spoofed website might collect personal information, including payment details when you try to make a purchase, or it could download malware to your device.

How can you identify a spoofed site that may be infected with malware? Check the website URL in the address bar for “https://” and the website itself for suspicious content, such as grammatical errors and typos.

If you suspect a website is fraudulent, don’t enter any personal information or click on any links. You should also report the website to the Internet Crime Complaint Center (IC3).

3. Account verification scams

Account verification scams occur when fraudsters ask for personal information to secure your account. You may receive a text message or email that looks like an official communication from a company, and it may sound urgent — a common theme with these scams is a warning that someone has compromised your account.

This is known as phishing, where cybercriminals try to trick you into sharing your passwords, credit card numbers, or other personal information.

A survey conducted by AARP found that only 33% of U.S. adults know that online retailers won’t ask for login info to provide customer support.^[1] Never give out your personal information, such as your Social Security number, credit card number, or bank account information, unless you’re certain you’re dealing with a legitimate company.

4. Fake delivery notifications

Smishing is a type of phishing scam that occurs when scammers send text messages from a legitimate-looking company to lure you into revealing personally identifiable information such as credit card information, passwords, or your Social Security number.

Delivery cons use smishing to alert you about a fake package delivery. The message may include a link asking you to update your personal information. If you click the link, you’re taken to a website that asks for personal details and could install malware on your device.

Fake delivery notifications could also include phone calls from a fraudulent call center with a scammer asking to verify your personal information. This type of fraud is frequent enough that the U.S. Postal Service posted an alert regarding this scam,^[3] and UPS shared examples of this type of fraud to inform its customers.^[4]

5. Fake order confirmation

Everyone is concerned about receiving their packages in a reasonable amount of time before the holiday season. Scammers exploit that concern by creating fake order confirmation scams.

You might receive a phone call, email, or text message that looks like an official order confirmation. The message might list the total amount to be charged to your bank account for a product or service and include cancellation instructions. The problem is, you don’t remember placing the order. But when you call to cancel the fake order, “agents” are waiting by the phone to steal your banking details.

Another tactic involves asking you to download an attachment from a phishing email and return it with your information filled out in order to have the order canceled — beware, the file likely contains malware.

If you receive a surprise order confirmation but don’t remember ordering the item or shopping at the store, don’t click any links. If the seller seems reputable, contact the retailer directly to confirm your purchase and delivery date.

6. Non-delivery scam

Another form of order confirmation fraud, called a non-delivery scam, involves not receiving an order confirmation at all.

After making an online purchase, you naturally anticipate receiving an order confirmation with a tracking number. But with this type of fraud, you receive nothing in terms of an order confirmation or package tracking number. The seller or website usually disappears if you try to inquire about the purchase.

It’s recommended to double-check a store’s physical address, phone number, and secure HTTPS web address before making a purchase. And remember: if a deal seems too good to be true, it probably is.

7. Billing error scams

As with fake delivery notifications and fake order confirmation scams, a billing error scam falsifies a sense of urgency.

You may receive an invoice or phone call about products you didn’t order. Counterfeit invoices can be sent as email attachments that might infect your computer, or a scammer may call you to confirm your payment details to settle the bill. You could even receive a PayPal invoice that looks legit but isn't. These methods are used to obtain your information illegally.

Again, if you don’t remember placing the order or shopping with that particular business, don’t click on any links, give out any info, or download any attachments. Instead, contact the seller directly to discuss the order.

8. Gift card scams

In this type of scam, an online company may ask for an unusual payment method, such as a prepaid card, gift card, or wire transfer. If you pay using one of these methods, you may never receive your purchase.

With the addition of cryptocurrency as a payment medium, new gift card scams include gift card generators designed to install malware that detects the buyer’s cryptocurrency wallet address on the blockchain.

To spot this type of scam, make sure the retailer has terms or conditions on their website and only send payments through a secure method such as a credit card or Venmo.

9. Fake charity organizations

Fake charity organizations arise each year, impersonating legitimate organizations and contacting people to request donations or personal information.

It’s important to research a charity before you donate. You can look up the organization on the Better Business Bureau’s website or visit Charity Navigator, which rates charities on various factors related to financial transparency.

You may also want to contact the charity directly and inquire about how your donation will be used. A legitimate charity should be able to provide clear answers about what your money will be used for.

10. Facebook listing scams

Facebook scams encapsulate most of the fraudulent activities listed above and include cons such as:

• Asking you to pay a fee in advance and not sending the product
• Linking to malicious websites
• Sending counterfeit inventory

One scam that stood out in 2021 involved Google Voice. In this type of fraud, scammers might contact you about a listing on Facebook Marketplace and say they want to purchase the item but first need to verify your listing is legitimate. They then send a text with a Google Voice verification code and ask you to send them the code.

Once they receive it, the scammers try to forge a Google Voice number linked to your phone number. They can then use this Google Voice number to scam others, hide their identity, or gather information about you.

How to boost your Black Friday cybersecurity

You can keep your holiday spirits high and feel safer by implementing some personal protection strategies.

Check online reviews

A simple Google search for online reviews can help you determine whether a company or product is legitimate.

It’s important to educate yourself about exactly what you’re buying, including various features and warranties and the company you’re buying it from. Reviews allow you to properly assess the pros and cons of the product and verify the company promoting the inventory.

Of course, if a product has only five-star reviews, it may be another case of “too good to be true.” This could be related to another type of scam called Amazon brushing, where sellers try to boost their product rankings on Amazon’s search pages by sending items that weren’t ordered.

Shop only on secured websites

If you look at a web address, the “s” in “https://” tells you the website has a security certificate. Some browsers also show a lock symbol near the domain name to show that encryption is present and the website is safe. Many larger businesses also utilize a trust seal to demonstrate credibility.

As online scammers get more experienced, it’s important not to rely solely on the security certificate and trust seal. Always double-check the URL and website for spelling and grammatical errors before entering your payment details. If a site suddenly tries to redirect you to another URL, close out of the site immediately and re-enter the correct company web address.

Set up antivirus software

Antivirus software is a great defense when it comes to protecting your personal information. This software scans your personal computer to remove malicious software that may have infected your operating system. Antivirus software is also a precautionary measure, as it can prevent viruses from being downloaded on your device.

TotalAV is a user-friendly antivirus program with high ratings from third-party testing sites. With TotalAV, you can ensure protection from malicious viruses, malware, and dangerous websites as you holiday shop.

No Fuss, Real-Time Online and Mobile Protection

4.5

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On TotalAV's website

Antivirus Software

TotalAV

First year discount on paid plans

• Real-time protection from viruses, malware, and online threats
• Blocks tracking cookies and ads, proactively monitors for data breaches, and option to schedule smart scans
• 100% compatible with Windows, Mac, Android, and iOS operating systems on up to 3 devices
• Lacks firewall protection

Get a virtual private network

Adding a virtual private network, or VPN, as an additional protection feature is also a good plan. A VPN uses encryption to keep your internet protocol (IP) address and online activity confidential while you roam the internet.

NordVPN is a VPN that offers a suite of solutions for consumer privacy. You can use its Threat Protection feature to avoid ads, trackers, and malware without connecting to the VPN.

Customizable Coverage That is Simple to Use

5.0

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On NordVPN's website

VPN

NordVPN

Up to 72% off 2-year plans + a Saily eSIM data gift

• Ultra-secure, high-speed VPN complete with malware protection and automatic blocking of intrusive ads and third-party trackers
• Other benefits include a premium password manager, dark web monitoring, and access to IP-restricted content
• 3 plans to choose from for custom protection on up to 10 devices

Use a credit card instead of a debit card

Using a credit card during checkout offers more protection than using a debit card. This is because credit cards may not tie up a shopper’s funds during a fraud investigation. Some credit cards also come with purchase protection — for example, Chase has its own purchase protection program.

Don’t click suspicious links

Make it a practice to review links and ensure they begin with https:// and end with a reputable domain name such as .com or .org. Hover over images or text links before clicking on them to make sure the actual link matches what’s in the message.

A domain made entirely of a series of numbers is likely suspicious and should be avoided. Characters and numbers are more likely to make up a legitimate website domain name.

Install a password manager

It’s human nature to use the same password over and over, and scammers count on this. Cybercriminals can easily guess simple passwords, so the best protection is to obtain a password manager that will remember more complex and safer passwords for you.

A password manager not only stores passwords but also creates new ones. Here are some popular password managers we recommend:

• NordPass can help you autofill your login information to access multiple accounts easily. It also syncs your information across multiple devices, so you always have access to your passwords.
• Keeper is another password manager with ample features and lots of compatibility across browsers and operating systems. It's also never been hacked and holds a number certifications for compliance to assure you of its commitment to user security. 

Beware of sharing personal info

It’s generally best practice to avoid sharing your personal information online. Hackers and identity thieves may use your personally identifiable information to break into your accounts or build synthetic identities.

Synthetic identity fraud occurs when your personal information is used in a damaging way to create a fake person or organization that commits financial crimes.

Avoid shopping on social media

Scammers invent fake profiles, marketplace listings, and social media ads that could look legitimate. You should remain cautious and verify the offer is legit before clicking on an ad or responding to a listing. And remember, using social media for purchases exposes your personal details and might compromise your financial safety.

What to do if you’ve been scammed on Black Friday or Cyber Monday

There are steps you can take if you suspect that you’re a victim of a holiday shopping scam, whether there was payment fraud or a breach of personal data.

• Monitor your credit card and bank statements for fraudulent activity.
• Call the company that issued your credit card or debit card and report the fraud. Ask for the transaction to be voided and request your money back.
• If you’re a victim of gift card fraud, report the fraudulent transaction to the company that supplied the gift card and ask for a refund.
• If you paid through a peer-to-peer payment application such as PayPal, contact the service and ask them to overturn the payment.
• If you believe you logged into a fraudulent site, change your usernames and passwords immediately. Use a password manager to store your private information and antivirus to check for malware.
• Ensure your computer antivirus software is updated and run a full scan often.
• Report the attempted or actualized fraud to the correct governing bodies, such as the State Consumer Protection Office, the IC3, and the Federal Trade Commission (FTC).

Black Friday scam FAQs

Bottom line

Every year, millions of people are scammed out of their hard-earned money by dishonest businesses and individuals. Although the internet has made shopping more convenient than ever, it has also made it easier for scammers to take advantage of unsuspecting consumers.

Although there are many ways to protect yourself against online scams that aim to take your identity, purchasing an identity theft protection program may be a proactive measure. This type of protection monitors your personal information, including your credit reports, and alerts you to any questionable activity. Some services can help you reclaim your identity if you are a victim of identity theft.

4.9

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On Aura Identity Theft's website

Identity Protection

Aura Identity Theft

Up to 68% off Family Annual Plans

• Excellent identity theft protection service
• Includes a password manager and VPN
• Robust tools for children’s security

Author Details

Robin Moore

About the Author

Robin Moore is a freelance writer and editor specializing in blockchain technology, including wallet security and data privacy. She is the current Managing Editor for Watcher.Guru, a startup blockchain and finance news publication with 1.7 million followers on Twitter. Robin has also been the lead content editor with Genfinity.IO, another startup blockchain research publication. Before entering the Web3 space, she was a business analyst within the oil and gas industry. When she is not offering advice on the best ways to protect data privacy, she is hiking, doing yoga, or networking with her Web3 family on crypto-Twitter.