4 Clever Black Friday Scams & How To Avoid Them

by | November 20, 2021 | How to, ATTACK Simulator Guides

Cybercrooks never miss an opportunity to net some money from unsuspecting victims. With massive discounts and sales coming our way in late November, it’s not that hard to click on the wrong link or provide your payment details to the bad guys in our quest to score a crazy deal.

But we’ve got you covered with our list of four Black Friday scams to watch out for in 2021 and how to avoid becoming a victim.

Black Friday scams prey on people's desire to score a great deal.

4 Black Friday Scams To Watch Out For

The scams can come in all shapes and sizes, but the red flags are there for the keen eye to see.

Phishing Websites & Apps

The ultimate goal of a phisher is to get their hands on your personal info, such as payment details, social security number, or login credentials, so they can use it to steal your money. Masquerading as a reputable entity, the attackers send out legitimate-looking emails or text messages, typically with a link to a credential-stealing website, designed to look identical to the official one.

These phishing attacks happen all the time, but prepare for a significant spike in fraudulent messages impersonating Amazon, Best Buy, or other big names in the retail sector during Black Friday or the holidays.

Be wary of emails asking you to update your payment method or personal data. When in doubt, reach out to the company’s helpdesk to ensure that the email is not a scam before taking any action requested.

Here are some tips to help you spot a phishing email, according to the Federal Trade Commission and StaySafeOnline.org

  • Look for extra characters or misspellings in the sender’s email address.
  • Spelling errors or bad grammar either in the subject line or in the body is a dead giveaway of a scam.
  • Generic greetings and addressing you by “Mr.” or “Ms.” or “Dear Customer” instead of by name can be signs of a fraud attempt.
  • Be cautious of emails prompting you to take an urgent action and asking you to click a link and fill in sensitive data, especially payment details.
  • Be wary of emails offering you a refund, coupons or other freebies.
  • Pay close attention to the brand logo in the email – if it looks low-quality or just off, chances are you’re being phished.

Digital Credit Card Skimming

This technique requires hackers to use a skimming device that can easily be placed over a card reader at an ATM or a fuel pump without grabbing your eye.

The moment you swipe your card at a compromised machine, the skimmer intercepts the data from the card’s magnetic stripe and either stores it or sends it back to the hacker.

However, hackers have extended their techniques to the digital world – instead of using physical hardware, they can insert malicious code directly into a website to steal your payment information.

E-skimming or Magecart attacks have seen an increase in the last two years due to the pandemic. Tim Mackey, the principal security strategist for cybersecurity firm Synopsis, warns, “There isn’t an obvious way for the average person to be able to identify if or when a website has been compromised. The only potential tell-tale sign might be that the website itself doesn’t quite look ‘right.'” 

Here are Mackey’s recommendations you can use to protect yourself against e-skimming: 

  • Don’t save your credit card information on retail sites.
  • Try to use a third-party payment method like Apple Pay or Google Wallet.
  • Enable purchase alerts.
  • Disable international purchases on all credit cards.
  • Never make purchases on a public Wi-Fi where your payment could be intercepted.

The ‘Secret Sister’ Gift Exchange

This sketchy gift exchange among strangers on the Internet is similar to the popular ‘Secret Santa’ and originated on Facebook. In the ‘Secret Santa’ game, each player in a group buys a present for one other randomly picked group member. Of course, the gifter keeps their identity secret.

The ‘Secret Sister’ is a pyramid scheme and its exchange invitation promises you gifts worth $360. First, however, you need to purchase and mail a $10 gift for someone else. Needless to say, you’ll be out of your ten bucks, with nothing in return. Plus, you’ll have given your personal info to strangers, as the scam requires you to send your name, email address, and phone number.

Ignore any request to become a Secret Sister, do not provide your sensitive data to strangers on the Internet. You can further report the invite to Facebook or whichever social media platform you were approached on.

Fake Charities

During the oncoming holiday season, non-profit organizations see a significant increase in donations. But, unfortunately, scammers prey on people’s generosity and run elaborate schemes to steal money.

Here’s what you can do if you get a phone call from a charity and are in doubt:

  • Use a website like CharityWatch or even Google to do your research on a charity and learn how whether it is legit.
  • Pay close attention to the organization’s name and website. Fake charities often mimic popular charities. If it’s too similar in name to another, chances are it’s a fraud.
  • Don not give provide all your personal information. While it’s expected to provide your card details, don’t give away your Social Security number or bank account number.
  • Avoid making cash donations. Unless you’re 100% certain about a charity’s legitimacy, don’t donate cash, gift cards, or cryptocurrency.

Many scams start with a harmless-looking phishing email.

ATTACK Simulator’s Security Awareness Training program will help you enrich your employees’ cybersecurity knowledge with up-to-date security best practices to keep your company safe from scammers and avoid potentially irreparable damage.

Are your employees prepared for a phishing attack? Put them to the test now with our free security awareness training trial and see how well they’d do!


Online illustrations by Storyset

Web illustrations by Storyset

Business illustrations by Storyset

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.