‘Tis the season for cybercriminals

Black Friday has evolved from an American shopping tradition to a global phenomenon. But with the surge in online purchases as people look for excellent deals, comes an equally concerning spike in cybercrime. Businesses and individuals alike must stay vigilant to avoid falling victim to scams. Let’s take a look at common cyber threats during this shopping season and tips to protect your most precious data.

Account takeover scams

Cybercriminals often target online accounts with saved payment information, aiming to make fraudulent purchases. Using stolen credentials, often obtained from data breaches, hackers exploit accounts by changing passwords to lock out the original user. Other means of entry include running login attempts across multiple platforms using the same credentials. This method becomes particularly dangerous if you reuse the same email and password across accounts, so if you’re not utilising a password manager, get it sorted an ensure every member of your team is doing the same.

How to prepare your team to defend against account takeovers

• Ensure strong, unique passwords are used for every user, across every account.
• Avoid saving payment details in online accounts; enter them manually instead.
• Enable two-factor authentication (2FA) to add an extra layer of security.

Fake delivery notifications

With the flood of packages being delivered at home and, let’s be honest, to the office during Black Friday and holiday shopping season, scammers see it as an opportunity to send fraudulent emails or texts pretending to be from the most common delivery services. These messages often claim you’ve missed a delivery or need to track a package and include malicious links or attachments. It’s easy to believe because the chances are that you are expecting a delivery. Clicking on these links can result in malware infections or theft of personal information via fake login pages.

Tips to spot phishing emails:

• Always double, or even triple, check the sender’s email address. Legitimate companies use official domains (e.g., info@companyname.com) though scammers are getting smarter at using feasible email sender addresses. It is always worth the time to check the domain again before clicking links.
• Use robust, paid-for email spam filter, designed for businesses to catch a lot of suspicious messages before they even land in an inbox.
• For businesses, phishing simulation training can help teams recognise potential scams and strengthen security awareness.

Card-not-present scams

This type of fraud involves using stolen card information for transactions that don’t require a PIN, such as over-the-phone purchases. Criminals may gain this information through lost cards, hacked accounts, or carelessly stored card details. Nationwide Building Society reports that this scam accounts for around a quarter of the fraud cases they deal with.

How to prepare for the rise in card-not-present scams:

• Regularly monitor bank statements for unfamiliar transactions, no matter how small. Scammers will often test the waters with a £3 transaction to ‘Macdonalds’ before going for broke.
• Freeze lost cards immediately when you realise they’re missing. Thankfully online banking makes this faster than ever and easy to reverse if you find the card simply slipped down the back of the sofa!
• Never share one-time verification codes sent to your phone, even if requested by someone claiming to be from your bank.

Too-good-to-be-true deals

Not all scams involve direct theft—some are about misleading offers. Black Friday sales sometimes inflate prices beforehand to create the illusion of a discount. Other times, shoppers unknowingly purchase counterfeit or misrepresented goods, particularly on marketplaces like Amazon, Temu, or Shein where it can be difficult to tell.

Tips to stay alert to bad deals

• Research the product and compare prices across reputable retailers.
• Read product descriptions carefully to ensure you’re getting what you expect.
• Stick to trusted sellers to avoid counterfeit goods.

Stay cyber safe

Black Friday is a time of excitement and deals, but it’s also a golden opportunity for scammers. By following these tips, you can protect your personal and business finances while enjoying the sales.

If you want to take a detailed look at your security plans and processes, or have been thinking about accessing training to help your team spot cyber threats, we’re here to help. Contact us to discuss how we can help you safeguard your organisation during the busiest shopping season of the year.

You might also like: How bad personal Facebook security can cause business headaches