Scammers prey on Black Friday buyers – don't fall for fake online shops

Cartoon image of person falling victim to phishing scam
(Image credit: NordVPN)

Black Friday and Cyber Monday is a great time to grab a bargain and millions of people will be taking advantage of some fantastic offers this year, including a host of great Black Friday VPN deals – but don't get caught out. Research by NordVPN, one of the best VPNs, has discovered a 35% increase in consumer attempts to visit fake shops in October, compared to September, with the number expected to grow during Black Friday and Cyber Monday shopping fever.

Statistics from Nord's Threat Protection Pro revealed that the number of blocked attempts to access fake shops rose from 9.9 million in September to 13.4 million in October, with an average of 381,000 blocked attempts per day.

According to a recent YouGov survey, 36% of Americans are planning to shop around for Black Friday deals, with 34% looking for deals on Cyber Monday. Research from NordVPN in 2023 showed one in four Americans who have been scammed while shopping, were done so on shopping events such as Black Friday. This works out at a total of 34 million people.

"Cybercriminals use AI-based tools to quickly, easily, and efficiently create fake shops and increase their capabilities to scam people looking for the best deals," says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN. "Sometimes criminals build up fake shops to collect payment card details and personal information, but sometimes this leads to direct financial loss: customers pay for products which they never get or sometimes get only the photo of the goods they purchased."

Can you recognise fake shops?

Fake online shops are especially dangerous because they can be very convincing, and with early Black Friday deals going live, the risk is already growing. But is there a way of spotting these impersonations? Cybersecurity experts warn that the rising wave of professionally-made websites could trick even more people into disclosing their personal data or falling for a scam by exchanging money for a nonexistent product. While some pages are developed as original shops, some are trying to trick people by impersonating well-known brands.

A common trick used by cybercriminals is subtly changing the website domain name. For example, they may replace "Amazon" with "Armazon," a change you could very easily not notice. The use of short URLs is common, often being used to hide the actual web address. There are various other ways of deceiving unsuspecting customers, with common tactics including unrealistic and "too good to be true" discounts. Sites appear to be offering unbeatable prices but then disappear as soon as payment is made. Always browse multiple sites and if one deal is significantly cheaper than all the others, it's worth double checking its legitimacy.

Cartoon cybercriminal stealing online goods

(Image credit: Getty Images)

Fake sites will often fail to deliver the product they've advertised. Your items may arrive broken, be cheap or fake, or even not arrive at all – leaving you with no way to return it, or get your money back. Fake reviews are a quick and easy way for scammers to lure you in. An array of positive reviews may look good but it's important to look a bit deeper. Are the reviews vague and lacking detail? If so, they're probably not real. No negative reviews are a giveaway as well, as scammers won't want you to see them. A common red flag is if a very young site has an unusually high number of reviews. Scammers use this tactic to quickly establish trust and lure in unsuspecting victims.

Phishing is a well established tactic utilised by scammers. They send out emails or texts inviting you to enter your personal information or access fraudulent shops. They may look like they're from real brands, or trusted services like your bank, but are really a way for criminals to steal your data. Always be vigilant if you receive one of these messages, and never enter your information unless you are 100% certain it's legitimate. Many of the most secure VPNs offer a form of threat protection, identity defender, or anti-phishing features in their plans.

How else can you protect yourself from online shopping scams?

There are a number of ways you can prevent yourself from falling victim to shopping scams this Black Friday, and in the future. VPNs, along with the best antivirus software, are a great way to protect your privacy and security online and many of the best providers include cybersecurity tools such as ad and malware blockers, password managers, or even cyber insurance in their more premium plans. For example, NordVPN offers Threat Protection Pro and ExpressVPN offers Identity Defender.

Tools like these can identify dangerous and suspicious sites, warning you of their danger before you access them. Our guides can help you navigate the features different VPNs offer so you can find the right one for you.

Padlock over shield with electronic dark blue background

(Image credit: Getty Images)

VPNs are a fantastic way of protecting yourself and your data online but they are not a silver bullet. Human error is one of the biggest causes of data breaches and you must be aware of all the dangers posed. Be sceptical about sites, never access or submit anything you're not 100% sure about. Avoid unusual payment methods, such as cryptocurrency or wire transfers, as these are harder to track and therefore favoured by scammers.

Although some can be, the websites used by scammers are not always of good quality. Look for typos or grammatical errors, sloppy writing, and poor quality images, these are all giveaways of a fake website.

You can also look for the company's contact information. Genuine companies will almost always have an email address or phone number you can contact them on and will have their office location and city available to view. All this can normally be found in the "About" or "Contact" sections of the website. Whilst scammers can replicate it, if a company's website doesn't have this information then that is a red flag.

Remember to always read a company's privacy policies and terms of use, so you understand what is happening to your data and where it's going. Once you consent to data collection or give out personal information, there isn't a lot VPNs can do to protect you. Finally, check website domains, SSL certificates, and you can even use URL checker tools, to assess the validity of the website you're visiting.

Following these steps, staying vigilant, and using tools such as VPNs and malware blockers can help keep your data and personal information safe this shopping season.

Staff Writer

George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights, censorship, data, and the interplay between cybersecurity and politics. Outside of work, George is passionate about music, Star Wars, and Karate.