How to shop safely on Black Friday

Black Friday shopping

If you're looking for the best Black Friday deals at the shopping mall or retail websites, better beware — your money and your privacy will be under attack by both criminals and advertisers. (Same goes for Cyber Monday deals.)

The crowds in the malls will probably be a bit bigger this year than they were at the height of the pandemic in 2020, and crooks will be out in force both in the brick-and-mortar world and online. 

Fortunately, there are a few simple ways you can protect yourself and make sure your holiday season isn't ruined by identity theft, incessant ads or an emptied bank account. And if you're doing a lot of shopping on Amazon, here are some specific tips on avoiding Amazon scams.

Black Friday safe-shopping tips

1) Turn off your smartphone Bluetooth, Wi-Fi and GPS when you leave the house.

Many shopping malls track which stores you go into by following your phone's unique wireless IDs, which is bad enough. But criminals can also set up rogue Wi-Fi hotspots in shopping malls to gain access to the phones of passersby. Avoid both by switching off everything but the cellular signal.

2) Don't let your credit card leave your hand.

Underpaid cashiers can make an extra buck or two by "double-swiping" a customer's card to steal the card number and other information. The proliferation of "chip" cards and of point-of-sale terminals that only the customer uses has reduced the frequency of this threat, but it still happens. If you must hand your card to a cashier, don't let it out of your sight.

3) Check your credit-card statements every few days during the holiday shopping season.

Point-of-sale terminals in brick-and-mortar stores can have card "skimmers" discreetly glued on (Costco recently had this happen), and checkout pages on online shopping sites can be infected with card-number-stealing malware. The databases of the companies that process all those charges are also vulnerable. 

If criminals steal your credit-card number, they will want to use it quickly. It's likely that any fraudulent charges will show up on your account within a few days, or even hours, of the card-number theft.

Every few days during the holiday season, call the customer-service number on the back of your card to check your balance and recent transactions. You can also do this online, but first make sure your computer's software is up-to-date and that you're running some of the best antivirus software. 

If anything looks amiss on your credit-card account, contact your card's issuing bank immediately so that you can be reimbursed for fraudulent charges.

4) Use debit cards only at familiar retail stores, and never use them online.

Debit cards help you avoid interest costs and spending limits, but credit cards offer much better protection against fraud, theft and scams. If someone steals your credit-card number, you'll be on the hook for at most $50. 

If they steal your debit-card number, however, they could clean out your bank account before you even find out that the card has been compromised.

For these reasons, don't ever use a debit card online. And if a site asks you to pay with a gift card or a direct bank transfer instead of a credit card, that's a huge red flag — run away fast.

5) Make sure the ATM you use isn't compromised.

Card "skimmers" glued onto ATMs are getting smaller and more sophisticated. See if the card-slot housing on the ATM wiggles when you tug it, or whether it looks different from the slots on other ATMs in the same bank vestibule. If so, try another ATM machine or, even better, another ATM location.

Also, don't ever use stand-alone ATMs placed outside shops in public places. You don't know who put it there. Stick to bank-branch ATMs in dedicated vestibules.

6) Stay off the shopping-mall Wi-Fi network.

Public Wi-Fi networks are easy pickings for credit-card thieves and identity thieves, even if the networks ask you for a password. To stay safe, stick to your phone's cellular data plan or use a VPN service. Don't ever shop or bank online using a public Wi-Fi network.

7) Be very careful when responding to deal offers.

Criminals will try to lure to you malicious websites with email messages, online ads, social-media postings or even text messages promising fantastic deals.

If you're on a computer, hover your cursor over the links in the ads, emails, Facebook postings and tweets to see where the links really lead. If you're on a smartphone, don't click at all, especially not on a link in an unsolicited text message.

Don't click on anything that looks strange. For example, "amazon.com" is legit, but "amazondeals.com" probably isn't. And beware shortened URLs that are only a few characters long — they could lead anywhere.

Your best bet is to simply avoid embedded links. If you get a message about a great new deal, skip the link and instead go to the retailer's website and search for it there.

Don't forget — if a deal seems too good to be true, it's probably fake.

8) Stay home and shop online instead.

You don't really want to deal with stampeding crowds, do you? Unless you're willing to show up at 4 a.m. for a crack at a heavily discounted TV, you'll find most of the same deals online. 

Of course, you'll have to read our guide to online shopping precautions first. But here are some highlights.

9) Update your computer and smartphone software. 

Cybercriminals most frequently prey on machines with out-of-date software that has well-known vulnerabilities. Keep your operating systems and web browsers up-to-date and you'll be way ahead of the crowd. 

10) Stick to familiar brands when shopping online. 

We hate to bash the little guy, but shoppers are at much greater risk buying items from a store they've never heard of than from a familiar brand. So play it safe and keep to the familiar side of the street.

11) Don't use a search engine to find deals.

Crooks will create fake shopping pages and then rig things so those pages show up near the top of search results. Don't click on those. Instead, go to your favorite online retailers and use their internal search engines to find deals.

12) If possible, don't create an account, and don't let the site save your credit-card number.

When you type a credit-card number into an online shopping site, don't let the site save the card number. Yes, you'll have to type in the card number again next time you visit the site (although one of the best password managers can fill it in for you), but you'll have one less thing to worry about when that site gets hit by a data breach.

Likewise, most retail websites (though not Amazon) will let you buy things without creating an account. If you're only shopping on that site once or twice a year, there's no real reason to create an account. Shop as a "guest" instead.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.