Scams

Watch Out for Black Friday and Cyber Monday Scams — Here's How to Avoid 5 of the Most Common Ones

Liubomyr Vorona | Istock | Getty Images

You'll probably spend some time this weekend going through Black Friday and Cyber Monday deals. Unfortunately, scammers are counting on that.

Shoppers spent nearly $20 billion online between Black Friday and Cyber Monday in 2021, making the shopping weekend prime territory for internet scammers.

And with budget-conscious shoppers seeking holiday sales steep enough to beat inflation, scammers are highly likely to take advantage, according to Ariana Bago, a fraud analyst at proxy provider Proxyrack.

"It's important to remain vigilant and aware of any potential scams that may come your way," Bago said in a statement emailed to CNBC Make It.

Here is Proxyrack's advice for avoiding five of the most common Black Friday scams you'll see this weekend.

Suspicious links

Scammers will try anything to get you to click a malicious link.

The link could distribute malware to your device, or direct you to a fraudulent website that tricks you into giving up your personal information or passwords to your financial accounts. It could appear in an email, text message or targeted ad on social media.

Bottom line: Don't click on a link unless you're absolutely sure it's legitimate.

"Never click a link and put your username and password in something that you didn't initiate," cybersecurity expert Kevin Mitnick told CNBC Make It last month. "That's a simple rule set that people should have."

If you do receive a message with a potentially suspicious link while shopping, double-check the message sender's contact information to make sure it matches the company or financial institution they claim to represent, Proxyrack advised.

If you're unsure, look for a legitimate phone number or email address and "contact the company or your bank directly to request more information on the issue," Bago said.

Browser extensions

Especially during the holiday shopping season, you're likely to see an uptick in offers to download "money-saving" browser extensions, Proxyrack's report noted.

Some of these are legitimate, and can help you unlock discounts or cash-back offers you might otherwise have missed. But scammers can also seize on your eagerness to find big savings by releasing fraudulent browser extensions that contain malicious software and phish your personal data.

Most Black Friday and Cyber Monday deals will be advertised up front on retailer's websites, Proxyrack said. If you do want to install a browser extension, research it on a reviews website like TrustPilot first to see if it's suspicious.

Billing scams

The last thing you'll want to hear is that some of your purchases didn't go through and might be canceled.

That's why scammers often pose as major retailers and contact you with an urgent message claiming an order didn't go through, or your payment information needs updating. They could also pose as your bank, asking you to verify your information before allowing your payments to process.

Scammers typically try to create a "sense of urgency," implying that if you don't act immediately, there will be dire consequences — like a canceled shopping order or even a frozen bank account, Proxyrack noted.

Legitimate companies rarely use that sort of intense language. If you do wish to follow up, Proxyrack suggested reaching out to the company directly to ensure you aren't sharing any valuable information with a third party.

Unfamiliar websites

If you're tired of inflation-bloated prices, you'll understandably be looking for the best shopping deals possible this weekend. That might lead you to fake websites offering deals that seem too good to be true, because they are.

As you're scouring different websites, double-check each website's URL to make sure it's legitimate before entering any personal information, Proxyrack advised.

If the website is unfamiliar, and you can't verify its legitimacy through research — again, sites like TrustPilot can help — play it safe and avoid it altogether.

Verification code scams

Multi-factor authentication is a relatively easy way to make it harder for hackers to crack your personal accounts.

But it's not impenetrable, and scammers can get around it by sending you a phishing message posing as your bank or a major retailer and asking you to confirm a verification code to finalize your purchase.

In those cases, the scammer likely already has your log-in information and password — possibly from a data leak — and they need the verification code to access your online accounts.

That's why banks and retailers typically remind you not to share your multi-factor authentication codes with anyone, and that they'll never call you on the phone to ask for the code.

Only enter a verification code directly into a login page that you know and trust.

Playing it safe this shopping season might feel frustrating, but it's far better than the alternative. "It's best to miss out on a couple of deals than to be scammed out of a lot of money through bank fraud," Bago said.

Want to earn more and work less? Register for the free CNBC Make It: Your Money virtual event on Dec. 13 at 12 p.m. ET to learn from money masters how you can increase your earning power.

Sign up now: Get smarter about your money and career with our weekly newsletter

Copyright CNBCs - CNBC
Contact Us