The Answer

Advice, staff picks, mythbusting, and more. Let us help you.

A person holding a laptop on their lap while using a blue ATM card to purchase something on their smartphone
Photo: iStock/Kirill Smyslov

How to Avoid Online Holiday Shopping Scams

Black Friday is almost here, and the shopping holiday brings with it a flood of promotional emails and text messages from retailers promising steep discounts—if you act fast. Scammers take advantage of the blitz by sending their own emails and texts, except their links are designed to phish your personal information or steal your money. Here are some telltale signs of scams to watch out for, and what to do to keep yourself safe.

How to spot a Black Friday scam

Creating a false sense of urgency is a common scammer tactic, and Black Friday scams can take many forms. In 2022, scammers posed as Home Depot, sending emails promising $500 gift cards to a limited number of shoppers as part of a Black Friday deal. The catch: Buyers had to pay a small shipping fee to receive the phony prize.

If you receive an email or text that appears to be from a store you shop at regularly and promises an unusually good deal, think twice. Look at every URL before you click, and keep an eye out for unusual constructions or misspellings. Amaz0n.com is not the same as Amazon.com, for example, and usps.upspb.com is not the US Postal Service. Other URL tricks are more difficult to spot; the URL secure.apple.site.ru might seem legitimate unless you read it all the way to the end.

Scammers also take over legitimate storefronts and use digital credit card skimmers to intercept payment information. Small businesses and abandoned sites are more susceptible to having their websites compromised with skimmers, so check to see if the business is actually still active before entering payment information.

According to a recent report from Malwarebytes, a security software company, compromised online shops number in the hundreds, with 80 new malicious domain names registered by a single scammer operation in October. Skimmers are embedded in websites and are sometimes very hard to spot, but Malwarebytes suggests that outdated copyright information can be a sign that the site isn’t properly maintained and could be compromised.

Scammers also pay to have malicious links advertised on search engines or social networks, a tactic called “malvertising,” and those links can take the form of convincing ads from retailers. Clicking the link takes you to a well-designed site made to phish your personal information. Be sure to hover your mouse over promoted ads on search and social sites and check that the URL is legitimate before clicking.

Social media platforms can be a cesspool of Black Friday scams. Shopping scams, primarily found on Facebook and Instagram, comprised 44% of reported social media fraud in the first half of 2023, according to the Federal Trade Commission. The most common scam is a simple one: Scammers take payment for an item, typically clothes or electronics, and never deliver the product. Before buying something from an Instagram post, check out the account behind it to confirm that the offer is legit.

Unusual spellings in messages and poorly designed sites are often held up as telltale signs that they were written by scammers. Though that can still be true, scammers are becoming savvier.

“The recent rise of artificial intelligence and large language models has become a true game changer for this type of fraud because once easy-to-spot scam emails and text messages are now nearly flawless and incredibly hard to detect with the naked eye,” Bogdan Botezatu, director of threat research and reporting at security firm Bitdefender, told us.

Although most of the experts we spoke with emphasized the dangers of phishing sites and scam emails, shoppers should also be wary of text messages. According to security software firm McAfee, a scammy Black Friday text might promise a gift or a big discount, but the included link leads to a phishing site designed to steal your personal information. These scams are very difficult to spot if the URL isn’t fully visible, especially since even legitimate companies use link-shortening services that can obscure URLs. Instead of clicking on a link in a text, visit the company’s website to confirm that the offer is legitimate.

Why scams spike during the holidays

Scammers often rely on news events to lend the scams an air of legitimacy and timeliness. It’s not unusual to see scams tied to sporting events such as the World Cup or even natural disasters. Black Friday and other shopping holidays are especially enticing for scammers because people are already primed for spending. Recent Bitdefender data revealed that Black Friday–themed spam rose from just 3% of detected spam on November 9 to 22% on November 13. Out of all the Black Friday spam emails the company examined, 46% were flagged as scams by the company’s software. Botezatu told us that it’s because “people are more susceptible to impulse shopping and tend to let their guard down as they prepare for some much-needed downtime with family and friends.”

Such threats continue after Black Friday into the rest of the holiday season. McAfee Labs told us that it expects the number of malicious sites and apps its customers encounter to jump by 10 million on Christmas and New Year’s Day.

Although there are many deals to be had around Black Friday and Cyber Monday, it can save you money and headaches to be just as careful looking for scams as you are for savings. When in doubt, turn to Wirecutter: Our Deals team is vetting tens of thousands of discounts to find the best legitimate Black Friday deals.

This article was edited by Caitlin McGarry and Signe Brewster.

Edit