Protect yourself online when you’re shopping the Black Friday and Cyber Monday sales

We’ve rounded up the most common security risks to avoid, so you can browse for great tech deals without the worry.

Whether you’re thinking ahead to holiday gifting or you’ve been waiting for a discount on the device or gadget of your dreams, Black Friday and Cyber Monday provide a golden shopping opportunity. (We’ve got plenty of Black Friday deals on phones, tablets, wearables and more ourselves.) But sadly, there are plenty of unscrupulous people who have also been waiting for this moment: the scammers hoping to cash in on a share of the estimated £8 billion that’s spent by consumers at this time of year.

No one wants to be a victim of fraud. But we've got good news: it’s usually straightforward to recognise these criminals’ sneaky tactics – when you know what you’re looking for. That’s why we’ve put together this guide to the most common scams and security risks around this peak shopping week, and some advice on how to avoid them. Because forewarned is forearmed when you’re watching the pennies.

Be wary of suspiciously good Black Friday deals

Discounts and markdowns are the biggest incentive to shop on Black Friday and Cyber Monday, but when you spot a big-ticket item going for a price that seems too good to be true, there are a couple of ways to double-check it’s the real deal.

Phishing sites are designed to mimic familiar brands and sites – and once you’ve “purchased” something from there, the scammer will have captured your payment information. Before you share your credit card details, check that the site’s URL is legitimate (often fake sites will operate by changing a single letter of a well-known website). Most importantly, look out for a URL that begins with “https” and that contains a padlock icon in the browser address bar.

The other tell-tale signs of a phishing site: poor spelling and grammar and questionable links included in the text, as well as the absence of a “contact” page or social media channels. Scammers are also increasingly using instant messaging, so if you receive a link via text message to explore an incredible deal, visit the retailer’s website rather than clicking on the link provided.

Father and son sitting at laptop buying something online

Don’t fall victim to fraudulent ‘vishing’ calls

A “vishing” scam is where a fraudster impersonates a company over a phone call, with the goal of tricking victims into sharing one-time codes, credit card numbers, bank account details, passwords and other sensitive information. Scammers may try to take advantage of Black Friday to ramp up these calls – pretending that they’re getting in touch from O2 to offer benefits such as timely discount codes and free gifts.

First things first: don’t be fooled by the caller ID (vishers can make it look as though they’re calling from O2 when they’re not). If someone rings you and claims to be part of our team, you may then receive a text that tells you a one-time passcode has been requested. This means the scammer is trying to access your account with us. Remember, we will NEVER ask you for one-time passcodes, passwords, PINs or bank details over the phone. If you get a call like this, report it by texting the details to 7726 for free (see the Ofcom website for instructions) and tell us about it straight away. 

Rogue order or delivery information

Look out for rogue order or delivery confirmation messages

Scammers exploit this busy shopping period by issuing fraudulent emails and messages about your shopping accounts, billing errors and missed deliveries. It’s easy to fall victim to these often-plausible messages that deploy familiar logos and email formats. Clicking on a link masquerading as a delivery or billing request often leads you to a phishing site or causes malware to be loaded on to your device. 

The best prevention is to be suspicious of any email or message with an address unconnected to the retailer that it’s supposedly coming from. And remember, if you’re concerned about the delivery of your purchase, you can always retrieve the tracking details from the confirmation email or message in your own inbox.


Credit card in hard and laptop on lap

Protect your payment information

When it comes to suspicious messages, a link or message requesting your payment details is a huge red flag. A legitimate retailer will not ask you to provide personal information or payment details via email or text message. You can always follow up directly with the company if you’re in any doubt.

When you do need to make a payment online, many retailers use a trusted payment gateway – a secure intermediary platform between the business and the shopper, such as PayPal or SecurePay. These payment service providers will encrypt your payment details and are required to adhere to high standards of security.

Safe ways to browse online on Black Friday and Cyber Monday

The first rule? It’s best to shop at home or in a place with a secured Wi-Fi network. Public Wi-Fi can be handy for some things when you’re out and about, but using unsecured networks to shop is never the best practice. You might fall victim to a “malicious hotspot”, where scammers can hack your device to steal banking information and passwords or install malware.

Your personal information is just as valuable as your bank details to a cybercriminal as they can use your data for identity theft. When you create accounts with online retailers and other sites, it’s a good idea to vary your passwords so a scammer won’t be able to access all the accounts on your device if they manage to hack one of them.

And finally, be sure to keep the software and browser on your devices up to date. Often updates include security patches that will help ensure your equipment is safe, while browsers can block malicious links before you even see them.

Published: 06 Nov 2023