Whilst security measures continue to evolve with the times, ensuring organisations have the most robust Black Friday and Cyber Monday are like the Olympics for bargain hunters—a time to flex your deal-finding skills and snag those once-a-year discounts. But while you’re racing to the checkout, cybercriminals are racing to your inbox, your social media feeds, and your login pages. For them, it’s not just the most wonderful time of the year; it’s the most lucrative.
In the holiday hustle, it’s easy to get caught up in the excitement of “unbelievable” deals. But here’s the catch: if a deal feels too good to be true, it probably is. From fake Black Friday sales to phishing attempts masquerading as Amazon shipping updates, the scams are as plentiful as pumpkin spice lattes in November.
The stakes aren’t just personal; businesses are at risk too. If your staff are shopping for personal deals on company devices or logging into work emails on personal devices, your entire organisation could be exposed. Here’s how to spot the scams, protect your business, and shop smart this holiday season.
What is Black Friday & Cyber Monday?
Black Friday, the day after Thanksgiving, has become synonymous with deep discounts and frenzied shopping. Cyber Monday, the online counterpart, follows just days later, catering to digital shoppers with exclusive e-commerce deals. Together, these events mark the start of the holiday shopping season and drive billions in online sales.
However, the chaos of these shopping days also creates a perfect storm for cybercriminals. With inboxes flooded with promotional emails, shoppers are more likely to fall for phishing attacks, fake ads, and fraudulent websites. For businesses, this isn’t just a consumer problem—it’s a cybersecurity issue that could put sensitive company data at risk.
What are the top scams around Black Friday?
Cybercriminals leverage the frenzy of Black Friday and Cyber Monday to deploy a variety of scams. Here are the most common ones to watch out for:
1. Phishing Emails
Fake Black Friday sales and phishing attacks surge during this period. Cybercriminals send emails that mimic legitimate retailers like Amazon, claiming that there’s an issue with a recent order or offering an irresistible deal. These messages often include links to phishing scam websites designed to steal login credentials, payment information, or other sensitive data.
2. Impersonation Attacks
In a business context, employees may receive emails that appear to come from a senior decision-maker, such as a financial controller, instructing them to make a payment or purchase. These impersonation attacks prey on the urgency and chaos of the season, leading to unauthorized transactions or data breaches.
3. Fake Social Media Ads
Social media platforms are rife with advertisements for products at unbelievably low prices. Many of these ads direct users to fraudulent websites that either steal payment details or deliver counterfeit goods—or nothing at all.
4. Fake Checkout Pages
Phishing websites that mimic popular retailers’ checkout or login pages are another common tactic. Shoppers may unknowingly enter their credentials into these fake pages, handing over their information to cybercriminals.
5. Amazon Black Friday Scams
As one of the largest online retailers, Amazon is a frequent target. Scams often involve fake invoices, shipping confirmations, or account alerts claiming suspicious activity. These phishing attempts aim to trick users into clicking malicious links or revealing their account details.
Why is this a problem for businesses?
While these scams primarily target consumers, businesses are not immune. Though no one would ever admit it, lots of employees will shop online during the work day. And in lots of cases, they’ll be doing so on company devices. So why is this something that businesses should be worried about?
- Personal Shopping on Work Devices: Using company devices for personal shopping increases the likelihood of downloading malware or visiting phishing sites, potentially compromising the organisation’s entire network.
- Access to Work Data on Personal Devices: Employees shopping on personal devices that have access to company emails or systems—such as through remote work setups—create an entry point for cybercriminals.
- Phishing Risks for Businesses: A single employee falling for a phishing email can expose sensitive company data, from financial information to login credentials for critical systems.
- Loss of Productivity and Funds: Impersonation attacks aimed at businesses can result in unauthorized financial transactions, fraudulent purchases, or disruptions to operations.
How to stay ahead of cyber threats
Preventing Black Friday fraud and Cyber Monday scams requires both awareness and proactive measures: it’s all about making sure your focus doesn’t slip. Ever. So here’s a few ways to protect your business and your employees:
- Educate Staff with Security Awareness Training: Ensure your team understands the risks associated with holiday shopping, including phishing emails, fake ads, and impersonation scams. Cyber Security Awareness offers specialised training modules to help employees spot threats, such as AI phishing scams and fake calendar invitations.
- Enforce Clear Device Policies: Discourage employees from using work devices for personal shopping and vice versa. Ensure that company devices are equipped with up-to-date security software and restrict access to sensitive systems from personal devices.
- Verify Communications: Teach staff to verify all unexpected requests for purchases or payments, especially those appearing to come from senior decision-makers. A simple phone call to confirm can prevent costly errors.
- Monitor Network Activity: Implement tools to detect unusual activity on your network, such as attempts to access sensitive systems from unrecognized devices or IP addresses.
- Be Wary of “Too Good to Be True” Deals: Remind employees to avoid clicking on suspicious links or ads, especially those promising unbelievable discounts. Encourage them to shop only on verified retailer websites.
For a comprehensive approach to staying secure this holiday season, explore our Security Awareness Training and Testing service. With new training modules covering threats like QR code scams and deepfake phishing, you’ll ensure your team is prepared to recognize and respond to evolving cyber threats.
