How to spot scam websites on Black Friday and Cyber Monday

Discover how to spot scam web­sites this Black Friday and Cyber Monday with advice and tips from F‑Secure’s team of cyber security specialists.

Cyber criminals set up scam web­sites for a variety of reasons — such as a way of installing malware, phishing for your details, or undertaking one of many online shopping scams — and they are unscrupulous about using any tactic to do so. These threats are present throughout the year but tend to spike around Black Friday and Cyber Monday, as millions of people around the world are looking for the best online bargains.

Cyber criminals focusing on ecommerce will use a combination of many tactics to get you to click on a URL, including social media offers and promotions, text messaging scams, and email phishing campaigns. These scammers can even manipulate search engine results, getting their scam web­sites to the top of a results page via techniques known as SEO poisoning or spamdexing.

If you click on a link to one of these scam sites then you may end up paying for a poor-quality product, getting the wrong item or receiving nothing at all. And, in other cases, you could end up with hard-to-cancel or recurring credit card charges, or even fall victim to identity theft.

Scan the site for free with F-Secure Online Shopping Checker

Whenever you are making an online purchase from a shop you don’t know, first check the site with F‑Secure Online Shopping Checker. The tool includes relevant safety information about millions of online shopping sites. With it you can get a free safety check in just seconds. The tool gives you a good over­view if the web­shop is safe or not, likely saving you from a lot of hassle with ensuring safety by other means.

And yes, the tool is free to use, with no strings attached. And it looks into multiple safety factors, such as how new the site is, where it is hosted, what kind of reviews and comments about it exist online, and many other technical aspects that can be hard to spot otherwise.

Do not rely on the closed lock icon

According to Google research almost half of us (44%) use the lock icon as to check a site’s trustworthiness. And this recommendation is regularly shared by security experts. However, this is now outdated advice.

The closed lock icon indicates that a site uses a digital SSL (Secure Sockets Layer) certificate to encrypt data between two points. But what it doesn’t do is indicate whether you can trust a site. And the Anti-Phishing Working Group (APWG) says that 83% of phishing sites now use SSL encryption and display a closed lock icon.

As a result of this misunder­standing, Google has announced that it will be removing the lock icon from the Chrome browser (version 117), due for release in early September 2023, where it will be replaced with a new tune icon.

We redesigned the lock icon in 2016 after our research showed that many users misunderstood what the icon conveyed, Google said in a blog post. Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunder­standing is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon.

It isn’t all bad news in the world of browser security, though. The closed lock icon that you see in your browser may not be an effective way to tell whether a site can be trusted, but many browser manufacturers provide other ways to check a site’s validity. For example, Google uses a tool called Safe Browsing to detect unsafe sites, and display appropriate warnings. And Google’s Safe Browsing API is also used by Mozilla’s Firefox browser to detect potentially harmful sites.

Pay attention to browser warnings

Another way to avoid scam web­sites is to stick with retailers that you know and trust. It can be tempting to click on a great offer from an unknown seller, but the reality is that the majority of the best Black Friday and Cyber Monday deals will come via shopping sites that you’re already familiar with.

Top shopping sites are usually well known and trusted by many users, they have large user base and positive reviews from the users. Sticking with the trusted retailers that you have made purchase before is always a good start, said Sarogini Muniyandi, Senior Manager, Threat Protection Engineering at F‑Secure. Always ensure you know it’s a legitimate shopping website before placing an order. A little research about the website could potentially safe you from falling victim to an online scam.

Resist too-good-to-be-true offers

Black Friday and Cyber Monday deals don’t just make money for retailers, they also bring in huge revenue for online publishers that take a small, affiliate payment for every click they send to the likes of Amazon. Type Black Friday deals into Google, and you’ll see many of your favourite magazines and blogs promoting their lists of the best offers. This means that you can find all the best deals via publishers and retailers you already know and trust.

If the online shop’s prices are too good to be true, they probably are, said Mika Lehtinen, Director, Research Collaboration at F‑Secure. Legitimate shops tend to sell products at competitive prices. Fake shops may offer products at prices that are noticeably lower than the prices of legitimate shops to lure people in to make a purchase. If you encounter a shop with exceptionally low prices, pay extra attention to other potential indications of a scam.

Think about how you got there

Be especially careful about sharing personal information such as usernames, pass­words, and card details with sites that you’ve visited via offers and promotions within social media platforms.

There is an amplification of new scam shopping sites using social media, said Ash Shatrieh, Threat Intelligence researcher at F‑Secure. The use case is simple [and can also be legitimate]: a small shop owner or an influencer starts serial stories, such as Post this story and tag 3 of your friends to win xyz promoting their site. The problem with this approach is the rapid reach it creates. For a good-looking deal a social media post can reach thousands of people. And if it includes a fake website, it might trick users into handing out their card details.

By using tools such as Google’s Safe Browsing technology and F‑Secure’s Browsing Protection (which prevents you from unintentionally accessing harmful URLs), and by following the advice of F‑Secure’s experts, you will greatly reduce your risk of falling victim to scam web­sites this Black Friday and Cyber Monday.


Avoid scam shopping sites with Total

F‑Secure’s Browsing Protection (included in Total) enables you to evaluate the safety of web sites and prevents you from unintentionally accessing harmful URLs.

  • Quickly identify safe sites in your search results

  • Block scam web­sites automatically

  • Get feed­back on potentially harmful sites with safety ratings

Read more about Total