Individual PrivacyMobiles, Laptops & Gadgets

Holiday Shopping Online: Safety on Black Friday, Cyber Monday

Santa watching Black Friday tv commercial

Security Bloggers Network 

Holiday Shopping Online: safety on Black Friday, Cyber Monday.

by Lohrmann on Cybersecurity on November 20, 2022

What are the latest online security tips as we head into another holiday season? What’s the best cyber advice, and what shopping trends should you watch out for?

Two years ago, as we were heading into the first holiday season in a century, everything about shopping was different. At that time, I wrote a post about how I was going to turn Black Friday into Cyber November.

“Move over Black Friday and Cyber Monday, because our global pandemic is changing our new normal — again. In 2020, holiday shopping is more virtual than ever, with deals coming earlier in November. This year, many experts are predicting that more people than ever will be heading back to the malls, toy stores and enhanced in-person shopping to experience the music and atmosphere that they missed during the pandemic. “Several major retailers including Walmart are directing the majority of their holiday hires to work on store floors this year as Americans shift to shopping in-person rather than mostly online,” a Reuters story says.
I have noticed that where I live in Michigan I am receiving many deals offers through the U.S. mail from various stores that are not available online but as “in-store only” deals on Black Friday — just like it used to be a decade ago.

Everyone wants to hang out at the malls again, according to Refinery29 back in March. What’s going on? There is a nostalgia factor at play here as well. When the biggest decision facing us on a Saturday afternoon was: Should I get this crewneck in blue or purple, instead of: Should I get the Pfizer or Moderna booster, we are all in need of a simpler time.

But regardless of what type of shopping you are planning to do this year, how can you stay safe?


Here are some online shopping tips from industry experts:
Eleanor Barlow, content manager at SecurityHQ, offers these tips:

1 Be calm.

If something seems too good to be true, it probably is. While Black Friday deals can offer huge discounts that are genuine, people still need to make money. Anything ridiculously cheap is a red flag.
What to look for:

  • It is worth checking the reputation score of retailers via sites like Trustpilot to determine if that retailer can be trusted.
  • A website with no company address, descriptions or specifications on items are all red flags. Look for the details. And do not base purchases solely off star ratings, as these can be fake.
  • Pop-ups that offer free electronics are one of the obvious scams, containing malicious phishing links, and should be avoided at all costs.
  • Read the small print. Often cons are perfectly visible if you know what to look for. Like seeing a picture of a laptop being advertised, going to buy said laptop for a reduced rate without reading the small print, and receiving a literal picture of a laptop in the post. The devil is in the details. See this post to find if there is a malware in your phone.

There are two. You can useReputable websites.

Tried and Tested — using websites that are globally known, such as Argos, Amazon and Curry’s, is a good way to avoid any nasty surprises. Even if it is a couple of pounds more, it is worth knowing where your money is going and that your purchase will be tracked and delivered.
Use antivirus software that will warn you of potentially dangerous sites in search results as well.
Look for suspicious emails, as well as suspicious calls and text messages. Never click on a link you are unsure of, and never provide personal information over the phone.

See this post to identify and mitigate various kinds of scams online

It was 3. Pay stop, look and check

Check for the padlock icon when at the checkout. Secure Sockets Layers (SSL) are used to ensure data is encrypted before being transmitted across the web. It is also an indication that an organization has been verified. Keep an eye out for HTTPS in the address bar rather than HTTP, as this highlights that a site uses SSL.
Make sure the website that you intend to shop on is not a copy of a legitimate one. Verify that the date and name of the organization are consistent with the site you are visiting. And look for typos in the URL. Your best bet is to go directly to the website yourself, and do not access it through links on other sites/emails.
When using public Wi-Fi, use a VPN as the most effective way to stay safe and so that hackers do not steal your personal data while you are on an unsecure network.

See this post to fix your phone completely if its security is compromised

There were four. Delivery times can be check.

When buying a gift, be sure to check that it will arrive in time. Always check the availability of items before you click. Even when parcel tracking is used, check the delivery estimation time and the seller’s recent feedback to see if they can be trusted to deliver your purchases on time.

There are 5 things. Check the box.

Often, valuable products are swapped out for worthless ones. When your parcel arrives, ask the courier to wait a few seconds while you check that the contents are what you were expecting.

Check your bank account.

  • Use a credit card or payment method which offers protection (i.e., PayPal).
  • Check your accounts regularly for fraudulent activity.
  • Only provide enough details to complete your purchase (no extra details required).

John Wilson, senior fellow of threat research at Agari, gives these tips about avoiding online scams:
“Take a minute to pause and check. Before you click on that link with that great savings offer, check the body of the email and the sender information to look for misspellings. Is the email from [email protected], not Do not click on any links but hover over them to see if the URL is correct. Clicking on that offer link may be all it takes to grant a grinch access to personal or business data. If an email receiver does click on the link, it could be an imposter website created by a scammer imitating a trusted brand’s website domain. Make sure the URL in your browser’s address bar matches the brand’s actual website before giving up any personal information such as a username or password. Google it. Type a short description of the situation plus the word “scam.” If you see 40 entries with similar stories, you’ve just saved yourself a lot of hassle. Verify another way. If you get an email from what looks like a trusted organization or contact, verify that it’s real by phone. Just don’t use the number shown in the footer of the email, as fraudsters may have switched out the actual number with their own. If you receive a phone call that’s supposedly from your bank, hang up and dial the number on the back of your card. Report the incident. Criminals count on victims to be too embarrassed or hesitant to report scams. But it’s important to file a police report and notify the Internet Crime Complaint Center ( about the fraud.”


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

See more stories by Dan Lohrmann.

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at:

Lohrmann on Cybersecurity

Related posts
Individual Privacy

AI and Privacy Concerns: What It Means for Your Personal Data

Individual Privacy

Decoding Genetic Privacy: A Guide to Protecting Your DNA Data

Individual Privacy

Demystifying Health and Medical Data Privacy: Ensuring Your Information is Secure

Individual Privacy

Ensuring Privacy in the Age of Social Networking