Protect yourself from Black Friday scams

Black Friday is a chance to snag great deals, but occasionally, those tempting offers are not as fantastic as they seem. Amid the excitement, don’t get so carried away that caution flies out the window. Being too eager to buy could end up costing you more than you bargained for.

Scammers are experts at seizing every chance to make a fast profit, using sophisticated techniques that can fool even the most cautious shoppers in the frenzy of a shopping spree. Protect yourself from fraud – especially when you shop online.


Watch out for fake websites

Opportunists are setting up fake websites that copy famous, reliable ones. They imitate the brand’s look and products, promoting sales that appear to be fantastic deals. To increase the pressure to buy without examining the site more closely, they might use urgency tactics like a notice that says, ‘sale ends in 1 hour’.

In the rush to grab the deal, you might buy the item, enter your payment details and pay at checkout. The scammers then have your money, but what’s worse is that they also have all the banking information that you entered on their fake page. They can use this info to make fraudulent transactions from your accounts, or to steal your identity. So, to avoid being taken for a ride, the first rule is to make sure you’re shopping at the online store you think you’re shopping at.


How to spot a fake website

Signs to help you spot a fake website:

Discrepancies in URL Watch out for subtle misspellings or variations in the website address. Scammers often use these tricks to create URLs that look like the real deal.

Misspellings or variations Pay attention to any misspelt words or content variations on the website. These can be red flags signalling an attempt to mimic a trusted site. Sites using the Cyrillic alphabet can create convincingly fake addresses – this webpage explains how to spot the frauds.

Unusual domain endings Be wary of websites with uncommon or suspicious domain endings. Legitimate businesses usually stick to well-known standard domain extensions. Be wary of domains ending in .xyz, .info, .online, or similar unconventional choices. Legitimate businesses usually prefer more reliable, familiar extensions like .com,, or country-specific variations.

Poor website design Be sceptical of poorly designed websites. Scammers might not bother creating a professional-looking platform.

Low-quality graphics Check the quality of images and graphics on the site. Fake websites often use low-resolution or stolen images, indicating a lack of authenticity.

Inconsistencies in layout Look for irregularities in the layout, like mismatched fonts or uneven spacing. These reveal a lack of attention to detail, a common trait in fraudulent sites.

Page contact details Most fraudulent sites omit or have minimal contact details. Some reputable sites also have limited contact options, but they should at least provide external links to social-media pages.

In cases where none of these signs are apparent, the safest approach is to call the company and confirm their official website details directly. Alternatively, you can use browsers like Google or DuckDuckGo, which typically display a company’s phone number, website and locations at the top of the screen. It’s also a good idea to type a web address into your browser bar, rather than clicking on links.


If you’ve fallen victim to a fake shopping website, take immediate steps to protect yourself


How to verify a website URL

Popular web browsers come equipped with safety features to enhance your online security. These tools can put a stop to pesky pop-ups, prevent websites from tracking your activities, disable Flash, block harmful downloads, and regulate access to your webcam and microphone. Take a moment to review and adjust your browser security settings:

  • For Chrome: Navigate to Settings Advanced Privacy and Security.
  • For Edge: Visit Settings Advanced settings.
  • For Firefox: Click on Options Privacy & Security.
  • For Safari: Go to Preferences Privacy.
However, these settings safeguard you mostly from viruses, malware and unauthorised background data collection. When it comes to willingly providing personal and banking information on a site you believe to be trustworthy, the process becomes a bit more complicated.
Computer security software company McAfee advises online shoppers to:
  1. Check the padlock in the address bar Examine the web address for any anomalies or mistakes. A suspicious appearance could indicate a fake site. Click on the padlock symbol in the address bar, but exercise caution as scammers may attempt to replicate it.

  2. Verify the website’s trust seal Some websites display a trust symbol to indicate their safety. Click on it to confirm its authenticity and ensure it redirects to a legitimate confirmation page.

  3. Use the Google Transparency Report Use this Google feature to determine a website’s safety. Be wary if a warning appears. Check specific web addresses for potential hacker takeovers.

  4. Check the company’s social-media presence Look at the company’s social-media accounts for real posts and followers. Beware of accounts with no content, fake reviews or suspicious links, as these may indicate a scam.

  5. Review the company’s contact info Make sure that the online store provides a genuine address, phone number and email address. Be careful if emails bounce back or fail to go through.

  6. Analyse the overall look of the website Examine the website’s design for cleanliness and accuracy. A messy appearance, mistakes, or an unusual return policy could signal a potential scam.

  7. Look for company reviews Check for reviews from other customers on platforms like Google, HelloPeter or social media. If most of the reviews are negative, exercise caution, as it might not be a trustworthy place to shop.


What to do if you have been scammed

If you’ve fallen victim to a fake shopping website, take immediate steps to protect yourself. Scammers on these sites try to get as much of your personal information as possible, along with your money. Your private information, such as ID number, home address, phone details, banking IDs, usernames and passwords, are often compromised – they sometimes even request one-time passwords (OTPs) for account access.

After realising that it’s a scam, remain calm but act immediately. Contact your bank, disconnect any associated apps and remove tokens like Google Pay that may be linked to your account. Change your banking IDs, usernames and passwords. If your card and PIN are compromised, cancel them as soon as possible.

You will also need to open a criminal case at the nearest police station. A case number could be required when reporting the fraud to your bank. However, put a hold on your account and cards immediately, even before you get a case number. This quick action helps contain potential damage.

If you suspect fraud or that you’ve compromised your card details, let us know immediately by calling
0800 110 929.