Skip to content
Naked Security Naked Security

Black Friday – stay safe before, during and after peak retail season

Yes, we give Black Friday tips every year - but that's because they're worth doing every year!

It’s three weeks until US Thanksgiving, which happens on the fourth Thursday of November.
As readers around the world now know, the day after Thanksgiving – the “bridge day” that many Americans take as a vacation day to create a long weekend – is popularly known as Black Friday.
To be clear, that’s black as in ink, a metaphor from the days when accountants wrote positive balances in black and negative amounts in red ink.
(To be “in the red” therefore meant to be in debt – still does, in fact, although it’s well before all our lifetimes that anyone actually dipped their quill in a pot of red ink to make the point.)
The day after Thanksgiving became known as Black Friday because it was a day on which so much retail trade was done that many retailers, in a good year at least, would make enough money to bring their annual trading accounts into the black, leaving them with the rest of the Christmas shopping season to make their profit for the year.
As a result, Black Friday is now synonymous with massive sales, huge discounts, and some amazingly good deals, notably on tech gadgets.
Unsurprisingly, however, it’s also a time to be alert for “deals” that are no such thing.
If you’re incautious in your zest to score a “bargain”, you might not only lose your money on an item that never shows up, but also get phished or scammed out of your credit card number, passwords or other personal information.

Grand Day In

Traditionally, Black Friday meant a day out, spent in retail stores – perhaps even a day including a spot of biffo as rival customers fisticuffed their way to the front in shops that had extreme bargains on offer.
But more and more of this seasonal buying has moved online over the years, and online Black Friday trading will be huge in 2020, especially in areas where coronavirus lockdowns mean that many stores can only take orders over the internet, even if you’re allowed to show up later to collect them.
Additionally, with Black Friday now popular not just in the US but all over the world, there’s no global Thursday thanksgiving holiday that ties Black Friday to a specific Friday, or even to a Friday at all.
So we now have retail sales billed with linguistically curious names such “Black Friday week” and even “Black Friday month”, with deals vigorously advertised before, during and and after the actual US Thanksgiving weekend.

What to do?

Every year, as you can imagine, Naked Security gets asked, “What should I do about this? Will I be more at risk online than at other times of the year? How can I take advantage of the many genuine bargains that show up, without getting suckered by fake offers and scammers?”
The bad news is that if you’re at risk of being scammed on Black Friday itself, then you’re at just as much risk on every other day of the year, and you need to do something about that.
But the good news is that anything you do to boost your cybersecurity because of Black Friday is worth doing anyway.
In other words, if the prospect of snapping up bargains in Black Friday sales is the impetus that makes you want to improve your cybersecurity situation, we think that’s great!
After all, cybercriminals don’t care whether they steal your credit card details or phish your email password on Black Friday, Green Saturday, Red Sunday, Mauve Monday or Taupe Tuesday.
Furthermore, the crooks aren’t going to wait until Black Friday itself to try to scam you, and they aren’t going to stop their criminality when Black Friday is done.
Having said that, Black Friday deals can look so competitive (in theory, at least) that many of us may be more willing, at this time of the year, to take risks buying via on-line merchants we’ve never heard of before.

Six tips for safety

Here are six tips to stay safe online, whether you’re shopping for bargains because it’s Black Friday season, or shopping online because that’s become an unavoidable part of your 2020 lifestyle.

  • TIP 1. Write down contact details for your financial providers. It’s just a few minutes’ work to make an old-school written copy of the emergency contact numbers and email addresses for organisations such as your bank, card issuer or insurance company. That way you will have access to them even if you lose your payment card or your phone gets stolen. Make sure you never need to rely on contact details that arrived in a message from someone else – after all, if the message was fake, the number or email address will be fake too and will lead you straight back to the crooks.
  • TIP 2. Learn about account lock features offered by your bank or card issuer. These days, many banking apps have a “quick lock” option that allows you to freeze and unfreeze access to your account or payment card in seconds. In an emergency, such as if you think you put your card number into a phoney site or you misplace your card, you can block access to it right away, even before you call up to ask the bank for advice. (And see tip 1.)
  • TIP 3. Learn how to clean up your browser’s autofill storage. Modern browsers try to help you by automatically remembering and storing details such as passwords, credit card numbers and even addresses. In many browsers, these autofill features are turned on by default, which may not be what you want. Learn how to review how much personal data your browser has kept up its sleeve in case you need it again. You may find that you want to delete some of it so that it’s no longer in what’s often called “near on-line” storage. (See below for where to look in various browsers.)

To check up how much your browser is saving for convenience when you browse, look through the Settings or Preferences screens from the browser’s main menu. In Firefox, check Preferences > Privacy & Security > Forms and Autofill. In Chrome/Chromium, see Settings > Autofill. For Safari, go to Settings > Safari > Autofill. In Edge, look at Settings > Profiles > Payment info.

  • TIP 4. In the US, learn how to apply a credit freeze. The US and some other countries require credit reporting agencies to let you apply a so-called “credit freeze”. Simply put, this stops anyone from doing a credit check on you, which will stymie any attempt to take out a loan or get credit in your name. Of course, the freeze also applies to you yourself, so if you want to take out a loan you will need to unfreeze first. But that extra hassle can be well worth the peace of mind of knowing that you have made it much harder for the crooks to suck you into debt without you even realising.
  • TIP 5. Consider using a pre-paid debit card for one-off purchases. If you’re determined to purchase from a retailer you don’t know much about, a low-value pre-paid debit card can help you limit your risk. A $50 pre-paid card, for example, reduces your exposure to that very $50 amount (when the money is gone the card simply stops working), and isn’t linked back to any of your other accounts.
  • TIP 6. Turn on 2FA wherever you can. 2FA, short for two-factor authentication, usually refers to those one-time login codes that you need to type in together with your username and passord when logging in. This can be annoying at times, and it means that you can’t login on your laptop if you don’t also have your phone handy, because most services rely either on a one-time text message to your phone, or a special mobile app, for supplying the needed codes. But that small extra hassle for you makes it very much harder for the crooks to mess with your accounts, even if they figure out your password. (And see tip 4.)

By the way, be especially careful with your email account, by choosing proper passwords and using 2FA if you can (see tip 6).
These days, many of you probably don’t make much use of email in your day-to-day life, preferring app-based instant messaging services instead, such as WhatsApp, WeChat, Instagram, Signal and Telegram.
But your email account is still likely to be the channel for password resets on many of your other accounts.
In other words, crooks who take over your email account can not only prey on your friends and family under cover of your identity, but also attempt “account resets” for many of the other online services you use.

Three simple sayings

Here are three simple sayings that you can repeat to yourself out loud, just to slow yourself down a bit before you commit to on-line transactions you might later regret:

  • If in doubt, don’t give it out.
  • Be aware before you share.
  • Stop. Think. Connect.

And remember that if it seems too good to be true, it is too good to be true, so if you have a hunch that what you’re looking at is a scam, back yourself: it IS a scam!


3 Comments

In the US, due to various regions being under different levels of lock-down (or lack thereof) or government-imposed limits on the number of people that can be in an establishment at any one time, many larger retailers are having multiple Black Friday sales throughout the month, instead of just one big blowout the extended weekend of Black Friday. This can make determining which deals are real and which are scams even more difficult.

Rather than pre-paid debit cards, consider “virtual” credit card numbers. Many CitiBank credit card accounts let you get single-vendor “card” numbers to use for online or phone transactions. I love being able to set the credit limit and expiration date. (Bank of America used to have ShopSafe, similar, but they quit.)

I suggested pre-paid cards because, unlike a credit card, you there is no “credit limit” to worry about (your balance is either positive or zero) and the card is insulated from any of your accounts. The disadvantage, at least in the UK, is that you pay about 104% of value on the card to buy it, and because of money laundering laws you [a] can’t have more than £100 on any one card and [b] can’t recharge them when they get close to zero, so you may get stuck with a small amount left over on each card.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?