Black Friday Shoppers Beware

Bogus retail sites, extreme discounts, busy hackers

The National Retail Federation expects 115 million physical shoppers to be out on Black Friday, and cyber crooks want a part of the action. Last year, researchers discovered nearly 20,000 URLs using the words “Black Friday” and promising huge discounts with links to malicious web pages. Along with the fake URLs, there were nearly 770,000 financial phishing attack attempts.

Black Friday scams include bogus high-end retailing websites that promise discounts on knock-off items, to malicious websites that steal your credit card and personally identifiable information.

The phishing emails disguise themselves as well known, trusted brands offering expensive merchandise at a much lower cost, knowing that people are looking for good deals and price wars. The information security site, Dark Reading, cites this ad from last year:

Bogus Ray-Ban 80% Discount Sale

This bogus Ray-Ban landing page link,, showed up at the top of Google searches when Ray-Ban and Black Friday were entered as keyword searches. Once shoppers clicked, they were directed to a fraudulent, authentic-looking page that included user reviews. 

Avoid the Bait

How to avoid getting hoodwinked?  Here are some tips:

  • One clue the site may not be legit is to look at the URL. In this case, the website claimed to be the official Ray-Ban site, but the URL was Always doublecheck by conducting a search for the company using its full name.
  • Hover over any links to see if a different name or words come up, unconnected to the site you are visiting. For websites you visit frequently, save the real websites in your favorites and browse there to avoid ending up somewhere dangerous.
  • Watch out for a domain with a few extra words in its name. Past examples have included Amazonsecure-shop, Target-officialsite and
  • Watch out for misspellings: Walmaart, Yahooo,, etc.

Social Media

On Twitter, cyber thieves use “URL shortening” services to disguise phishing URLs. As a result, a very short URL can be used to  redirect visitors to a longer “hidden” URL on Twitter.

Then there’s Facebook. The number and variety of scams are too many to list. For a glimpse, check out

More important, outsmart the cyber crooks. Become aware of their tricks to avoid them. The Summit Security Awareness Service goes beyond training to make security awareness an embedded habit. Also check out our “Phishgoggles” Twitter page to find out how to stay out of a cybercriminal’s sight – and have a happy holiday season!


On Key

Related Posts

Prioritize IT Gaps – Jan 2022

Technology Gap Review- Going beyond Cybersecurity Today’s technology-based businesses must deal with multiple issues, including cyberthreats, head-to-head competition and regulatory compliance. Hence, keeping your technology infrastructure up to date is

CMMC 2.0

CMMC 2.0

CMMC 2.0 What are the changes to CMMC In January of 2020, the DoD issued a new standard that the Defense Industrial Base (DIB) needed to adhere to be eligible

Multifactor Authorization and YOU

What is Multi-Factor Authentication (MFA)? MFA is a security measure that requires multiple types of credentials to verify a user’s identity prior to accessing an account or system. When a