· 2 min readsecurity

Don't Let Black Friday Turn Into a Phishing Trip

A few practical habits to avoid scams during the Black Friday and Cyber Monday shopping rush.

Tomorrow kicks off the annual retail chaos, and with it comes the annual wave of scams. Every year around this time, security researchers and consumer groups flag a sharp spike in phishing emails and fake e-commerce sites designed to catch people while they’re distracted, rushing, and primed to click “buy now” without thinking twice. It happens every single year, and every single year people still get burned. So let’s talk about how not to be one of them.

The core problem is that Black Friday and Cyber Monday create the perfect psychological conditions for scams to work. You’re bombarded with emails promising doorbusters and flash sales, everything feels urgent and time-limited, and you’re clicking through offers faster than you normally would. Scammers know this and lean into it hard — spoofed shipping notifications, fake “your order could not be processed” emails, too-good-to-be-true deals from retailers you’ve never heard of. The formula barely changes year over year because it keeps working.

A few habits that actually help

First: check for HTTPS before you enter any payment information. It’s not a perfect signal on its own anymore since scammers can get certificates too, but the absence of it is still an instant red flag. If a checkout page isn’t secured, close the tab.

Second, and more important: don’t click links in promotional emails to get to a retailer’s site. Instead, open a new tab and type the URL yourself, or use a bookmark you already trust. This one habit alone kills most phishing attempts dead, because the entire scam depends on you clicking their link rather than navigating there independently. A fake email that looks identical to a real Amazon or Target notification is useless if you never click through it.

Third, pay with a credit card, not a debit card, for anything you’re not 100% sure about. This matters more than people realize. Credit cards give you real fraud protection and chargeback rights — if something goes sideways, you’re disputing a charge, not trying to claw back money that’s already left your checking account. Debit card fraud can tie up your actual cash while the bank investigates, which is a much worse position to be in.

None of this is exotic advice. It’s the same three things security folks repeat every November, and the reason they keep repeating it is that the volume of scam traffic during this specific week is genuinely higher than the rest of the year. Fake storefronts spin up, phishing kits get updated with holiday branding, and inboxes fill with urgency-driven bait. You don’t need to be paranoid about every email or every deal — just skeptical enough to type URLs yourself, glance for the lock icon, and reach for the credit card instead of the debit card when it’s a site you’re not fully sure about. That’s basically the whole checklist, and it covers the overwhelming majority of what goes wrong this time of year.

Enjoy the deals. Just get to them on your own terms.

Related posts

On this day in other years

Latest on Daily Signal

All posts →