Cyber Monday scams: shopping’s biggest day of the year is a free-for-all for online thieves


Since officially entering our lexicon in 2005, Cyber Monday has in many ways whizzed past Black Friday to become the year’s #1 shopping day.

Already in the Christmas shopping mindset and fresh off a long weekend, marketers noticed many consumers were making a large amount of purchases sitting in the office, browsing the web, struggling to get back into work mode.

In response, businesses took advantage of the pattern and built an entire holiday around encouraging online purchases and extending the Black Friday shopping boost through the weekend and into the following week.

Twelve years later, over half of Americans still say they prefer good old-fashioned brick-and-mortar Christmas shopping, but as a 2016 Pew Research study found, as many as 79% of Americans now shop online.

For these Americans, Cyber Monday is king: all of the absurd deals of Black Friday PLUS free shipping and the freedom to search for the perfect gifts while sipping coffee in your pajamas, watching news stories about the stampedes at your local mall the Friday before. Last year, all the perks of Cyber Monday combined to create a record-breaking $3.45 billion in sales.

But with 8 in 10 Americans embracing the online swipe, and billions of dollars up for grabs in a single day of online traffic, to online thieves, the internet on Cyber Monday is like a watering hole in the middle of summer on the Serengeti.

And the scammers are the lions.

How are they doing it? By using the same tricks and techniques cyber scammers always use–except today, they’ll be out in force to intercept the glut of inexperienced online shoppers with large Christmas funds who might only make an online purchase once or twice a year.

They’ll also be relying on shoppers’ expectations of finding phenomenal deals left and right–deals that we might deem “too good to be true” on any ordinary Monday.

On Cyber Monday, online shoppers are much easier to tempt, less apt to find an offer suspicious, eager to take advantage of a short-lived deal, and much more likely not to notice the tell-tale signs of a dupe.

But as we said, the cons they’ll pull are nothing new. As with any other shopping day, you have to know what those cons are and how to avoid them–the only difference is there are more of them and the urge to gamble on a really sweet deal is a little stronger.

Fake websites. These could either be phony versions of legitimate online business pages or totally bogus business sites altogether. You can usually spot these because they…just look…bad. Horrible graphics, sloppy organization, janky user interface, dead or broken links, and more spelling errors than an elementary English teacher can shake a yardstick at.

But not all of them will be readily identifiable–in fact, some scammers can replicate a legitimate business’ site right down to the logo and brand colors. In these cases, the site may look spot-on, but the URL might be slightly off. For example, a scammer might pass a “rn” off as a “m” (“” instead of “”) or a “1” as a “l” (“” instead of “”).

Typically, to get shoppers to navigate to these fake versions of sites, the scammer will need to get the fake link to the shopper through an email or a pop-up ad. To avoid this trap, always type the trusted retailer’s URL directly into the address bar of your browser, and don’t visit sites through unsolicited links.

Pop-up ads and windows. Don’t click pop-ups.

Not even if they say they’ll give you a coupon. Not even if they offer you a free trial of a service you might want to use. Not even if it says your Flash is out-of-date. Not even if it looks just like a Windows operating system alert. Not even if it says YOUR SYSTEM IS INFECTED WITH MALWARE!!! (especially if it says this). Not even if it says you’ve been randomly selected and you’ve won a prize. Not even if it says the Federal Bureau of Investigations is screening your computer because it was recently used to look at questionable content and now you’re in really big trouble.

Just don’t click them. Don’t do it. Seriously. If you have a question about whether the content in the pop-up is legitimate, navigate directly to the trusted site and see if you can find more information there.

But don’t click the pop-up. Get an adblocker to help with limiting the amount you see these.

Don’t shop on public WiFi. Man-in-the-middle attacking is very common on public hotspots someone might use in a restaurant, café, large retail store, or shopping mall. This type of attack allows a thief to position himself between you and a legitimate recipient, like an online store, and intercept all of the data you and the target send back and forth, including names, addresses, and credit card information.

But this is just the start of how a thief can wreck you via an unsecure public WiFi connection. So don’t shop on a public connection ever. Save all of your digital purchases for at home on a connection you trust.

Fake phone apps. If you use store apps or shopping apps to do your online shopping this year, be on the lookout for fake phone apps. Once downloaded, these apps are nothing more than malware and skimmers, swiping any information you have stored in your phone or enter into your phone later when making future logins or purchases.

These apps will also often ask you to log into your social media or other online accounts to proceed with use–don’t ever log into anything that prompts you to use your unrelated social media, email, or bank credentials in order to proceed with using the service.

These are just some of the biggest things to watch out for as you shop today and the rest of the holiday season, but the list could go on and on.

Here are some very helpful videos about other risks and red flags you can be watching out for as you do your Christmas shopping online:

Leave a Reply