Online shopping security tips to keep your data safe this Black Friday

Security Response
Nov 15, 2017 · 6 min read

The Christmas ads have started, the streaming services are trying to subtly push us into listening to festive music, and Thanksgiving is just around the corner.

This can only mean one thing: it’s Christmas shopping time.

More of us than ever are now doing our Christmas shopping online — something that isn’t hard to understand when you witness the crowds that descend on shopping malls and department stores the moment Halloween is over.

Shops can be a jungle at this time of year

A study by the Pew Research Center at the end of 2016 found that eight in every 10 Americans (79 percent) had shopped online at least once; 43 percent shopped online a few times a month, with more than half (51 percent) having made a purchase using their cellphone. When the Pew Research Center first carried out research into online shopping in 2000, just 22 percent of Americans had made a purchase online — so this figure has almost quadrupled in 16 years.

Many of the occasional online shoppers — as well as the frequent ones — will be making purchases next week, on Black Friday and Cyber Monday, when both online and brick and mortar retailers slash their prices. While once an almost strictly U.S. phenomenon that coincided with the Thanksgiving weekend, Black Friday and Cyber Monday deals are now offered in several countries.

Cyber Monday broke records in the U.S. last year, and was the biggest day in e-commerce in the country’s history, with consumers spending $3.45 billion online on the day, which was 12 percent more than was spent on Cyber Monday 2015. A number of retail giants, including Walmart and Target, also beat company records for digital sales. Interestingly, online sales on Cyber Monday 2016 were only marginally ahead of Black Friday’s online sales, with some analysts predicting that this year Black Friday, and not Cyber Monday, could be the biggest online shopping day of the year for U.S. consumers.

While these figures are quite staggering, they are actually dwarved by the figures achieved on “Singles’ Day”, Chinese e-commerce site Alibaba’s version of Black Friday. Singles’ Day takes place on 11 November, and this year it generated a mind-blowing US$25.3 billion in sales. This was an increase of 39 percent on last year, with more than 90 percent of purchases made on mobile, according to Bloomberg.

With huge sums of money set to go whizzing through cyberspace over the holiday weekend, it is no surprise that Black Friday and Cyber Monday are of interest to cyber criminals, with stories about scams trying to exploit interest in the two shopping days often being reported alongside the mind-boggling stats mentioned above.

Stay safe when shopping online this year

With people on the lookout for hot deals and cheap offers, it’s a prime time of year for cyber criminals to send out spoofed emails, exploit domains they may have been “cyber squatting” on for a long time, or target businesses that may suddenly be receiving a lot of credit card information onto their servers, as was the case in the Target hack back in 2013, with the malware placed on Target’s servers in the weeks before Black Friday.


With these facts in mind, some tips to follow over the next few weeks (and when online shopping in general) include:

Be suspicious

Don’t click on links in unsolicited emails or on social media posts — type the URL for the website you want to visit directly into the address bar. Also be wary of fake package tracking emails or fake parcel delivery notes that may have malicious attachments that contain malware that could infect your computer. Check the address that the email comes from to ensure it if coming from a legitimate email address before opening any attachments.

Read any URLs you visit carefully

Cyber, or domain, squatting is when cyber criminals buy domains that look similar to legitimate domains in an attempt to fool customers. For example, the domain might just be different by one letter, easily fooling many users. These consumers may then be tricked into entering their personal details and payment information into the false website, delivering it into the hands of the criminals.

Give the websites you use as little information as possible

Obviously, if you’re shopping online, there are certain details you will have to give the online retailer you are dealing with: details such as your name, delivery and billing address, and credit card details. However, be wary of websites that seek lots of unnecessary personal information, and do not supply it if you are not required to.

Check out as a “guest” on websites whenever you can

When you purchase items on a website you are often prompted to set up an account, so that any future purchases will take less time. However, if you are exerting yourself to provide as little information about yourself as possible to the online retailer, then you should check out as a “guest”, without setting up an account, if you can. If you do set up an account then ensure you choose a password that is strong and unique to that account, so that if it is compromised your other online accounts won’t be affected.

Use a credit card rather than a debit card when purchasing online

If you do have the misfortune to be scammed or have your card information stolen when shopping online it is generally easier to get your money returned if you use a credit card rather than a debit card. You should also keep a close eye on your bank and credit card accounts so that any suspicious transactions can be cancelled as quickly as possible.

Using a credit card rather than a debit card when shopping online offers you some extra protection

Stick with what you know

If you are nervous about shopping online, then you are better off sticking to large, well-known retailers with a long-standing online presence, as these are more likely to have formal cyber security procedures in place. Check the URL of the site you are using to ensure it is using HTTPS, and has the green padlock symbol that indicates a secure connection. It is not guaranteed you will not fall victim to a hacker by following these guidelines, but your chances of keeping your information safe are increased.


We have written various stories over the last year detailing different areas of cyber security that may also be relevant when it comes to thinking about the security of online shopping:

· We’ve outlined why and how you should create strong passwords, and the importance of enabling two-factor authentication (2FA) when possible.

· If you want some extra privacy protection when surfing the web and buying online we have also outlined the pros and cons of VPNs and encryption.

· We also outlined how keeping your software up-to-date can help keep your computer and data safe from hackers, as well as the social engineering tricks attackers use to fool people into giving them their personal information.

There is no way to 100 percent guarantee the information you give to online retailers — or to any online services — won’t someday end up in the hands of cyber criminals, but following these guidelines will hopefully reduce your chances of becoming a victim. Having good security protection in place on your connected devices will also help keep your private information safe.

May you find all the deals you’re looking for!

Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.

Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.

Threat Intel

Insights into the world of threat intelligence, cybercrime and IT security. Brought to you by researchers at Symantec.

Security Response

Written by

Symantec Security Response brings you the latest threat intelligence from the IT security world.

Threat Intel

Insights into the world of threat intelligence, cybercrime and IT security. Brought to you by researchers at Symantec.