The holiday shopping season, especially Black Friday and Cyber Monday, is a prime time for cybercriminals. McAfee Labs consistently observes a significant spike in malicious activity during this period, fueled by the combination of high web traffic, deals that create a sense of urgency, and a massive increase in card-not-present online transactions that create a perfect storm. Attackers exploit the chaos, knowing shoppers are often distracted and rushing to find the best Black Friday deals, making them more susceptible to phishing scams, fake websites, and malware designed to steal financial information.

As we gear up to feast with family and friends this Thanksgiving, and prepare our wallets for Black Friday and Cyber Monday, let’s look at how these two popular shopping events can impact your online security, and how to protect yourself from scammers.

Stolen credentials and identity theft

The consequences of falling for a holiday scam can be devastating. Beyond the initial financial loss from a fraudulent purchase, victims often face the long-term nightmare of identity theft. According to the Federal Trade Commission (FTC), consumers reported losing $12.5 billion to fraud in 2024, with online shopping scams as the second most commonly reported incident. Recovering from identity theft is not just costly. It’s also incredibly time-consuming. On average, it can take victims months to clear their names and correct their credit reports, adding significant emotional stress during what should be a joyful season.

The Black Friday shopping phenomenon

Historians trace the use of Black Friday to the 1960s, when Philadelphia police officers named the day after Thanksgiving as Black Friday because they had to work overtime to manage the mob of holiday shoppers and attendees to the traditional Army-Navy football game on Saturday. Later on, Shop.org coined the term Cyber Monday as a way for online retailers to participate in the Black Friday shopping frenzy.

Since the beginning of these two massive shopping holidays, both have seen incredible growth as more shoppers are turning to the Internet to participate in holiday bargain hunting. In the US, consumers reportedly spent $10.8 billion online on Black Friday 2024, a 10.2% increase from 2023, while Cyber Monday brought in a record $13.3 billion. 

The uptick in online shopping activity provides cybercriminals the perfect opportunity to disrupt shoppers’ holiday activities and compromise their online security. During this festive season, it is best to take proactive measures to safeguard your digital presence. 

Black Friday risks versus Cyber Monday risks

Historically, Black Friday was initially focused on in-store shopping, while Cyber Monday centered on online deals. As such, each shopping event presented its own cyber risks: 

Black Friday risks

• Mobile-first scams: Shoppers often hunt for deals on their phones on the go before heading to the physical stores, making them more susceptible to smishing and malicious links sent via text.
• Public Wi-Fi dangers: While in-store, shoppers usually connect to unsecured public Wi-Fi at malls or cafes, exposing their data to hackers on the same network.
• Fake QR Codes: Shoppers could click on malicious QR codes on posters or flyers that promise exclusive deals, but lead to phishing sites.

Cyber Monday risks

• Sophisticated phishing emails: Attackers often use data from weekend shopping activities to launch targeted email campaigns with fake shipping notifications or order confirmations for incredible deals.
• Desktop-based Malware: With more people shopping from work or home computers, there’s a higher risk of encountering malicious ads or downloading fake browser extensions that steal data.
• Lookalike websites: Scammers create highly convincing replicas of popular retail websites to trick users into entering login and payment details.

As retailers embrace both in-store and online platforms, cyber fraudsters are blurring the lines to take their scams to both domains.

How to protect yourself from these scams 

With the surge in online shopping during both shopping holidays, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. It’s essential to approach every email or text message suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday. 

• Never give your information. Be suspicious of unsolicited messages, even if it appears to be from a trusted source. Hover over links in emails or texts to see the actual destination URL before clicking. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there. 
• Eye the website with skepticism: If you happen to click the link and are led to a website, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that have misspelled domain names, as they could be fraudulent. Learn more about the traits of a fake website.
• Use credit instead of debit cards. Credit cards generally offer better fraud protection and make it easier to dispute unauthorized charges.
• Enable multi-factor authentication (MFA). Add this extra layer of security to your email and retail accounts whenever possible.
• Beware of too good to be true offers. Extreme discounts are a common lure for scams. If a deal seems unbelievable, it probably is.
• Verify the seller. Shop with well-known, reputable retailers. For unfamiliar sellers, look for reviews and a physical address.
• Avoid public Wi-Fi for purchases. Your personal data is vulnerable on unsecured networks. Use your mobile data or a secure VPN instead.
• Keep your software updated. Install updates for your operating system, browser, and security software to address known vulnerabilities.
• Install a reputable security software. This can provide you with real-time protection and alert you to a malicious website or link.

Use virtual cards and trusted payment gateways

One of the most effective ways to protect your financial data is to avoid entering your actual debit or credit card number directly on websites. Instead, use payment methods that act as a buffer. Virtual credit cards, offered by many banks and privacy services, generate a unique, temporary card number for a single transaction or vendor, making your real account information useless to thieves if a site is breached. 

Similarly, digital wallets such as PayPal, Apple Pay, and Google Pay use tokenization to mask your card details. When using browser extensions for coupons, be cautious. Only install trusted extensions and check their permissions. 

Monitor price drops without sacrificing security

Everyone wants to find the best price, but be wary of how you track those Black Friday deals. While some deal-tracking apps and browser extensions are helpful, others are privacy nightmares, requesting broad permissions to read all your browsing data. 

Before installing any price tracker, carefully review the permissions it requests. Better yet, use well-known, reputable services or set up price alerts directly on major retail websites. Before you download any new app to your phone or computer, use a security solution with a safe-app check feature to ensure it doesn’t contain malware or spyware.

Invest in McAfee security software

Keeping your digital data and identity safe during the holiday shopping fever might be the best gift you could give yourself and your family. Consider these top features:

• McAfee® Total Protection: This powerful solution provides essential antivirus and web protection to block malicious websites and phishing links in their tracks while you hunt for online deals.
• McAfee® Scam Detector: This feature uses patented AI technology to detect and protect you from risky links in texts, emails, and social media, stopping scams before you can even click.
• McAfee® Mobile Security: This comprehensive protection on the go helps shield you from risky Wi-Fi networks and malicious apps.
• Identity Monitoring: Get alerts if your personal information, like email addresses or credit card numbers, is found on the dark web, allowing you to take action quickly to prevent identity theft. 

FAQs: Stay protected while holiday shopping

Is it safe to shop Cyber Monday deals on mobile?

Shopping for Cyber Monday deals on your phone can be convenient, but it requires extra caution. The biggest pitfall is using unsecured public Wi-Fi networks in places like coffee shops or malls, allowing criminals to intercept your data. 

Another major threat is fraudulent shopping apps designed to steal your information. For another layer of protection, use mobile wallets like Apple Pay or Google Pay as they use tokenization to process payments without exposing your actual card number.

Are deals advertised on social media legitimate?

They can be, but social media is also rife with scams. Instead of clicking links in ads, go directly to the retailer’s official website to find the deal. Scammers often create fake storefronts on social platforms to steal your money and data.

Do retailers release Cyber Monday deals early?

Yes, many retailers start their Cyber Monday deals during the Black Friday weekend or earlier. However, be cautious of unsolicited emails announcing “early access.” Always verify these offers on the retailer’s actual website, as this is a common phishing tactic.

Is it safe to pay with a QR code?

Only use QR codes from trusted sources. Criminals can place malicious QR code stickers over legitimate ones, redirecting you to a phishing site. When in a store, confirm the QR code is legitimate with an employee. When shopping online, only scan codes on a retailer’s official site or app.

What should I do if I get a suspicious shipping notification?

Do not click any links in the email or text message. Scammers send fake shipping alerts to get you to click on malicious links or provide personal information. Instead, go to the retailer’s website and use your official order number to track your package directly.

Final thoughts

Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys. 

One effective way to do so is by investing in top-tier online protection solutions. McAfee offers award-winning cybersecurity solutions developed to shield you from the ever-evolving threats. Explore the features of our McAfee+ Ultimate and Total Protection plans and stay informed about the latest cyber threats with McAfee Labs.

Always strive to shop wisely and stay safe, and remember that if an offer seems too good to be true, it probably is.

The post Secure Your Black Friday & Cyber Monday Purchases appeared first on McAfee Blog.

The value of Bitcoin has had its ups and downs since its inception in 2013, but its recent skyrocket in value has created renewed interest in this virtual currency. The rapid growth of this alternative currency has dominated headlines and ignited a cryptocurrency boom that has consumers everywhere wondering how to get a slice of the Bitcoin pie. For those who want to join the craze without trading traditional currencies like U.S. dollars (i.e., fiat currency), a process called Bitcoin mining is an entry point. However, Bitcoin mining poses a number of security risks that you need to know.

What Is Bitcoin Mining?

Mining for Bitcoin is like mining for gold—you put in the work and you get your reward. But instead of back-breaking labor, you earn the currency with your time and computer processing power. Miners, as they are called, essentially maintain and secure Bitcoin’s decentralized accounting system. Bitcoin transactions are recorded in a digital ledger called a blockchain. Bitcoin miners update the ledger by downloading a special piece of software that allows them to verify and collect new transactions. Then, they must solve a mathematical puzzle to secure access to add a block of transactions to the chain. In return, they earn Bitcoins, as well as a transaction fee.

What Are Bitcoin Security Risks?

As the digital currency has matured, Bitcoin mining has become more challenging. In the beginning, a Bitcoin user could mine on their home computer and earn a good amount of the digital currency, but these days the math problems have become so complicated that it requires a lot of expensive computing power. This is where the risks come in. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices.

One example of this security breach happened at a coffee shop in Buenos Aires, which was infected with malware that caused a 10-second delay when logging in to the cafe’s Wi-Fi network. The malware authors used this time delay to access the users’ laptops for mining. In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. When an attacker loads mining software onto devices without the owner’s permission, it’s called a cryptocurrency mining encounter or cryptojacking.

It’s estimated that 50 out of every 100,000 devices have encountered a cryptocurrency miner. Cryptojacking is a widespread problem and can slow down your device; though, that’s not the worst that can happen. Utility costs are also likely to go through the roof. A device that is cryptojacked could have 100 percent of its resources used for mining, causing the device to overheat, essentially destroying it.

What Are Some Bitcoin Privacy Tips?

Now that you know a little about mining and the Bitcoin security risks associated with it, here are some tips to keep your devices safe as you monitor the cryptocurrency market:

• Avoid public Wi-Fi networks: These networks often aren’t secured, opening your device and information up to a number of threats.
• Use a VPN: If you’re away from your secure home or work network, consider using a virtual private network (VPN). A VPN is a piece of software that gives you a secure connection to the Internet, so that third parties cannot intercept or read your data. A product like McAfee+ can help safeguard your online privacy no matter where you go.
• Secure your devices: New Bitcoin threats, security concerns, and malware are emerging all of the time. Protect your devices and information with comprehensive security software

The post Bitcoin Security: Mining Threats You Need to Know appeared first on McAfee Blog.