Black Friday tips to stay safe and avoid scams while shopping online

The threat of fraud and cyber scams is a 365-days-a-year problem when it comes to online shopping.

But just as the rate at which retailers hit you with promo emails scales up at this time of year, so too does the risk of falling foul of criminals trying to access your bank account.

According to the National Cyber Security Centre (NCSC), shoppers lost more than £10m to cyber criminals over last year's festive shopping period.

With Black Friday sales under way and Christmas on the horizon, Paste BN enlisted some cybersecurity experts to offer advice on how best to stay safe and avoid scams this year.

Spotting a dodgy email

A favourite tactic of fraudsters is to draw you in with an email that looks remarkably legitimate, seemingly offering an exclusive deal at one of your favoured retailers.

It is, as Mike McLellan of Secureworks puts it, a "classic scenario we'd expect to see around Black Friday".

An important thing to look out for is the domain name of the sender's email address - is it a close match, but with something slightly off? Think @amaz0n.co.uk, for example.

"On smartphones, that kind of detail is usually hidden," advises Mr McLellan. "So tap on it and check where the email has come from."

You should also keep an eye out for misspellings and odd formatting.

However, the NCSC has warned that criminals are likely to use increasingly accessible AI tools to produce even more convincing scam emails, websites, and adverts than usual.

If you're at all unsure, it's good practice to go to the website directly, rather than click on any links in the email.

Fake websites

Some scams may direct you to a retailer's login page to enter your account information.

It could look perfectly normal, and you go ahead and pop in your username and password, while in the background, criminals capture that information and use it themselves.

Chris Bluvshtein, of VPNOverview, says: "Every website should have a valid security certificate, and you can tell by the little padlock icon next to the URL.

"If a website doesn't have one of these, then don't give your bank details or valuable information."

These can be some of the hardest scams to notice yourself, but banks have become very good at alerting you to "unusual logins" and flagging any subsequent dodgy transactions.

"If you suspect something bad has happened, consider changing your password," Mr McLellan says. "And checking your bank activity."

Text message scams

Another classic of the Black Friday scam genre is a text message suggesting you have a parcel waiting with DHL, Royal Mail, or some other delivery provider.

"Quite often you will be expecting something when you get these texts - but again keep an eye out for anything that doesn't look normal," says Mr McLellan.

A good indicator that something is amiss is if the text asks you for payment and includes a bit.ly link.

You should not click on these.

The rise of 'Qishing'

An emerging threat over the past year is an extension of phishing using QR codes.

Secureworks has dubbed it "Qishing", when criminals use them to direct unsuspecting consumers to fraudulent websites that could steal their personal information.

Director of threat intelligence, Rafe Pilling, says: "We're so used to seeing 'scan this code' to register, view a menu, order drinks or food to a table, or even enter competitions via the bi