1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Black Friday is a gift to cybercriminals

Teri Schultz
November 24, 2017

Cybersecurity experts and consumer advocates warn online shoppers about "Black Friday" risks. Clicking on that "too good to be true" offer could bring a virus, not a bargain.

Black Friday 2017 woman walking past shop window
Image: picture-alliance/Keystone/W. Bieri

Black Friday sales are a boon to consumers getting a head start on the holiday shopping season, often from their desks. "Online shopping is booming," confirmed Laurens Rutten, spokesman for the European Consumer Organization (BEUC). "Global e-commerce sales are expected to reach $4 trillion in 2020, up from $1.6 trillion in 2016. On weekends like these, with Black Friday and Cyber Monday, this might increase even more," he told DW.

But experts warn that careless online behavior is a gift to cybercriminals. The marketing tactic migrated from the US, where the day after Thanksgiving is the biggest shopping day of the year and the following Monday - called Cyber Monday - has now been pulled in too.

Read more: Criminals hack their way to the top

Hackers have also eagerly latched on to the trend, with Dansk Supermarket, which operates Netto supermarkets in Germany, among the first to report Friday morning that its sites had been crashed not by a horde of shoppers but by a cyberattack.

Marketing blitz not just a paradise but a 'minefield'

"Black Friday is a minefield for shoppers," said Nick Viney, the vice president of Consumer, Mobile and Small Medium Business at McAfee, the world's largest global computer security company. "It presents a huge opportunity for cybercriminals. Bargain hunters need to think before they hand over their personal information to get the best deal, without getting stung."

Black Friday 2017 people queuing inThessaloniki
Greek shoppers were out in force in Thessaloniki. Most Europeans shop online though during Black FridayImage: Getty Images/AFP/S. Mitrolidis

Viney warns that criminals could be lurking behind every link and that "if an ad for Black Friday deals looks too good to be true, it probably is." He urges consumers not to mindlessly click on advertisements shared by social media, emails or other messaging applications. "If a great discount lands in your inbox, you're best off to check out the site directly rather than clicking on any links," he suggested.

In a survey of more than 6,000 people concluded last month, McAfee pulled out separate results for several countries, including Germany. The study found 76 percent of German consumers intend to purchase most if not all of their gifts online. When they receive a "tracking notification" email, the survey showed, only a little over half even check the email address to check if it's legitimate. Fourteen percent said they actually click on the link itself to "check." By then, it can be too late to avoid infection.

Holiday fun for hackers

Another way hackers target consumers is through their interconnected devices after purchase. The McAfee survey showed that most Germans begin using their devices within a few hours of receiving it. Almost a quarter of respondents are "not worried" about internet security and would still buy a device even if they knew it was susceptible to security breaches. A third of German consumers, however, would not buy it.

Read more: Cybersecurity: Why it's hard to protect yourself online

Toys are increasingly interconnected and McAfee's Gary Davis, who authors a blog on consumer security, notes that the capabilities that make toys so entertaining - GPS chips, microphones, cameras - also make them prime targets. "Manufacturers may not be putting these devices' security as a top priority," he warned, "which could leave these toys vulnerable to leaking personal information or even allow hackers to hijack the camera or microphone."

Black Friday 2017 US, New York City
Black Friday originates in the US, where it's the biggest shopping day of the yearImage: Reuters/S. Stapleton

In the survey, only about a third of Germans believe devices like drones, virtual reality headsets, fitness trackers or children's toys need to be secured with measures such as PINs or anti-virus software. Almost 20 percent presume the vendor does that for them.

Davis also notes that while 43 percent of Germans plan to give away, sell or otherwise recycle an old device if they get a new one for the holidays, two-thirds of them do not know how to permanently erase their personal information first.

McAfee's best suggestions for keeping yourself safe: change passwords often, research possible security problems on a product before buying it and making sure your home internet service is secure.

Who can help?

BEUC's Rutten reminded shoppers to also be careful of risks that don't involve hacking. While people can make online purchases from virtually anywhere in the world, Rutten underscores that the European Union's strong consumer rights can't be taken for granted elsewhere. BEUC represents 43 independent national consumer organizations. 

"We are worried about consumers not having means to act if something goes wrong with such purchases," he told DW, since online consumers are in a weaker position with no face-to-face contact with the trader, no opportunity to inspect items before purchase and maybe not even information about where the retailer is located.

While BEUC puts the onus of responsibility on governments to monitor and regulate good business practices, consumer organizations in other countries can help too. For example, Rutten explained, "a Brazilian consumer group would be able to help out a German consumer to claim his/her rights for an undelivered product from Brazil."

But to enjoy the best that Black Friday and Cyber Monday have to offer, it's still up to the shopper to be savvy about more than prices.