Cofense - Security Awareness Training & Email Threat Detection

Black Friday Spam Alert: How to Shop Safe Online this November

Share This Article

As Black Friday draws near, it seems that every company with anything to sell is sending emails to advertise their specials. Consumers can expect to see emails from all sorts of major retailers: Amazon, Dell, Fry’s, Home Depot, Khol’s, Microsoft, and everyone under the sun, with some really great deals. However, mixed into this pile of email are a tremendous number of messages touting shady deals that could lead consumers to give up personal information, money, or just land them with fake products instead of what they were shopping for. Here are two major categories of trouble that you might want to watch out for in your Black Friday Emails:

Category #1: Fake Survey to Earn Reward

These surveys will gather a great deal of personal information, but will never actually give you a reward. They are run by spammers, not by the company whose name appears in your email message. There is a 0% chance of getting the reward, and a 100% chance of sharing your personal information with people who want to telemarket or spam you. In fact, by taking the survey, you are agreeing to let them send your telephone number to people who may have important offers to share with you. We’ve seen quite a bit of Walgreens, Sam’s Club, Kohl’s and many others in this category.

Example Subject:

“Sams Club pre black friday rewards- Get your member items now”

Advertised Domain: www[.]survvssalestoday[.]com which forwarded in this case to “waypremium[.]com”

Phishing attack email example - Cofense

Email Subject:

Kohls black friday rewards are here- Get your Holiday items now

Advertised website: www[.]everybodyhavesurvs[.]com (which forwarded, in this case, to “retailcoast[.]com”)

Phishing email reporting tool - Cofense

Category #2: Impossibly Good Deals … on sketchy websites

Email Subject:


This email purports to be from “Americanas[].com[.]br” a major appliance seller in Brazil. However, the advertised URL we will be taken to if we click is: “99-119-117-162[.]lightspeed[.]tukrga[.]sbcglobal[.]net           /images/”

Which forwards us to a non-secured website, that uses an IP address rather than a domain name:

Phishing analysis tool - Cofense

The real website, shown below, with the https:// domain name in the URL, does have some great Black Friday deals, but in the 5%-10% off range, not the 60-70% off range:

Phishing incident response tool - Cofense

To Summarize, there are some GREAT deals available this holiday season on Black Friday . . . but be safe!

  1. Only shop at reputable online stores. If you are on the real website and they have a great offer, congratulations! But be wary of counterfeit sellers!
  1. If the vendor needs to have you enter your personal information before they show you the deal, there is a good chance you are on a scam site that wants to steal your personal information to sell it. Watch for key words “Rewards” or “Gift Card” in these messages.
  1. Always inspect a link before clicking it! Scammers rely on victims believing they’re someone they are not. Even if a link looks like it points to the legitimate retailer, inspect carefully and look for clues that indicate it’s fake. If you’ve already clicked, always check he address bar to make sure you are where you think you are.
  1. That little “s” in “https” stands for secure. Make sure that the site you are buying from is going to protect your credit card information by using encryption. Reputable retailers will have this enabled by default. Disreputable sellers may not and this might be a sign to turn back.

Don’t ever miss another cyber threat – sign up for PhishMe® Threat Alerts today and receive fresh updates on new and emerging phishing and malware threats delivered straight to your inbox, completely free.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.