ProtonBlog(new window)
Subscribe by RSS
black friday scams

Don’t fall for Black Friday email scams

Proton Team(new window)

Share this page

You’ve heard the one about the Nigerian prince and the lottery windfall (we just need your bank account and social security number!). But email phishing scams are getting more sophisticated and persuasive. While they come in a variety of forms, the general goal of a phishing attack is to trick you into giving away sensitive personal information.

Top 4 Black Friday emails scams:

1. The fake promotion

This is the traditional phishing attack in which scammers try to coax you into clicking on a link to a special offer, but instead you will either accidentally download malware or you’ll be asked to enter some personal information. They may dress it up as a Black Friday deal using the corporate logos of trusted companies.

By the way, we’re going to be sending emails to users announcing the annual Proton Mail Black Friday sale. You may also receive an email about the Proton VPN Black Friday sale. These emails will be starred automatically in your Inbox. Emails claiming to be from Proton Mail without an Official badge are phishing attacks, and you can report them.

2. There’s a problem with your account

Similar to the first example, the hackers want you to click a link, claiming there’s a problem with your Amazon, eBay, or other online account. They might tell you there’s been suspicious activity or they need you to update your information. But if you click the link, the webpage will be a spoofed version of the real website. And if you enter your login credentials there, you would in fact be entering them into the hacker’s database. The best way to be sure is to check the URL of the page carefully before you enter any information. Make sure it is belongs to the company in question (e.g. amazon.com instead of fakewebsite.com).

3. Fake receipts

When you buy a lot of stuff online quickly, it can be difficult to keep track of all the retailer emails associated with those purchases. Hackers will be taking advantage of the high number of email receipts. They may pose as Amazon or an Amazon vendor telling you that your purchase receipt is attached. But in fact the attachment installs malware on your device. Check carefully to make sure the email is indeed coming from a trusted source, and do not download suspicious attachments.

4. We couldn’t deliver your package

A shipping company, such as FedEx or DHL, might email you claiming your package could not be delivered or asking you to confirm shipping details. Except it’s not really FedEx or DHL. It’s a hacker asking you to click a link where you enter personal or account information, or ask you to download a form (aka malware).

How to protect yourself against Black Friday email scams

Defending against Black Friday email scams boils down to recognizing them and then simply ignoring them. Here are some rules to live by:

  • If you get an email telling you about a deal, make sure the link directs you to the retailer’s official website, and not a phishing website. If you hover your curser over the link, you can see the target URL in the bottom right or left of your browser.
  • If a deal appears too good to be true, it probably is. Check the retailer’s website or social media sites to make sure the deal is real.
  • Any email claiming to be from Proton Mail that isn’t starred by default is a phishing attack. You can also verify that an email from Proton is genuine by checking that it was sent from one of our official domains(new window).
  • You can also help the Proton Mail community filter out phishing scams by reporting phishing to our team. Follow the link to learn how to use our report phishing tool.
  • Don’t enter your information on a website unless you’re positive it’s a legitimate website. The best way to do this is to check there is a valid SSL certificate, and make sure the URL is correct.

If you receive any other Black Friday email scams this year, let us know in the comments or on our social media pages. We wish you a Happy Thanksgiving to our American users, and safe shopping to everyone.

Best Regards,
The Proton Mail Team

Sign up and get a free secure email account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support!

Protect your privacy with Proton
Create a free account

Related articles

what is a brute force attack
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage
chrome password manager
You likely know you should store and manage your passwords safely. However, even if you are using a password manager, there’s a chance the one you’re using isn’t as secure as it could be. In this article we go over the threats some password managers