(Credit: Bruce Mars)

The holiday shopping season is finally upon us and as Black Friday, as well as Cyber Monday, creep closer and closer, hackers are preparing their best scams to steal buyer information.

Cybersecurity firm AppRiver has already discovered a number of cyberscams aimed at fooling buyers into clicking on dubious coupons for jewelry, and they laid out five major ploys hackers may use to lure shoppers into giving away private bank information.

AppRiver writer Teresa Zwierzchowski said hackers will or already have used fake charities, holiday e-cards, gift cards, fake delivery or invoice emails, and fake letters from Santa to dupe holiday buyers into giving out vital information that leaves them vulnerable to hacks.

Economists have said they expect $717.5 billion to be spent during the holiday season, which averages out to about $1,000 per shopper, so be sure to make sure all that money is going to the right place.

SEE: Find the best Black Friday 2018 deals with these apps

"Cybercriminals are not above taking advantage of people's giving nature during the holiday season -- or any time of the year. Do your research before giving money to charities. Sites such as Charity Navigator, CharityWatch or GuideStar are good places to help you determine which charities you can trust are on the nice list," Zwierzchowski wrote.

"During the holiday season, spammers and malware distributors ramp up production of fake emails that appear as legitimate messages from UPS, FedEx, Amazon, PayPal, etc. malicious actors have gotten really good at crafting messages that look like the real thing - yet their emails contain malicious links or payloads designed to infect your machine."

Cybercriminals also know families are exchaning eCards that sometimes contain money and use that to trick people into clicking on malicious links or malware. Make sure to check the address box before opening any email and quickly delete any of these fake e-cards that may find their way into your inbox. The same goes for gift cards, which should be purchased directly from a retailer instead of any third parties which may have counterfeit or fake cards.

One of the most insidious scams is the fake delivery or invoice emails, which prey on users at a time when hackers know millions are sending gifts and packages through various online retailers. Online shoppers need to be wary of any suspicious emails and make sure invoices or delivery notices are what they appear to be.

If you thought hackers might spare your children from any danger, think again. AppRiver says cybercriminals have gone so far as to target "Letters from Santa" emails that cater to parents and children getting into the holiday spirit. If you've paid a company to send emails from Santa to your child, make sure to verify that the business is on the up and up, as hackers have used fraudulent Santa emails to get personal information from either you or your child.

Last week, cybersecurity research firm RiskIQ released their own report highlighting a huge increase in malicious apps claiming to contain the best Black Friday deals. The firm estimates that nearly 40 percent of all Black Friday and Cyber Monday buyers in 2016 used mobile devices to do their shopping, and hackers have responded by creating tons of fake apps designed to fool users into entering vital information.

Apple's App Store and the Google Play Store have been good about keeping these fraudulent apps out, but buyers should still beware of any apps floating around the internet proclaiming to have the best deals around. In general, users need to exercise a greater amount of caution in taking advantage of Black Friday and Cyber Monday deals, ensuring that anything platform they enter important information into is the real deal.

FOLLOW on Twitter for all the latest app news.


  1. As Black Friday and Cyber Monday approach, buyers need to beware of cybercriminals aiming to fool shoppers into giving away vital personal or bank information.
  2. Hackers have already used fake Black Monday deals, fraudulent invoice or delivery emails as well as dubious charities or gift cards to steal shopper information and offload malware onto a user's device.

Also see

Jonathan is a Contributing Writer for CNET's He's a freelance journalist based in New York City. He recently returned to the United States after reporting from South Africa, Jordan, and Cambodia since 2013.