Black Friday, Christmas, Sales: Cybercriminals Are Waiting for You
Every year, at the same time, the queues move to virtual carts. Promotions explode, ads flash, "must-have" deals multiply... and in the shadows, cybercriminals are rubbing their hands.

Every year, at the same time, the queues move to virtual carts. Promotions explode, ads flash, "must-have" deals multiply... and in the shadows, cybercriminals are rubbing their hands. Because while you are hunting for the best deal, they are hunting for the weakness.
Black Friday, like the end-of-year holidays, has become a peak season for phishing, fake sites, banking data theft and scams. We buy more. We buy fast. We let our guard down. And the risk becomes real.
In my book Être en cybersécurité, I devote a whole chapter to the risks tied to online payments. Here, for the occasion, is a practical summary to (re)read before you confirm your next purchase.
The golden rule: never trade security for convenience
The first trap is urgency. The feeling that you are going to miss a "70% off" deal if you do not pay right now.
That is exactly what scammers exploit: the emotion, the adrenaline of the purchase, the speed of the decision.
Passwords & two-factor authentication: the bare minimum
Let's start with the obvious that many still neglect:
Change your passwords to something more effective than "raspberry56". Turn on two-factor authentication everywhere you can.
These are your first lines of defense. Too many users keep on using reused or easy-to-guess passwords. That is no longer acceptable in 2025.
A strong, unique password, stored in a secure manager, should be the norm.
Check the site, not just the price
Before you pull out your card, check the merchant. Always.
- Read the reviews (Trustpilot, Google, forums).
- Type the site's name + "scam" into a search engine.
- Check the "legal notices" or "contact" page (physical address, SIRET number, etc.) and do not hesitate to run searches on those same addresses and SIRET numbers.
Even if the site looks professional, fake sites have become impossible to spot with the naked eye. All it takes is a strange subdomain, a ".co" instead of a ".com", a sponsored but fraudulent Google ad, or a copy of a perfectly legitimate website.

Beware of fake URLs and sponsored ads
One of the most widespread techniques today? Cloning popular sites, backed by advertising. Searching for "Nike deals" on Google? The first link may be a fake site... sponsored and extremely well ranked.
Always look at the site's address in the navigation bar. A single character too many or too few can be a trap.
Never save your banking information
It may be convenient... but it is dangerous.
Even the big platforms can be hacked. And if your details are stored, they can be exfiltrated.
Refuse the automatic saving of your card. Take the time to enter it for each purchase. It is slower, but it is safer.
Open a dedicated bank account or use a virtual card
A simple and powerful tip: separate your online purchases from your main account.
- Open a secondary account with no permanent balance.
- Transfer only the amount you need into it.
- Link a separate payment card to it.
Better still: use a virtual bank card.
- It is single-use or time-limited.
- It lets you set a spending cap.
- It is useless if it is stolen.
Almost all banks offer them today. Turn on this option.
Never send your details by email or on social media
Obvious? Not to everyone.
Some merchants (or people posing as them) ask for your payment details by email or through an Instagram, WhatsApp or Messenger message. Refuse categorically. No serious site works this way.
Yes, even AI is getting in on it
Generative AI is now used to write phishing emails that are more convincing than ever. Perfect spelling. Natural style. Professional appearance.
The scam no longer sounds like a crook from a made-for-TV movie.
It sounds like a sales rep from Amazon.
Giving a gift also means protecting
If you are giving a gift card, a subscription or a tech product, do not forget to warn your loved ones. Pass these tips on to them.
Christmas should not be a gateway to fraud.

Going further: Être en cybersécurité
All these tips, and many more, come from my book Être en cybersécurité, a handbook designed to give you back control in a digital world that moves too fast.
👉 Available online and from partner bookshops.
Shop smart, not vulnerable
Cyberspace is not a risk-free supermarket.
It is a minefield. With every click, you expose your data, your money, your identity.
So this week, while everyone is hunting for the best deal, look instead for the right posture.
And remember: a promotion is never worth the loss of your security.
Questions fréquentes
Why are Black Friday and the holidays riskier from a cybersecurity standpoint?
We buy more, faster, and we let our guard down. This period becomes a peak season for phishing, fake sites and banking data theft, which cybercriminals exploit by playing on the urgency and emotion of the purchase.
How can I check that an online store is trustworthy before buying?
Read the reviews (Trustpilot, Google, forums), type the site's name followed by "scam" into a search engine, and check the legal notices (address, SIRET number). Always verify the exact address in the navigation bar: a ".co" instead of a ".com" or one extra character can be a trap.
How can I pay online more safely during the sales?
Never save your card on the platforms, enter it for each purchase, and favor a virtual bank card (single use, spending cap, limited duration) or a dedicated secondary account funded with only the amount you need.
Are email scams harder to spot today?
Yes. Generative AI is used to write phishing emails with perfect spelling and a natural style. The scam no longer sounds like a crook: it reads like a professional message from a major brand.

Être en cybersécurité
Une feuille de route cyber en clair, pour tout le monde, pas seulement les experts.
