Our shopping habits have changed with many of us continuing to shop online all year round. This time of year brings the opportunity to get in some early discount deals across a range of categories.

Black Friday (which originated in America), gives consumers the opportunity to purchase some discounted or promotional deals. Black Friday takes place on the last Friday of November, which is followed by Cyber Monday, when the focus moves more to online sales.

This is now the peak pre-Christmas online sales day, making it a major target for criminals. Our inboxes are filled with amazing promotional deals, which can make it difficult to tell which ones are real and which are scams.

Attacks have become more sophisticated, so shoppers need to be alert and cautious when looking for online bargains, whether that is on Black Friday, Cyber Monday or any other day.

Our advice below will help you stay safe online when searching for that bargain buy.

Here are some tips to help you avoid scam websites and purchase items securely:

Offered an amazing deal?

Watch out for suspicious email, calls and text messages. Some of the emails, posts on social media accounts or texts you receive, about amazing offers may contain links to fake websites, designed to steal your money and personal details. Type in the website address directly in to your browser, or look this up on a search engine and follow the results.

If something doesn’t feel right, you can follow the NCSC guidance on dealing with suspicious email, phone calls and text messages.

Choose carefully where you shop

Seeing a padlock in the browser’s address bar is a good thing, but it’s not a guarantee that the website itself is legitimate. This shows that the connection is secure, meaning others can’t see the information you send. If you don’t see the padlock, don’t enter any personal or payment details on the website.

Check out the customer reviews before making any purchases. You can read feedback from people or organisations you trust.

When paying online

Only fill in the mandatory details on a website when making a purchase, such as the delivery address and payment details. Consider checking out as a “guest”, this can prevent the retailer from keeping a permanent copy of your details and reduce your risk of getting hacked.

If you have an account or are setting one up, make sure to use a strong password that is different from the passwords that you use for other accounts online. This means that if a hacker steals your password for one account, they won’t be able to use it to access your other accounts.

When making purchases online, use a credit card if possible, as most major credit card providers insure online purchases. Using a credit card (rather than a debit card) also means that if your payment details are stolen, your main bank account won’t be directly affected.

Alternatively, consider using an online payment platform, such as PayPalApple Pay or Google Pay. Using these platforms to authorise your payments means the retailer doesn’t even see your payment details.

Don’t let the store remember your payment details, unless you’re going to shop there regularly.

Further advice

  • If you’ve been a victim of fraud, scams or cyber crime you can report this to Police Scotland by calling 101 and contact your bank to seek advice.
  • is operated by the charity Advice Direct Scotland. Consumers can seek free, practical, and impartial advice on freephone 0808 164 6000; and online, web chat and email at Scottish consumers can report scams at
  • Vistalworks have developed an online tool which allows you to check products before you buy them and reduce the likelihood of harm. This technology is currently restricted to a range of products on sale on eBay and Amazon. Simply paste in an eBay or Amazon listing URL here and they’ll give you an indication of whether the product appears to be legitimate or not. The information provided by the checker is for guidance only and is not legal advice.
  • NCSC has further advice to shopping safely online
  • You can improve your online security by following 6 cyber aware steps.

Back to top of the page