TORONTO -- Black Friday may be a bargain-hunter’s dream, but experts say it’s also a perfect opportunity for hackers and scammers to steal your personal information.

According to recent research from cybersecurity firm McAfee, 33 per cent of Canadians have lost $500 or more in online scams so far this year, with an additional 40 per cent having been exposed to online phishing scams.

Worse yet, 36 per cent of those surveyed admitted to not checking an email sender or retailer’s website for authenticity before making an online purchase.

“The most danger comes from these customized emails that target people,” Prof. Ali Dehghantanha, director of the Cyber Science Lab at the University of Guelph, told by phone Thursday.

“From emails that suggest you’ll get a special discount, to someone claiming someone has used your Apple ID to buy something.”

Dehghantanha says these targeted campaigns prey on those who aren’t paying enough attention to the emails coming into their inbox. But by following a few simple steps, the average consumer should be able to weed out the real deals from the fake.

Here’s how to avoid falling victim to an online scam while shopping online this year:


A common trick cybercriminals use to trick people into handing over their credit card information is to set up a fake website that mimics a real retailer.

Before entering any personal information, make sure to double check the URL in your web browser. Often times, these websites will look nearly identical to popular shopping sites, but might misspell the retailer name in the web address.

Dehghantanha says consumers should also be sure to check for a secure connection before checking out.

Sites with a secure connection will display a lock symbol in the left hand side of the URL bar in your web browser. Secure sites will also start with “https” (the “s” stands for secure).

“If you don’t see the lock, don’t enter anything private,” said Dehghantanha.

Christine Beauchamp, spokesperson for Canadian Centre for Cyber Security, recommends that consumers take a critical eye to any website they come across via email or on social media.

“They are often very rushed and may not look very professional,” Beauchamp says of the quality of fake websites.

Be sure to keep an eye out for poor spelling and grammar, poor picture quality, and poorly copied corporate logos.


Scammers will often use a legitimate web address in the hyperlinked text of the email, but once you click on the link it takes you to a malicious website.

Before you click on any links in a suspicious email -- especially those with offers that seem too good to be true -- hover your mouse over the link to check the URL. A small yellow box will appear showing the actual web address the link will take you to.

If the link doesn’t match the hyperlinked text, it’s likely malicious.

Also be sure to double check the spelling of the website. Attackers will often use a URL that has one misplaced letter – for example, linking to “” instead of “”


One of the easiest ways to fall victim to a data breach is to re-use your passwords. One hack can gift criminals with thousands of passwords, which they can use to try to access multiple accounts.

While you’re at it, make sure your passwords are secure.

Experts say passwords that use eight to 10 upper- and lower-case letters mixed with numbers are proven to be more secure. When choosing numbers to add to your password, be sure not to use anything that is easily identifiable, such as your address or date of birth.