Lead. Great deals are coming - and so are the scams. Here is an article ready to publish on the SYLink blog: real-world examples, warning signs, consumer rights, official procedures (Perceval, THESEE, 33700, 17Cyber) and a 30-second checklist.

The goal: enjoy Black Friday Friday, November 28, 2025 without falling into a trap.



Why risk explodes during Black Friday

  • Massive purchase surge + "urgent" promotions: a perfect playground for fraudsters (cloned websites, "limited" offers, fake merchants). French authorities issue reminders every year about the recurring traps.

  • Rising financial losses: in the United Kingdom, victims reported more than £11.5M in losses between November 2023 and January 2024, with 16,000+ purchase frauds reported and £695 lost on average per victim - a similar order of magnitude across the EU during the holiday period.

  • AI-boosted scams & social media: authorities highlight the industrialization of scams, particularly through marketplace listings and increasingly credible messages.



The most common scams (and how to recognize them)

  1. Fake online stores / "ghost shops"

    • Signals: vague or missing legal notices, bank transfer required, slashed prices across the entire catalog, typos and approximate logos.

    • Good to know: entire networks create thousands of fake shops targeting the Black Friday period (e.g., 4,700 sites in one documented campaign).

  2. "Fake parcel" SMS/emails (smishing)

    • Signals: "Your parcel is on hold", payment link for "fees".

    • Reflex: do not click; go through the carrier's official app or account. Full guide and practical tips on Cybermalveillance.gouv.fr and recent investigations.

  3. Fake discounts / imaginary "struck-through prices"

    • Rule in France/EU: when a struck-through price is displayed, the reference price must be the lowest price applied during the previous 30 days ("Omnibus" directive).

  4. Counterfeits & fake brand "clearance sales"

    • Signals: -80% on premium products, no after-sales service, no invoice. Official brand pages explain how to spot impersonators.

  5. Fake support/refunds

    • Signals: request for an IBAN, asking you to install remote control software (AnyDesk/TeamViewer) for a "quick refund".

    • Reflex: no legitimate support ever requires remote access for a refund.


Real cases (referenced)

  • The "perfect" fake site (France): Cecile gets caught by a clone site during Black Friday; ~€100 lost, banking details exposed. Detailed testimony (screenshots, advice).

  • The PS5 replaced by... a stone (Belgium): a MediaMarkt customer discovers two sealed boxes containing stones, just after Black Friday. Investigation launched by the retailer.

  • Fake "Dyson clearance" (late 2023): orders never confirmed/delivered, multiple reports (page still visited before every Black Friday).



Check a website in 30 seconds (a simple method)

  1. Legal notices (company name, address, SIREN), terms and conditions, return policy.

  2. Payment methods: be wary if only bank transfer is offered.

  3. Contact: email and non-premium-rate phone number; quick test possible.

  4. Reputation: type site name + scam/reviews; check reports on SignalConso and Signal-Arnaques.

  5. Compliant struck-through price: insist on the lowest price from the past 30 days being displayed.

  6. URL & certificate: a padlock does not prove legitimacy (it protects the connection, not the seller).

For more, the DGCCRF publishes very practical "online shopping" fact sheets.



Security checklist (before you pay)

  • Accounts & email: enable two-factor authentication (2FA/MFA). References from NATO/Armed Forces & CNIL.

  • Passwords: unique and strong (password manager recommended).

  • Payment: prefer the card (better protection) and avoid bank transfers to unknown parties. UK authorities also recommend credit cards over transfers.

  • Delivery tracking: never click a link received by SMS/email; open the carrier's official app.

  • Evidence: keep confirmations and screenshots (price, conditions).

  • New merchant: order a small item first to test (delivery time, after-sales).


Your rights (France): the essentials

  • Right of withdrawal: 14 days minimum for a distance purchase (excluding legal exceptions: customized product, dated service, etc.).

  • Price reduction: any display must be based on the lowest price applied within the last 30 days; report abuses on SignalConso.

  • Unauthorized payments: the bank must refund without delay unless it can prove fraud or gross negligence (CMF/PSD2 framework). The dispute window has been extended to 13 months by recent case law.



What to do if you are a victim (official action plan)

  1. Fraudulent banking transaction -> freeze the card then report via Perceval (the receipt is useful for the bank).

  2. E-fraud (fraudulent site, phishing, fake support) -> complaint/report via THESEE.

  3. Suspicious SMS/call -> forward it to 33 700 (anti-spam SMS/call platform).

  4. Immediate guidance & advice (24/7) -> run a 17Cyber diagnostic (single point of contact for Police/Gendarmerie + Cybermalveillance).



Pro bonus (online retailers): harden your business before peak season

  • "Omnibus" compliance: keep records of the 30-day reference price and avoid misleading successive promotions.

  • Payment anti-fraud: 3-D Secure, scoring of risky orders, blocking of proxies/bots, per-card/IP caps. (Seasonal losses prove that "purchase scams" spike during this period.)

  • Internal hygiene: MFA on back-office & support, time-limited rights, "5-minute phishing" awareness training. References from NATO/Armed Forces / CNIL.