While Black Friday brings incredible deals, it also brings something far less exciting: a huge spike in cyber threats. Every year, UK businesses (especially SMEs) see increases in phishing emails, fake websites, account breaches, and compromised devices during the November sales rush.

 

Cyber criminals know that people are searching for offers, clicking faster than usual, and using personal devices at work… and they take full advantage of it.

 

So this week lets look at the real risks, the scams doing the rounds right now, and the practical steps you can take to protect both your business and your team during the busiest shopping season of the year.

 

 

 

🎯 The Real Threat: A Surge in Phishing and Fake Sites

 

During late November, phishing attempts increase by as much as 80%. Scammers use:

• Fake delivery notifications
• “Your order is delayed” messages
• Fake retailer login pages
• Too-good-to-be-true discounts with urgent timers
• Lookalike websites designed to steal card details

 

Employees often fall victim simply because they’re rushing, not because they’re careless.

 

And once a single account or device is compromised, your business becomes an open door.

 

 

 

📌 Real Scams Targeting UK Businesses Right Now

 

Here are scams circulating this month:

1. Amazon “Order Issue” emails – These contain links to non-Amazon login pages that capture usernames and passwords

2. Fake Royal Mail and EVRi tracking notifications – These continue to be some of the most clicked phishing links in the UK.

3. Ads on social media leading to cloned retail sites – Perfectly designed to mimic legitimate shops, but end with stolen card details or malware downloads.

4. Malicious Chrome extensions disguised as shopping helpers – Once installed, they monitor keystrokes and bypass weak security controls.

 

If employees access these on work devices, your entire Microsoft 365 tenant is suddenly at risk.

 

 

 

🛡️ Five Practical Steps to Stay Protected

 

These quick-win actions reduce the majority of Black Friday cyber risks:

1. Enable MFA on every account (no exceptions) – This stops over 99% of credential-based attacks, even if someone’s password is stolen.

2. Turn on Conditional Access policies – Block risky sign-ins, enforce location rules, and prevent logins from suspicious devices automatically.

3. Use Microsoft Defender to monitor malicious links and attachments – Defender will block most phishing attempts before they reach your team.

4. Educate your staff before the shopping rush starts – A 5-minute reminder reduces the risk more than any tool.

5. Keep shopping separate from work devices – Personal browsing on business laptops is one of the most common ways malware spreads.

 

 

 

🧾 Quick Black Friday Checklist for Your Team

 

Before they start shopping online, encourage your staff to ask:

• Does the website URL look correct?
• Am I clicking from an email or going directly to the retailer’s site myself?
• Is the discount suspiciously high?
• Is this a legitimate delivery notification?
• Do I have MFA enabled on the account I’m logging into?

 

A moment of caution can prevent a major breach.

 

 

🔐 How Microsoft 365 Can Help Your Business Stay Safe

 

Microsoft 365 gives you built-in protection that’s incredibly effective when configured properly:

• Defender scans links, blocks malicious files, and stops suspicious behaviour.
• Conditional Access protects your accounts from unusual login attempts.
• Defender for Office 365 filters phishing emails and spoofed domains.
• Microsoft Authenticator adds a layer of verification scammers can’t bypass.

 

Together, these tools prevent over 90% of Black Friday–style cyber attacks.