The last Friday in November, known as ”Black Friday,” marks the start of the Thanksgiving weekend in the U.S. as well as a massive, increasingly global online shopping extravaganza. It’s also a potential prime feeding ground for cyber-scammers and phishing attacks. But, how worried should online shoppers really be about the risks they face when browsing and sharing information online, especially while out and about or shopping from their work computer?

Want to protect yourself? Then follow these simple tips, every day from Sophos Naked Security:

Tip 1: Whatever you decide to do to improve your cybersecurity on Black Friday or on Cyber Monday, *keep on doing it on Tuesday, Wednesday, Thursday Friday*. That’s really important.

If it takes Black Friday to make you lift your cybersecurity game, keep it lifted forever.

Tip 2: Get and use a password manager if you’re not using one already.

That’s one of those tools that has a master password – yes, you have to pick a good one, and you have to be cautious with it – but the big deal with a password manager, in a situation like Black Friday when you might be clicking links that take you to fake sites, is this.

As well as picking a different password for every site, which makes it harder for the crooks; as well as picking a complicated, random, long password for every site because the computer can remember a number this long [STRETCHES ARMS WIDE] as easily as you can remember your cat’s name… the hidden coolness of a password manager is that, if you go to a fake site, the password manager won’t put your password in *because it’s never heard of that site before*.

So it’s a great way of protecting yourself from phishing, as well as making sure that you don’t take risks with passwords.

And as a side tip, if you have a service that lets you have 2FA (two-factor authentication), where you get a code that’s texted to your phone or you have an app on your phone that generates a second code which is different every time, then use that as well. Because with 2FA, if the crooks do get your password, they also need that code, and the code changes every time.

Tip 3: Consider getting a prepaid credit card to use with those sites. Prepaid credit cards have a fixed amount of money on them, and when the money’s gone, that’s that. So you are greatly limiting your exposure if the crooks do get hold of that number.

Tip 4: Measure twice; cut once. It’s possible that you could get hit by a scam, on Black Friday, Cyber Monday or any day of the year, that is so well crafted by the crooks that anybody would fall for it.

But in very many cases, on scam sites, phishing sites, bogus sites… there is often at least one giveaway.

Not all crooks mess up their their HTTPS certificate; not all crooks use a dodgy looking domain name; not all crooks make spelling mistakes; not all crooks make a mistake with the currency sign… but if they do make a mistake, *make sure you don’t miss the tips that are obviously there*.