Top 5 Ways Fraudsters are Targeting YOU This Black Friday

The holiday shopping rush has become a hunting ground for cybercriminals. As millions of consumers chase bargains this Black Friday, sophisticated fraud operations are scaling up to meet them. Data from Pew Research indicates that more than a third of American adults have already experienced some form of online shopping scam, while the Federal Trade Commission (FTC) recorded nearly $435 million in losses from this category of fraud last year.

What makes 2025 particularly dangerous is the industrialization of fraud. Researchers have documented a dramatic increase in fraudulent e-commerce domains appearing in the weeks before Black Friday, with NordVPN reporting a 250% jump in bogus online storefronts like Amazon and eBay.

The National Retail Federation projects holiday retail sales will reach record levels in 2025, approximately 3-4% higher than 2024, with an estimated 187 million shoppers expected over Thanksgiving weekend alone and 130 million on Black Friday specifically. Of significant concern: 55% of shoppers plan to make purchases online, where fraud detection is more challenging.

“Consumers should watch out for phishing scams in the shape of fake coupons, discount codes, and ‘huge deals!,’ cautions Randy Rose, Vice President of Security Operations & Intelligence at the Multi-State Information Sharing and Analysis Center (MS-ISAC) at the Center for Internet Security (CIS).

Below are five of the most pressing threats facing shoppers this season, along with practical guidance on how to sidestep them.

1. Phantom Storefronts That Disappear After You Pay

The threat:

Criminals are spinning up convincing replica websites at unprecedented speed. These sites mimic legitimate retailers down to the product images, brand logos, and even trust badges. They advertise jaw-dropping discounts through social media ads – often 70% or more off premium products – then collect payment information and vanish within hours, leaving buyers with nothing or a cheap imitation.

Analysis has identified campaigns impersonating major brands including Amazon, IKEA, and Louis Vuitton. Some operations have leveraged legitimate cloud hosting services to evade spam filters, making them harder to block. The short lifespan of these sites also makes it difficult for authorities to shut them down before the damage is done.

How to stay safe:

• Resist the urge to click through from social media advertisements. Instead, open a separate browser window and navigate to the retailer’s website directly to see if the offer is real.
• Scrutinize web addresses for subtle misspellings, additional words, or unusual domain extensions that differ from the official site.
• Run a quick search combining the store’s name with “scam” or “reviews” to see what others have reported.
• Treat any request to pay by bank transfer, cryptocurrency, or gift card as an immediate red flag. Reputable sellers will always accept standard card payments.

2. Bogus Delivery Alerts Designed to Harvest Your Details

The threat:

When you have several packages en route, a message about a delivery problem barely raises an eyebrow. Fraudsters exploit this by sending convincing texts or emails claiming a package requires further instructions or is held up and requires a small fee or address update to release.

It often includes a link that leads to a convincing clone of a postal service or major retailer’s website, where any information you enter goes straight to criminals. The United States Postal Inspection Service calls this particular scheme “smishing,” receiving “unsolicited mobile text messages with an unfamiliar or strange web link that indicates a USPS delivery requires a response from you.”

This tactic has become the single most reported text-based scam in the United States, according to FTC data, costing consumers hundreds of millions of dollars. The peak shopping season amplifies the risk because people genuinely are expecting deliveries and may act without thinking.

How to stay safe:

• Make it a rule never to tap links in unsolicited delivery messages. Go directly to the carrier’s app or website and enter the tracking number you already have.
• Be skeptical of any communication asking for payment to release a package; legitimate couriers do not operate this way.
• If you realize you have entered details on a suspicious site, contact your bank immediately to freeze your card/account and update your passwords.

3. AI-Generated Deception and Deepfake Impersonation

The threat:

Artificial intelligence (AI) has handed fraudsters a powerful new toolkit. Scammers can now generate realistic-looking websites, craft persuasive marketing copy that mirrors a brand’s tone, produce fake product reviews at scale, and even create deepfake videos of company executives announcing fictitious promotions. The telltale signs that once gave scams away – poor grammar, awkward phrasing, low-quality visuals – are rapidly disappearing.

Security researchers have found that more than three-quarters of phishing sites detected in the second quarter of 2025 contained AI-generated content, contributing to a surge in unique phishing campaigns. Law enforcement agencies have warned that criminals are scraping publicly available photos and videos from social media to train models capable of hyper-personalized attacks.

How to stay safe:

• Look for subtle inconsistencies in video content: unnatural lip movements, strange lighting, or robotic vocal patterns can indicate a deepfake.
• Confirm any sensational announcement by visiting the company’s verified social channels or official website before acting on it.
• Be wary of chatbots or customer service agents who push aggressively for personal details or steer you toward unusual payment methods.
• Approach product reviews with healthy skepticism if they lack specific detail or read identically across different sites.

4. Counterfeit Goods Masquerading as Luxury Bargains

The threat:

Black Friday creates ideal cover for sellers of knock-off merchandise. Listings appear offering designer handbags, premium headphones, branded sneakers, or the latest smartwatch at a fraction of the usual price. Buyers either receive a poor-quality imitation, or nothing at all. The problem is especially acute on marketplace platforms where third-party sellers can set up shop with minimal vetting.

Researchers have flagged campaigns exploiting household names across fashion, technology, and consumer electronics. Amazon remains the most frequently impersonated brand globally, appearing in countless phishing messages and fake coupon schemes. Luxury labels like Louis Vuitton and tech giants like Apple are also common targets.

How to stay safe:

• Treat extreme discounts on high-demand items as a warning sign rather than an opportunity. If a deal seems too good to be true, it probably is.
• Check whether the product is sold directly by the brand or an authorized retailer, rather than an unfamiliar third-party seller.
• Be especially cautious with items that will come into contact with skin, food, or children; counterfeits may not meet safety standards.
• A modest discount from a verified source is far safer than a dramatic markdown from an unknown vendor.

5. Fraudulent Customer Support and Fake Account Alerts

The threat:

When checkout problems strike during a busy sale, many shoppers instinctively search for a customer service number. Criminals have exploited this by seeding search results with fake helplines. Callers are then manipulated into handing over card details or redirected to alternative payment methods like wire transfers or gift cards under the pretense that the retailer’s systems are experiencing issues.

A related tactic involves unsolicited messages warning of suspicious account activity and urging recipients to verify their credentials immediately. The link provided leads to a replica login page that captures usernames and passwords. In the frantic atmosphere of a flash sale, harried shoppers are more likely to comply without pausing to verify authenticity.

How to stay safe:

• Only use contact details found on the retailer’s official website or app. Never rely on search engine results or unsolicited messages.
• Refuse any request to pay via gift card, wire transfer, or cryptocurrency, regardless of the reason given.
• Legitimate support agents will never ask for your full card number, PIN, or online banking password.
• Enable two-factor authentication wherever possible, so that stolen credentials alone are not enough to access your accounts.

The Bigger Picture: Fraud Is Scaling Up

The financial burden of payment fraud on U.S. businesses has reached historic levels. According to TransUnion‘s 2024 survey of business leaders, American companies reported losing an average of 9.8% of annual revenue to fraud over the past year, a 46% increase from the prior survey period and 27% higher than the global average of 7.7%. The data underscores the disproportionate targeting of U.S. enterprises by fraud operations.

Account takeover attacks have emerged as the costliest fraud category for domestic businesses, accounting for nearly one-third of all reported losses. Synthetic identity fraud (use of a combination of personally identifiable information to fabricate a person or entity to commit a dishonest act for financial or personal gain) follows at 24%, with authorized payment scams close behind at 23%, reflecting the diversity of attack methods across the fraud ecosystem.

The trajectory points toward continued escalation. Juniper Research projected global e-commerce fraud losses will climb from $44 billion in 2024 to $107 billion by 2029, a 141% increase. The holiday shopping season concentrates risk factors – elevated transaction volumes, time-sensitive promotions, and reduced consumer vigilance – creating optimal conditions for exploitation at scale.

Quick-Reference Checklist

1. Navigate directly: Type retailer addresses into your browser rather than clicking through from ads or messages.
2. Investigate unfamiliar sellers: A quick search for the store name alongside ‘scam’ or ‘reviews’ can reveal problems before you commit.
3. Pay by credit card: Credit cards offer stronger fraud protections and chargeback rights than debit cards, transfers, or gift cards.
4. Activate two-factor authentication: Adding a second verification step makes compromised passwords far less useful to attackers.
5. Inspect URLs carefully: Confirm the address matches the official domain exactly, with no extra words or unusual extensions.
6. Steer clear of public Wi-Fi for transactions: Unsecured networks make it easier for criminals to intercept data.
7. Trust your instincts: An offer that seems too generous to be real almost certainly is not.

   

8. Review statements frequently: Catching a fraudulent charge early makes recovery much simpler.

“Consumers also should be mindful of ‘quishing’ or QR phishing. Don’t scan QR codes from unknown/untrusted sources,” said CIS’s VP Rose.

Black Friday should be an opportunity to secure genuine savings, not a gateway to financial loss. A few moments of caution – verifying a site, double-checking a sender, or questioning an implausible price – can make all the difference. The best bargain is one that actually arrives and works as advertised.