And scammers just launched 330 malicious domains in 10 days.
Black Friday is two days away, and cybercriminals are already working overtime.
New research shows a massive surge in Black Friday-themed scam websites. In October 2025, 158 new Black Friday domains were registered (a 93% increase over the monthly average). But early November? 330 new domains in just the first 10 days, and nearly 1 in 11% of those domains is malicious.
Phishing attacks targeting Black Friday shoppers have jumped 620% since the start of November. Attacks impersonating major retailers spiked 54% in just the past week. Amazon is getting hit the hardest, with 80% of all brand impersonation phishing attacks in November being fake Amazon emails.
Over 2 million phishing attacks have targeted shoppers globally this season. And security researchers expect attacks to jump another 20-30% this week.
The AI Problem
Here’s what makes this year different: GenAI tools are making it faster and easier for scammers to create convincing fake websites.
That means more scam sites, more localized versions targeting specific regions, and more sophisticated phishing pages that are harder to detect. Attackers are using AI to write more convincing emails, mimic brand voice perfectly, and create fake websites that look identical to the real thing.
What the Scams Look Like
- Fake websites: New domains that look almost identical to legitimate retailers. The URL might be Amazondeals.com instead of Amazon.com (close enough to fool you if you’re not paying attention).
- Phishing emails: Fake notifications claiming there’s an issue with your shipment. Once you enter your login credentials, attackers have access to your real account.
- Social media ads: Sponsored posts promoting insane discounts. They look like real brand ads but link to scam sites.
- Fake urgency: Countdown timers, “last few in stock” warnings or “offer expires in 10 minutes” threats. All designed to make you click before you think.
Why This Matters for Your Business
Your employees are shopping online during work hours. They’re using work devices and checking personal email on company networks.
If one employee clicks a phishing link and enters their credentials, attackers now have a foothold. Personal email compromise can lead to business credential theft (especially if employees reuse passwords). AKA one distracted click during the holiday rush can create a serious security incident.
How to Spot the Fakes
- Check the URL carefully. Look at the actual web address. If it looks even slightly off, don’t trust it.
- Look for HTTPS. Make sure the web address starts with https:// (the “s” matters especially).
- Don’t click links in emails. Go directly to the retailer’s website or app instead.
- Question the urgency. Legitimate retailers don’t threaten to cancel your account if you don’t click right now.
- If it seems too good to be true, it probably is. Below-cost pricing on high-ticket items? Red flags.
What to Do Right Now
For yourself: Shop only through official apps or by typing the website directly. Absolutely enable two-factor authentication and use a credit card on purchases (not debit) for better fraud protection.
For your business: Send a quick reminder to employees about phishing scams, encourage personal shopping on personal devices, and make sure email security is up to date.
The Bottom Line
Black Friday scams are getting more sophisticated and backed by AI tools that make them nearly indistinguishable from legitimate retailers. Attackers know you’re expecting emails from retailers right now, and they’re counting on you clicking without thinking.
Take five extra seconds to check the URL or go directly to retailer websites instead of clicking email links. The best Black Friday deal? Not getting scammed.
Protect your business from holiday phishing attacks.
GiaSpace helps Florida businesses strengthen email security, train employees on phishing threats, and implement monitoring that catches attacks before they cause damage.
👉 Schedule Your Free Security Assessment
Published: Nov 26, 2025
