Skip to main content

Avoid these Black Friday and Cyber Monday scam websites

Young woman holding credit card and looking at laptop screen with skeptical expression.
(Image credit: fizkes/Shutterstock)

Retailers aren't the only people trying to make a buck off you during the Black Friday and Cyber Monday shopping season.

Scammers and spammers want your hard-earned money, too, and they're creating thousands of phony websites and phony ads designed to fool you into giving up your personal information and your credit-card numbers.

The number of look-alike retail sites used in phishing campaigns has more than doubled since a year ago, reaching more than 350,000, Israeli firm Check Point said in a report released today (Nov. 26). 

In another report released today, U.S. firm ZeroFOX found more than 60,000 ad campaigns on social media and other online platforms sending victims to those impostor retail sites.

The scam ads often say they're offering coupons, deep discounts or even giveaways, ZeroFOX found, and use hashtags like "#blackfriday" and "#cybermonday." In one instance, a fake Walmart ad claimed to be giving away an iPhone 11, but tricked victims into installing a malicious Google Chrome browser extension.

How to avoid holiday shopping scams

To protect yourself from holiday shopping scammers, use common sense and check web addresses very carefully. If something sounds too good to be true, it almost certainly is. If a link in an email or a Facebook post goes not to "amazon.com" but to "sh0p-amazon.com," then it's almost certainly a scam.

For more on protecting yourself while shopping, check out our guides: How to shop safely on Black Friday, 9 tips for safe Cyber Monday shopping and 11 ways to stay safe when shopping online.

1,700 different ways to spell 'Amazon'

Check Point scanned web registrars for clearly deceptive domain names and found 1,700 such phony URLs targeting Amazon.com alone, such as"sh0p-amazon.com" and "amazon-centers.com". 

Amazon itself has already grabbed low-hanging fruit like "amaz0n.com", but "sh0p-amazon.com" is registered to a gentleman in the Andaman and Nicobar Islands state of India. You probably don't intend to be doing business with him.

Some of these phony sites are really convincing. Check Point gave the example of a website at http://www.xwrbs.com/ that claims to be the official retailer of Ray-Ban sunglasses, but is offering discounts of 90%. The site was up and running when we checked this afternoon.

A fake Ray-Ban retail website hosted at xwrbs.com.

A fake Ray-Ban retail website hosted at xwrbs.com. (Image credit: XWRBS.com)

Yet the domain, xwrbs.com, was registered only on Nov. 1 of this year, and the domain owner is hidden behind a proxy service, Privacy Guardian of Phoenix, Arizona.

The phony Ray-Ban site lets you view different models, add them to your cart and order the sunglasses, just like a real retail site. But it doesn't take credit cards, Check Point said -- xwrbs.com accepts only PayPal. 

"If an unwary customer does pay, the sunglasses will probably never arrive," Check Point dryly noted, "or at best, a cheap fake might be delivered if the criminals are very generous."

Meanwhile, ZeroFOX found something like 40,000 fake domain names pretending to be Apple. More than 15,000 similarly spoofed Amazon, and more than 12,000 targeted, well, Target. Together, those three brands made up more than 56% of all the fake domains ZeroFOX unearthed.