While the Black Friday sale is now live on major platforms like Amazon, Flipkart, and others, cybercriminals are not waiting. Over 2,000 fake websites have cropped up, emulating actual stores with festive banners, countdown clocks, and sham reviews to lure buyers into making quick payments. According to cybersecurity firm CloudSEK, these websites steal payment and personal information, which can then be used for financial fraud or identity theft. Unlike random scams in the past, the Black Friday sale scam is now a large, organised operation, with the fake stores pretending to be major brands like Apple, Samsung, Xiaomi, and Amazon. With deals happening right now, every click counts, and shoppers need to check URLs and head to official websites to avoid costly mistakes.
According to CloudSEK, more than 2,000 fake websites were detected ahead of this year’s Black Friday sales. These sites have all the trappings of real online stores, with festive banners, countdown clocks, and fake reviews. Scammers build these touches into the websites to give shoppers a sense of urgency, compelling them to act without checking the details. The attackers primarily target payment information and personal details, which can be used for financial theft or identity fraud. CloudSEK warns that this form of operation has grown from isolated scams to large-scale, organised fraud.
Also read: OpenAI confirms millions affected in Mixpanel-linked data leak: Here’s what it means
These scams operate in a structured manner. Every time a shopper checks out on a fake website, their payment details are silently redirected to attacker-controlled accounts. Users usually land on these sites via advertisements on social media, shared links on messaging apps like WhatsApp and Telegram, and manipulated search engine results before reaching official brand pages. Each fake store can attract hundreds of visitors quickly, converting between 3 and 8 percent into victims. In these numbers, scammers can earn thousands of dollars from a single site before authorities take it down.
CloudSEK investigation revealed that two major phishing site clusters were discovered. The first cluster had more than 750 linked domains, of which more than 170 domains spoofed Amazon. These websites use identical layouts, flash discounts, and/or fake purchase notifications to lure customers. The second cluster is even bigger: upwards of 1,000 .shop extension domains impersonating major brands such as Apple, Samsung, Ray-Ban, Logitech, Xiaomi, HP, and Jo Malone. The scammers recycle templates, graphics, and scripts to deploy the spoof stores at rapid speed, revealing that this is an extremely coordinated campaign rather than isolated attacks.
Also read: Apple may soon increase iPhone 17 price in India by Rs 7,000, here is why
These scams have consequences beyond financial losses. Victims may experience identity theft, long-term misuse of personal information, and difficulty resolving fraudulent transactions. Reputational damage, lost revenue, and higher customer support costs are also consequences for legitimate brands, as shoppers are redirected to fake websites.
Experts warn that shoppers need to be a bit more careful this season. Avoid sites offering outlandish discounts of 70-90%, double-check the URLs for spelling mistakes or unusual endings, and it is also advised not to pay any heed to countdown timers and urgent pop-ups. Also, trust seals need to be checked, and one should go to official sites or verified applications. Any checkout page leading to unrelated sites is best avoided. CloudSEK recommends tracking rogue domains by retailers and regulators, acting promptly upon takedown requests, and collaborating to bring down phishing networks.
Cybersecurity experts emphasise that awareness is the first line of defence. Online crooks are getting smarter at the same rate as shoppers. A minute spent verifying a site before clicking “buy now” can save thousands of rupees and prevent identity theft. Not every deal online is real, and a wrong click can turn a shopping spree into an expensive mistake.