With companies releasing Black Friday weeks ahead of time, cybersecurity specialists are sounding the alarm over the rise in scamming attempts. The NordVPN Threat Protection Pro team notes a 250% surge in fake shopping websites during the shopping season.
Cybercriminals are eager to exploit consumers during one of the biggest shopping seasons of the year. The rush of Black Friday makes bargain hunters or less tech-savvy consumers great victims for fraudsters.
“Scammers exploit the frenzy around doorbuster deals and flash sales, knowing that rushed shoppers are more likely to click on malicious links or share personal information without thinking twice," Marijus Briedis, the CTO of NordVPN, a company that provides virtual private network (VPN) services, claimed.
The NordVPN company used its Threat Protection Pro tool, which blocks malicious websites, ads, and trackers, to reveal data about the dangers that can lurk behind offers that may look too good to be true.
Their team noted a 250% spike in fake shopping sites, found through aggregated data of NordVPN’s Threat Protection Pro service from August 1, 2025, to October 31, 2025.
Using the same tool, their team reported a 525% and 232% rise in impersonations of eBay and Amazon, respectively.
Spotting fake websites & scams
One of the ways scammers succeed in deceiving consumers is by using fraudulent websites. These are designed to mimic legitimate retailers, going as far as using popular brand logos, a nearly identical layout and checkout systems.
"Criminals create convincing fake websites, impersonate trustworthy brands in emails, in searches and on social media, and disseminate misleading adverts that direct shoppers to similar shops, designed to capture every detail of the checkout," NordVPN’s cybersecurity expert, Adrianus Warmenhoven, told Euronews.
The January-September 2025 report by NordVPN also revealed that 99% of all phishing attacks involve impersonation of just 300 brands, with companies like Telegram, Google, Yahoo, Bet365, Amazon, and Apple making the top 10.
Now, ahead of Black Friday, NordVPN reported a 232% increase in Amazon-impersonating websites.
Fake websites or phishing attempts often share indicators of illegitimacy, such as misspellings in the URL or the absence of a padlock icon next to the web address. Telltale signs include “the URL being slightly off or no SSL certificate. These small details are your first clues,” according to Warmenhoven.
Attackers also use urgency to act on the user’s emotion and make them forget to double-check the legitimacy of the message.
“Urgency is the name of the game here. Attackers want you to feel like something bad will happen if you don’t act fast. They prey on emotions and they use fear, urgency, and curiosity to get you to click,” Warmenhoven claimed.
How to stay safe
The Black Friday rush and its limited deals can make it difficult to notice signs of phishing attempts, but it’s important to stay alert.
“People are getting better at spotting fraud attempts, but far too many internet users still ignore updates or reuse passwords, and it’s precisely these small weaknesses that criminals exploit,” Briedis claimed.
Briedis has also shared a few tips on how consumers can prevent phishing and improve their online security and privacy:
- Use strong passwords that are unique, set up passkeys, and take advantage of a password manager.
- Enable multi-factor authentication to add another layer of security to your account.
- Update your software, apps, and operating systems.
- Use a VPN, which encrypts your internet traffic and conceals personal information from third-party peeks.
- Regularly review and update privacy settings on your social media accounts or other online services.
- Keep learning about cybersecurity and how to protect your online identity.