The annual Black Friday sales event is notorious for attracting both bargain hunters and cybercriminals. A new analysis by cybersecurity firm NordVPN reveals a staggering 250% increase in fake online shops in the weeks leading up to this year’s event. This surge poses a significant risk to consumers, with phishing attacks and fraudulent websites becoming increasingly sophisticated.
The Rising Threat of Fake Retailers
NordVPN’s data shows that the number of websites designed to mimic legitimate retailers—like eBay and Amazon—has skyrocketed in recent months. Fake eBay clones increased by 525% in October compared to September, while Amazon imitations jumped by 232%. This trend coincides with the peak shopping season, making consumers more vulnerable to scams.
The analysis also highlights a worrying lack of awareness: 68% of global consumers don’t know how to identify a phishing site. As a result, phishing attacks have increased by 36% between August and October.
Dark Web Trends: Card Prices Reflect Supply and Demand
The surge in fraudulent activity is mirrored on dark web marketplaces, where stolen payment card data is sold. NordVPN’s research shows that card prices fluctuate based on supply and demand. Cards from countries with strict anti-fraud controls, like Japan, command higher prices due to scarcity. Conversely, cards from markets with abundant data, such as the US and Spain, are cheaper, often sold in bulk.
The US is the most heavily targeted country, with over 60% of stolen payment cards originating from American users. Singapore follows with around 11%, and Spain with approximately 10%.
How Cybercriminals Exploit Black Friday
Cybercriminals use a multi-pronged approach to exploit shoppers during Black Friday. They create convincing fake websites, impersonate trusted brands in emails and search results, and disseminate misleading ads that redirect users to fraudulent stores designed to steal their checkout details.
One key method is e-skimming, where malicious code hijacks digital payment tools to silently record personal and financial data. According to NordVPN’s cybersecurity expert Adrianus Warmenhoven, this combination of brand counterfeiting, fake ads, and script injections fuels a constant flow of stolen card data, which is quickly monetized through gift cards, merchandise, travel, or outright theft.
The Real-World Consequences for Victims
The consequences for victims are severe, extending beyond financial loss. Even when banks reimburse stolen funds, consumers face blocked cards, litigation documentation, lost parcels, and endless password resets. The emotional toll of identity theft and fraud is significant.
Protecting Yourself This Black Friday
To avoid falling victim to online scams, shoppers should remain vigilant. Stick to trusted retailers, verify website URLs, and be wary of deals that seem too good to be true. Always use strong, unique passwords, and consider using a virtual private network (VPN) to encrypt your online activity.
The surge in fake online shops ahead of Black Friday underscores the growing sophistication of cybercriminals and the importance of consumer awareness. By taking proactive steps to protect your data, you can navigate the sales season safely
