← All resources
Guide

Black Friday scams: how to grab the deal, not the hook

Fake shops, cloned checkout pages, deal texts and malvertising spike every November. The five scams to expect — and the checks that catch them even when you’re in a hurry.

Guide · 6 min read · By SafeToOpen Research · July 2026

Every November, two curves rise together: online spending, and phishing. Scammers prepare for Black Friday the way retailers do — building fake shops, cloning checkout pages, and buying ads — because for a few weeks, a too-good-to-be-true price looks plausible and everyone is in a hurry. This guide covers the scams that spike around Black Friday and Cyber Monday, and the checks that catch them before you pay.

30–40%
Quarter-over-quarter growth in SMS-based fraud detections through 2025 — and delivery and deal texts spike hardest in November. Source: Crane Authentication, in APWG Q3–Q4 2025.

The five Black Friday scams to expect

The checks that work (even in a hurry)

If you already paid

Contact your bank or card issuer immediately to dispute the charge, change the password on any account you created (and anywhere it’s reused), and report the site so others are warned — our report page feeds confirmed scams to browsers and partners. Then watch for the follow-up: people who paid once are re-targeted with fake "refund" offers.

More on how store scams work year-round: fake online stores and shopping scams.

faq

Frequently asked questions

Check the domain (not the design), look up how old it is, and be sceptical of extreme discounts reached via ads or texts. If the deal exists, it will also exist when you type the retailer's address yourself.

Treat those ads as unverified. Seasonal fake shops rely heavily on social ads with 70–90% discounts. Find the retailer independently before paying, and pay by credit card for dispute protection.

Dispute the charge with your bank or card issuer immediately, change any password you used on the site, report the store, and ignore follow-up 'refund' contacts — they're the second act of the same scam.

See it for yourself

SafeToOpen adds real-time, zero-day protection in your browser and inbox — free to start.

See plans →

Sources

  1. BlackBerry, Global Threat Intelligence Report 2025, cited in Bolster, “Real-Time Brand Protection Alerts.” bolster.ai
  2. Verizon, 2025 Data Breach Investigations Report (DBIR) — median time to click a phishing link. verizon.com
  3. Interisle Consulting Group, Phishing Landscape 2025, cited in Bolster and NetDiligence. netdiligence.com
  4. Check Point Research / industry analysis on HTTPS use in phishing, cited in ControlD, “Phishing Statistics & Industry Trends.” controld.com

External statistics are attributed to their original publishers and were accurate at the time of writing. Figures from industry reports vary by methodology and period; we link to primary sources so you can verify them.

test yourself

Could you spot the fake?

Put this into practice: 12 real-world scams and genuine messages, two minutes, no sign-up.