Every November, two curves rise together: online spending, and phishing. Scammers prepare for Black Friday the way retailers do — building fake shops, cloning checkout pages, and buying ads — because for a few weeks, a too-good-to-be-true price looks plausible and everyone is in a hurry. This guide covers the scams that spike around Black Friday and Cyber Monday, and the checks that catch them before you pay.
The five Black Friday scams to expect
- Fake shops built for one season. Whole storefronts — often advertised on social media — selling branded goods at 70–90% off. They take payments, ship nothing (or counterfeit goods), and vanish in January. The domain is usually weeks old.
- Cloned retailer pages. Pixel-perfect copies of real checkout or login pages for major retailers, reached from ads, emails or texts about a "flash deal." The page harvests your card; the confirmation never comes.
- Fake order and delivery messages. "There’s a problem with your order" or "your parcel is held" — timed for when you genuinely are expecting parcels, so the lure matches reality. Covered in depth in our fake delivery scams guide.
- Gift-card cons. Discounted gift cards that arrive drained, and "pay with gift cards for a bigger discount" requests — no legitimate retailer asks for that.
- Search and social ads. Malvertising puts the fake shop above the real one in results. The ad slot is bought; the trust is borrowed.
The checks that work (even in a hurry)
- Check the domain, not the design. Design can be copied in minutes. Read the address right to left — the domain before the first slash is the only part that identifies the owner.
- Look up the domain’s age. A "major retailer" on a domain registered three weeks ago is the strongest scam signal there is.
- Be suspicious of how you arrived. If you came from an ad, text or email, treat the page as unverified — open the retailer’s app or type the address yourself instead.
- Pay by credit card. Card payments carry the strongest dispute protections; bank transfers and gift cards are effectively cash.
- Let something check the page for you. At 11pm with a deal expiring, nobody reads URLs carefully. Real-time protection judges the page as it loads — that’s exactly what SafeToOpen does, free.
If you already paid
Contact your bank or card issuer immediately to dispute the charge, change the password on any account you created (and anywhere it’s reused), and report the site so others are warned — our report page feeds confirmed scams to browsers and partners. Then watch for the follow-up: people who paid once are re-targeted with fake "refund" offers.
More on how store scams work year-round: fake online stores and shopping scams.