Security researchers reported a surge of more than 2,000 holiday-themed fake storefronts impersonating major retailers. The campaign uses typo-squatted and .shop domains to harvest payment and identity data, warning shoppers to be extra cautious this Black Friday.

A CloudSEK-backed analysis published Nov 27, 2025 has flagged a coordinated campaign that deployed over 2,000 fraudulent holiday storefronts designed to impersonate major retailers such as Amazon, Samsung and Apple. The scam network relied on typo-squatted domains and mass-created .shop sites, combined with convincing product listings and checkout pages to capture payment card details and personal information. These ghost stores are often promoted through paid social ads and phishing emails that push buyers to complete purchases on lookalike sites. Security experts warn that victims may not realize they’ve been scammed until charges appear on statements or orders never ship, and stolen details are reused in identity-fraud schemes. Immediate consumer advice includes navigating to retailer webpages by typing the known URL directly, checking for HTTPS and correct domain spellings, using virtual or single-use cards where available, and confirming seller details and reviews. Regulators and platforms are also being urged to speed up takedown processes for mass-produced fraudulent stores. (Source: LiveMint/CloudSEK report, Nov 27, 2025)