CloudSEK researchers found a surge of holiday-themed fake storefronts ahead of Black Friday that harvest payment and personal data. The sites use recycled templates, urgency tactics and paid social ads to funnel shoppers to spoofed checkouts.

CloudSEK published research on Nov. 27 detailing the discovery of more than 2,000 fraudulent holiday and Black Friday‑themed online shops impersonating well‑known brands such as Amazon, Samsung and Apple. The investigation found attackers deploying cloned storefront templates and spoofed checkout pages that capture full payment and personal details. Many of the deceptive sites were amplified using paid social advertising and urgent-sounding copy (limited-time deals, low stock warnings) to rush shoppers through checkout without verifying legitimacy. Analysts noted that these rogue stores frequently recycle content and use simple domain‑spoofing tricks, while some integrate redirect chains to evade takedown efforts. CloudSEK advises consumers to verify domain names, inspect payment provider integrations, prefer saved payment methods with strong buyer protection, and avoid clicking through social ads. Platforms and ad networks are urged to improve vetting and accelerate takedown procedures; consumers should report suspect storefronts to brand owners and local authorities to help disrupt the funnel of stolen payment and identity data.