Black Friday scams soar as fake brand emails target shoppers globally

Online shoppers are being targeted by a wave of scam campaigns exploiting the Black Friday and Cyber Monday sales window, according to new research from cyber security firm Bitdefender. The company's analysis found over half of Black Friday-themed spam emails globally are fraudulent, using well-known retail brands to trick recipients into sharing personal and financial information.

Global reach

Bitdefender's Antispam Lab examined scam activity between 1 October and 10 November. It found that 53% of all Black Friday-themed spam emails were scams. These campaigns most often impersonated Amazon, with MediaMarkt, IKEA, TEMU, and Binance also frequently used. The scams have a global footprint, but consumers in the United States received the majority, accounting for 60% of the malicious messages. Germany, Ireland, South Africa, and the UK followed in volume. The United States was also the largest source of such spam, but significant volumes originated from the Netherlands and Indonesia.

Brand impersonation

Scammers increasingly mimic the logos, language, and formatting of trusted brands to gain consumer trust. Bitdefender traced attacks leveraging the reputations of Amazon, MediaMarkt, Kaufland, Grohe, Louis Vuitton, Jack Daniel's, Reese's, and United Healthcare. One German-language campaign impersonated MediaMarkt, promising fake vouchers of €500-€1,000. These emails were distributed via infrastructure hosted on Google Cloud, with urgency-driven subject lines intended to prompt immediate action from recipients.

Healthcare brands have also been targets. Fake 'Black Friday Smile Upgrade' offers from an email purporting to be United Healthcare promoted Oral-B dental kits and attempted to gather patients' private health data.

Evolving tactics

Shopping-related scams include offers of luxury goods such as designer bags at attractive prices. One example advertised Louis Vuitton bags selling from $200, using recycled templates previously seen in similar campaigns. More sophisticated operations relied on online advertising channels. A known campaign used Meta's ad platform to direct users to lookalike Binance sites via trading promotions, delivering information-stealing malware to compromise credentials, browser data, and crypto wallets.

Regional trends

Although the research highlights the US as the key territory in both origination and targeting of scam activity, the issue is global. Bitdefender's telemetry recorded attacks across Asia-Pacific, Latin America, and Eastern Europe. The findings reflect an increase in scams tied to peak shopping periods but stress that digital fraud is a persistent and cross-border phenomenon.

Scam impact

Bitdefender's wider Cybersecurity Assessment Report revealed that citizens are incurring real losses as a result of these scams. Nearly one in six survey respondents in Australia reported being scammed in the past year, with those incidents resulting in an average loss of $545. Over a quarter of the scams were shopping-related, including delivery and shipping fraud.

Bitdefender researchers note the renewed focus on trusted brands is a major feature of this year's scams as cyber criminals adapt to shifting online shopping habits and economic pressures.

Precautionary advice

The company advises consumers to only shop through official websites, be alert to fake delivery notifications, use link-checking tools, and report suspicious messages promptly. Keeping automated security protection enabled is also recommended by the firm.

"Cybercriminals know consumers are looking for deals during this period, and by mimicking trusted brands, they are increasing the likelihood victims will fall for these schemes," said Bogdan Botezatu, Director of Threat Research and Reporting, Bitdefender.