Holiday deal season has officially begun – and so have the scams. Cybersecurity researchers report a massive surge in fake Amazon and other retail websites designed to trick people into entering their passwords and payment information. And with Black Friday hype in full swing, cybercriminals know many of us are rushing and less likely to double-check what we’re clicking.
According to new data from NordVPN, fake Amazon websites jumped 232% in October compared to September, while fake shopping sites overall increased 250%. Fake eBay sites saw an even more shocking rise of 525%. All of this comes as phishing attacks climbed 36% between August and October.
The problem is bigger than most people realize. NordVPN’s testing also showed that 68% of people globally don’t know how to identify a phishing website, creating the perfect environment for scammers targeting those racing to snag “doorbuster” deals.
And I get it: When you’re scrolling through posts about a limited-time discount or an “exclusive” sale link from a friend, it’s tempting to tap first and think later. But that’s exactly what criminals are counting on.
Read more: Great Early Black Friday Deals on Essential Travel Tech
How Fake Amazon Sites Try to Fool You
These malicious sites often look almost identical to the real thing: The Amazon logo, familiar product pages, fake Prime branding, even fraudulent order confirmation emails that link you “back to Amazon.” Only you’re not going to Amazon. You’re handing your account credentials to someone who plans to drain gift card balances, place fraudulent orders, or flip access to your account for cash.
Some scammers also spin up fake shipping notifications during the holidays. The message claims there’s an issue with your package – you just need to log in or update payment info. One click, and the scam is in motion.
Read more: Why the Obviously Fake Dashlane Hack Phishing Email Still Made Me Jump
What I Do to Stay Safe – And You Should Too
The most reliable way to avoid these traps is to navigate intentionally, not impulsively.
My rule: Never click links to Amazon. Go directly.
If there’s truly a legitimate deal, I’ll find it by typing the product name into the real Amazon website or app myself. Amazon doesn’t have secret sales buried behind special links – if it’s real, it’s findable.
I use my password manager to autofill my Amazon password when I need to log in. Password managers won’t autofill on look-alike scam domains if I make a typo. If my password manager doesn’t recognize the site, that’s my warning to close the tab and back away. We use and recommend 1Password and Dashlane at Techlicious.
To help people avoid winding up on these look-alike sites, NordVPN includes a tool called Threat Protection Pro in its Plus and higher VPN plans (starting at $3.89/month on a two-year plan). The service checks links in real time against known phishing and malware domains, uses machine learning to spot new scam sites designed to mimic major brands, and blocks ads and trackers that can lead you to malicious pages – and it works even when the VPN isn’t turned on.
Read more: Your Weak, Old, Reused Passwords Are All Over the Internet
Simple Tips to Avoid Being Scammed
- Look at the URL closely. Typos and extra characters are a giant red flag.
- Avoid search engine ads for retailer names. Scammers buy those placements.
- Don’t trust texts or emails with “exclusive” deals. Go straight to the retailer instead.
- Use multi-factor authentication on your Amazon account to prevent takeovers.
- Be suspicious of “too good to be true” pricing. Because it usually is.
The Bottom Line
Criminals follow the money, and right now the money is in online holiday shopping. Every year, these scams get more polished and harder to spot. But you don’t have to outsmart them – you just have to avoid walking into their traps.
If you’re hunting for Black Friday deals, go in with a plan, not a click-happy mindset. Security takes just a few extra seconds, and it’s a lot easier than recovering a hacked Amazon account during the busiest shopping week of the year.
[Image credit: Suzanne Kantra/Techlicious via ChatGPT]
