{“lastseen”:”2025-11-24T18:05:12″,”description”:”Black Friday is supposed to be chaotic, sure, but not _this_ chaotic.\\n\\nWhile monitoring malvertising patterns ahead of the holiday rush, I uncovered one of the most widespread and polished Black Friday scam campaigns circulating online right now. \\n\\nIt\u2019s not a niche problem. Our own research shows that 40% of people have been targeted by malvertising, and more than 1 in 10 have fallen victim, a trend that shows up again and again in holiday-season fraud patterns. Read more in our 2025 holiday scam overview.\\n\\nThrough malicious ads hidden on legitimate websites, users are silently redirected into an endless loop of fake \u201cSurvey Reward\u201d pages impersonating dozens of major brands. \\n\\nWhat looked like a single suspicious redirect quickly turned into something much bigger. One domain led to five more. Five led to twenty. And as the pattern took shape, the scale became impossible to ignore: **more than 100 unique domains** , all using the same fraud template, each swapping in different branding depending on which company they wanted to impersonate.\\n\\nThis is an industrialized malvertising operation built specifically for the Black Friday window.\\n\\n## **The brands being impersonated**\\n\\nThe attackers deliberately selected big-name, high-trust brands with strong holiday-season appeal. Across the campaign, I observed impersonations of:\\n\\n * Walmart\\n * Home Depot\\n * Lowe\u2019s\\n * Louis Vuitton\\n * CVS Pharmacy\\n * AARP\\n * Coca-Cola\\n * UnitedHealth Group\\n * Dick\u2019s Sporting Goods\\n * YETI\\n * LEGO\\n * Ulta Beauty\\n * Tourneau \/ Bucherer\\n * McCormick\\n * Harry \\u0026 David\\n * WORX\\n * Northern Tool\\n * POP MART\\n * Lovehoney\\n * Petco\\n * Petsmart\\n * Uncharted Supply Co.\\n * Starlink (especially the trending Starlink Mini Kit)\\n * Lululemon \/ \u201clalubu\u201d-style athletic apparel imitators\\n\\n\\n\\nThese choices are calculated. If people are shopping for a LEGO Titanic set, a YETI bundle, a Lululemon-style hoodie pack, or the highly hyped Starlink Mini Kit, scammers know exactly what bait will get clicks.\\n\\nIn other words: They weaponize whatever is trending.\\n\\n   \\n\\n## **How the scam works**\\n\\n### **1\\\\. A malicious ad kicks off an invisible redirect chain**\\n\\nA user clicks a seemingly harmless ad\u2014or in some cases, simply scrolls past it\u2014and is immediately funneled through multiple redirect hops. None of this is visible or obvious. By the time the page settles, the user lands somewhere they never intended to go.\\n\\n### **2\\\\. A polished \u201cSurvey About [Brand]\u201d page appears**\\n\\nEvery fake site is built on the same template:\\n\\n * Brand name and logo at the top\\n * A fake timestamp (\u201cSurvey \u2013 November X, 2025 \u201d)\\n * A simple, centered reward box\\n * A countdown timer to create urgency\\n * A blurred background meant to evoke the brand\u2019s store or product environment\\n\\n\\n\\nIt looks clean, consistent, and surprisingly professional.\\n\\n### **3\\\\. The reward depends on which brand is being impersonated**\\n\\nSome examples of \\”rewards\\” I found in my investigation:\\n\\n * Starlink Mini Kit\\n * YETI Ultimate Gear Bundle\\n * LEGO Falcon Exclusive \/ Titanic set\\n * Lululemon-style athletic packs\\n * McCormick 50-piece spice kit\\n * Coca-Cola mini-fridge combo\\n * Petco \/ Petsmart \u201cDog Mystery Box\u201d\\n * Louis Vuitton Horizon suitcase\\n * Home Depot tool bundles\\n * AARP health monitoring kit\\n * WORX cordless blower\\n * Walmart holiday candy mega-pack\\n\\n\\n\\nEach reward is desirable, seasonal, realistic, and perfectly aligned with current shopping trends. This is social engineering disguised as a giveaway. I wrote about the psychology behind this sort of scam in my article about Walmart gift card scams.\\n\\n        \\n\\n### **4\\\\. The \u201csurvey\u201d primes the victim**\\n\\nThe survey questions are generic and identical across all sites. They are there purely to build commitment and make the user feel like they\u2019re earning the reward.\\n\\nAfter the survey, the system claims:\\n\\n * Only 1 reward left\\n * Offer expires in 6 minutes\\n * A small processing\/shipping fee applies\\n\\n\\n\\nScarcity and urgency push fast decisions.\\n\\n### **5\\\\. The final step: a \u201cshipping fee\u201d checkout**\\n\\nUsers are funneled into a credit card form requesting:\\n\\n * Full name\\n * Address\\n * Email\\n * Phone\\n * Complete credit card details, including CVV\\n\\n\\n\\nThe shipping fees typically range from $6.99 to $11.94. They’re just low enough to feel harmless, and worth the small spend to win a larger prize.\\n\\nSome variants add persuasive nudges like:\\n\\n\\u003e \u201cReceive $2.41 OFF when paying with Mastercard.\u201d\\n\\nWhile it’s a small detail, it mimics many legitimate checkout flows.\\n\\nOnce attackers obtain personal and payment data through these forms, they are free to use it in any way they choose. That might be unauthorized charges, resale, or inclusion in further fraud. The structure and scale of the operation strongly suggest that this data collection is the primary goal.\\n\\n## **Why this scam works so well**\\n\\nSeveral psychological levers converge here:\\n\\n * **People expect unusually good deals on Black Friday**\\n * **Big brands lower skepticism**\\n * **Timers create urgency**\\n * **\u201cShipping only\u201d sounds risk-free**\\n * **Products match current hype cycles**\\n * **The templates look modern and legitimate**\\n\\n\\n\\nUnlike the crude, typo-filled phishing of a decade ago, these scams are part of a polished fraud machine built around holiday shopping behavior.\\n\\n## **Technical patterns across the scam network**\\n\\nAcross investigations, the sites shared:\\n\\n * Identical HTML and CSS structure\\n * The same JavaScript countdown logic\\n * Nearly identical reward descriptions\\n * Repeated \u201cOut of stock soon \/ 1 left\u201d mechanics\\n * Swappable brand banners\\n * Blurred backgrounds masking reuse\\n * High-volume domain rotation\\n * Multi-hop redirects originating from malicious ads\\n\\n\\n\\nIt\u2019s clear these domains come from a single organized operation, not a random assortment of lone scammers.\\n\\n## **Final thoughts**\\n\\nBlack Friday always brings incredible deals, but it also brings incredible opportunities for scammers. This year\u2019s \u201cfree gift\u201d campaign stands out not just for its size, but for its timing, polish, and trend-driven bait.\\n\\nIt exploits, excitement, brand trust, holiday urgency, and the expectation of \u201ctoo good to be true\u201d deals suddenly becoming true.\\n\\nStaying cautious and skeptical is the first line of defense against \u201cfree reward\u201d scams that only want your shipping details, your identity, and your card information.\\n\\nAnd for an added layer of protection against malicious redirects and scam domains like the ones uncovered in this campaign, users can benefit from keeping tools such as Malwarebytes Browser Guard enabled in their browser.\\n\\nStay safe out there this holiday season.\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we\u2019ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!”,”published”:”2025-11-24T17:36:37″,”modified”:”2025-11-24T17:36:37″,”type”:”malwarebytes”,”title”:”Black Friday scammers offer fake gifts from big-name brands to empty bank accounts”,”source”:””,”references”:””,”id”:”MALWAREBYTES:AE5D4676F4BF81E476F652E0EC841039″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/scams\/2025\/11\/black-friday-scammers-offer-fake-gifts-from-big-name-brands-to-empty-bank-accounts”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-24T18:05:12″,”description”:”Black Friday is supposed to be chaotic, sure, but not _this_ chaotic.\\n\\nWhile monitoring malvertising patterns ahead of the holiday rush, I uncovered one of the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-27430","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n