Beware: Surge in Malicious Domains Ahead of Black Friday Shopping Events

Surge in Malicious Domains for Black Friday

As the holiday shopping season approaches, cybercriminals are seizing the opportunity to create fraudulent infrastructures with the recent surge in newly registered domains. Check Point Research (CPR), a division of Check Point® Software Technologies Ltd., has reported a concerning increase in such domains ahead of Black Friday. The intelligence reveals that 1 in 11 of these new domains is classified as malicious, particularly those imitating popular brands like Amazon, AliExpress, and Alibaba.

Key Findings from Check Point Research

The spike in newly registered Black Friday-related domains is particularly notable. In October 2025, 158 new domains associated with Black Friday were registered, which marks a staggering 93% increase compared to the monthly average of 2025. By early November, over 330 new relevant domains emerged within just ten days. This trend reflects patterns from previous years; for instance, the period between October and November 2024 saw a 188% rise in similar registrations.

Among the new registrations observed from October to early November, a troubling proportion, 1 in 11, were identified as malicious domains. Many of these domains utilize specific naming patterns that include terms related to Black Friday as well as formatted combinations involving elements like "2025" and various European country names (primarily Spain, Italy, and Germany).

Examples of such domains include:

- 2025germanyblackfriday[.]com
- germany2025blackfridaystores[.]com
- italyblackfriday2025[.]com
- spain2025blackfridayshop[.]com

These domain names frequently incorporate retail-related words such as "shop," "mall," and "store," indicating a use of automated templates and bulk registration tools.

Counterfeit E-commerce Sites on the Rise

The rise in counterfeit domains is a significant driver of cybercrime around Black Friday. In October 2025, researchers identified 1,519 new domains referring to well-known e-commerce platforms like Amazon, AliExpress, and Alibaba—representing a 24% month-over-month increase and a 12% year-over-year increase. Approximately 1 in 25 of these sites were flagged as active threats.

Case Studies of Recent Phishing Campaigns

1. HOKA Black Friday Scam
A fraudulent domain named "hokablackfriday[.]com" poses as HOKA's official site, using its logo and high-quality images of their athletic shoes. This site, registered on October 24, 2025, aims to steal user data during a fake checkout process.

2. AliExpress Phishing Fraud
Another domain, "aliexpress62[.]com," closely imitates the official AliExpress website, replicating branding elements and promotional content. Registered on October 5, this domain was found to be collecting personal data, login credentials, and payment card information.

Recommendations from Check Point

Given the scale and structure of these new domain registrations, this indicates the existence of an organized and extensive cybercrime ecosystem. As these malicious actors increasingly leverage generative AI tools, defenses must adapt accordingly. Check Point Research recommends several strategies:

- Monitor the surge of newly registered domains that include brand names and predictable naming conventions.
- Implement endpoint protections to block access to malicious domains, preventing data theft before users engage with phishing sites.
- Utilize external risk management solutions to continuously monitor internet-facing assets, detect impersonations, and automate the takedown of fraudulent infrastructures.
- Provide guidelines on URL verification and strategies to avoid seasonal phishing scams to both internal and external stakeholders.
- Strengthen fraud prevention measures in payment workflows, including risk scoring for transactions involving newly registered domains.

With attackers increasingly automating domain creation and leveraging impersonation strategies, a proactive, intelligence-driven approach is crucial for protecting users during this high-stakes online shopping season.

This information was adapted from a press release issued by Check Point Research on November 20, 2025.

About Check Point Research

Check Point Research delivers cutting-edge cyber threat intelligence to its customers and the threat intelligence community. Comprising over 100 analysts and researchers, CPR collaborates with security vendors, law enforcement, and various CERT organizations to bolster cybersecurity measures.

Further Resources

Legal Notice Regarding Forward-Looking Statements

This press release contains forward-looking statements concerning the future performance of Check Point, which involve various risks and uncertainties. Actual outcomes may differ significantly due to these factors. For more information on risks affiliated with forward-looking statements, please refer to our latest filings with the U.S. Securities and Exchange Commission.