Black Friday is supposed to be chaotic, sure, but not this chaotic. Amid genuine doorbusters and flash sales, a large-scale, highly polished scam campaign is hijacking web traffic and pushing shoppers to fake “survey reward” pages impersonating dozens of major brands all to steal payment card details and personal data.
Security research into malvertising ahead of the holiday rush shows how widespread this operation has become.
Malicious ads, planted on otherwise legitimate sites, silently redirect users into an interconnected network of more than 100 unique domains.
Each domain runs the same fraud template, swapping in different logos, colors, and product imagery depending on which company the scammers want to mimic.
The brand list reads like a Black Friday wish list: Walmart, Home Depot, Lowe’s, Louis Vuitton, CVS Pharmacy, AARP, Coca-Cola, UnitedHealth Group, Dick’s Sporting Goods, YETI, LEGO, Ulta Beauty, Lululemon-style athletic apparel, Petco, Petsmart, Starlink, and more. The choices are deliberate.
If shoppers are hunting for a LEGO Titanic set, a YETI bundle, a Lululemon-style hoodie pack, or the hyped Starlink Mini Kit, scammers know exactly which logos and product shots will get clicks.
How scammers mimic trusted brands
According to report, Black Friday does bring incredible deals, but it also brings incredible opportunities for scammers.
The attack begins when a user clicks or in some cases merely scrolls past a booby-trapped ad. An invisible multi-hop redirect chain fires in the background, and the user lands on a “Survey about [Brand]” page they never meant to visit.
These pages are clean and convincing: brand logo and name at the top, a localized timestamp such as “Survey – November X, 2025 ”, a sleek reward box, a countdown timer, and a blurred store- or product-style background.
From there, the social engineering kicks in. The supposed rewards are tailored to each brand: a Starlink Mini Kit, a YETI “Ultimate Gear Bundle”, a LEGO Falcon Exclusive, a Louis Vuitton suitcase, a McCormick spice kit, a Petco “Dog Mystery Box”, Home Depot tool bundles, and other desirable, seasonal items.
The pitch is simple: answer a few questions, pay a small shipping fee, and claim your prize.
The “survey” itself is generic and identical across domains. Its fundamental purpose is to build psychological commitment.
This is not amateur phishing it is an industrialized operation built specifically around the Black Friday window and current shopping trends.
Once completed, the page claims there is “only 1 reward left,” that the offer will expire in minutes, and that a small processing or shipping fee typically between 6.99 and 11.94 dollars must be paid.
Some variants even offer tiny discounts for paying with specific card types, mimicking legitimate e‑commerce flows.
The final step is a checkout form requesting full name, address, email, phone number, and complete credit card details, including CVV.
The low fee feels harmless compared to the supposed prize value, but the real payoff is the data itself. With these details in hand, fraudsters can run unauthorized transactions, resell card data, and recycle victims’ personal information into further scams.
Under the hood, the technical fingerprints are consistent: identical HTML and CSS, the same JavaScript countdown logic, near-duplicate reward copy, “1 left” scarcity mechanics, swappable brand banners, blurred reused backgrounds, and aggressive domain rotation funneled via malvertising.
Shoppers should treat any surprise “survey reward” promising a high-value gift for “shipping only” with extreme skepticism, especially when it appears out of nowhere after clicking an ad.
When in doubt, navigate directly to the retailer’s official website or app, and never enter card details on a site reached through an unexpected pop-up or redirect. The safest Black Friday deals are the ones that don’t cost you your identity.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.