It’s the beginning of the holiday shopping season kicked off by Black Friday and Cyber Monday. To celebrate, cybercriminals have created a record number of malicious online stores to trick unsuspecting shoppers. Cybercriminals create online stores that claim to sell hard-to-find items, such as trending makeup products or this year’s hottest toys. To lure in customers, cybercriminals run ads on other websites, on social media platforms, and even within Google search results. If you click one of these ads, you'll be taken to the malicious online store. These stores can be very convincing because they include real product images, descriptions, reviews, and a functional shopping cart and checkout process. Unfortunately, if you try to purchase something from one of these malicious stores, your money, mailing address, payment data, and any other personal information you provided will go straight to the cybercriminals. Follow the tips below to avoid these malicious online stores:

  • Watch out for misspelled or look-alike domains. For example, cybercriminals may spoof the popular toy brand Squishmallows with spellings such as "Squishmellows" or "Squashmallows."
  • Be cautious of stores that promise outrageous deals on high-demand products. Remember that if something seems too good to be true, it probably is!
  • Always shop from well-known and trusted retailers. If you haven’t shopped there before, look up reviews and customer feedback for that retailer.