- Check Point reports an increase in Black Friday-themed domains, with nearly 10% identified as malicious.
- In October 2025 alone, 1,519 new domains impersonated major e-commerce brands, and one in 25 was identified as malicious.
- Researchers warn that GenAI tools could speed up the creation of localized phishing sites and increase risks during the shopping season.
In October 2025 and the first weeks of November, there was a huge increase in the number of new domain registrations during Black Friday. But experts warn that many of these domains are malicious and abuse the hunt for discounts to steal people’s data, passwords and maybe even money.
a new one relationship According to cybersecurity researchers at Check Point, there were 158 new Black Friday-related domains in October 2025, 93% more than the monthly average for 2025. The beginning of November 2025 was even busier, with 330 new domains added in the first ten days of the month alone.
Of these domains, almost a tenth (one in eleven) were classified as malicious.
The dangers of GenAI
In addition to domains with the word ‘Black Friday’ in the name, many new domains posing as major e-commerce brands have also appeared in recent weeks. According to Check Point, these are also exclusively designed to take advantage of Black Friday.
In October, there were 1,519 new domains pointing to sites like Amazon, AliExpress or Alibaba, a 24% increase compared to September 2025 and a 12% increase compared to the same period last year. One in 25 of these sites was classified as malicious.
Overall, Check Point says volume has been roughly consistent compared to previous years.
But researchers also warned that generative artificial intelligence (GenAI) tools are speeding up the process of creating new websites, noting that the threat from malicious landing pages, especially localized ones, is significantly higher this year.
“Creating and locating these types of operations is much easier and faster with modern generative AI tools,” Check Point said.
“Although there is no clear evidence that artificial intelligence was used in these specific cases, attackers are increasingly using these types of tools, making future campaigns more complete, specific and difficult to detect.”