A massive 620% spike in phishing attacks: Courtesy Black Friday sales

by Brad | Dec 3, 2025 | Phishing

A massive 620% spike in phishing attacks: Courtesy Black Friday sales

A massive 620% spike in phishing attacks: Courtesy Black Friday sales

by Phishing Protection

Shopping seasons have always been a vulnerable point of time when cybercrooks love to attack businesses and individuals left, right, and center. 28th November marked the beginning of the much-awaited Black Friday sales around the globe across big and small brands. Shopaholics wait throughout the year for this sale to grab the best possible discounts.

However, it seems this time the threat actors have come fully prepared. A significant spike of 620% has been noticed in phishing attempts, all thanks to Black Friday sales.

The shopping season always serves as a golden opportunity for the cybercriminals who make the most out of the branded shopping campaigns, flooded inboxes, and the sense of urgency among shoppers. What’s more concerning is the fact that brands also use the same urgency as a potent marketing tool to lure buyers. It is these limited-time offers and heavily discounted deals that make it extremely difficult for a buyer to differentiate between a legit brand campaign and a malicious cybercrime campaign.

A whopping 18,000 fake websites created to trick buyers!

A report states that threat actors managed to register as many as 18,000 fake domains between September and November. Most of these domains revolve around the core themes of Black Friday, Christmas, and Flash Sale. A staggering 19,000 e-commerce-themed domains were also created with the purpose of impersonating popular, in-demand retail brands. All these websites were actively used by threat actors to trick the buyers and get access to payment details, login credentials, and so on.

What’s worse is that cybercrooks have now learnt to use SEO, which they use actively to push all such malicious domains high up in the search engine results.

According to the report, a mind-numbing 1.57 million compromised login credentials are now floating around the dark web.

High-end industrialized tools, phishing hosting services, and brute force frameworks are being used by threat actors to automate cyberattacks.

Amazon is sending out security advisory emails to its customers!

E-commerce giant Amazon has been warning its users against brand impersonation risks. Threat actors were waiting for the perfect moment and started impersonating Amazon around Black Friday sales. A security analysis has revealed that “Amazon was the top target for brand impersonation in November.” Amazon itself issued a warning on November 24 stating that the threat actors aim to access sensitive data such as financial details and personal information of the users.

AI–The contributing factor to the upsurge in phishing attempts during Black Friday sales

Experts believe that AI has made it convenient for cybercrooks to design attacks in no time. From developing fake impersonating websites to adding malicious links in promotional emails and cunningly asking for card details or credentials, AI has made it way more convincing and fast. Artificial intelligence makes such fake campaigns look incredibly real. Also, threat actors are able to send hyper-personalized emails with the help of AI. To add to the gravity of the situation, threat actors will now soon be taking the help of AI agents to streamline the entire process.

68% of shoppers can’t differentiate between fake and real websites!

In a global survey conducted among 185 nations, as many as 65% shoppers were unable to tell apart a fake website from the real, trusted ones. Given the spike in phishing attempts, this number in itself is quite alarming. The sophistication of the attacks, AI-backed messages, and reliability of the threat campaigns are making it way too difficult for buyers to stay away from the malicious advances of the cybercriminals.

Why do threat actors target both consumers and brands during shopping season

Phishing actors ramp up their cyberattacks during the shopping and holiday season, targeting both consumers and brands. It becomes a double-edged sword—putting customer data at risk while damaging the hard-earned trust companies rely on. Strong phishing protection is essential to safeguard sensitive information and preserve brand reputation during these peak periods.

Not only do these threats break into the bank accounts and devices of consumers, but they also eventually eat away at the sales of brands. With AI, the threat actors are getting smarter, more efficient, and convincing.

The only plausible preventive measure at present is to spread cyber awareness and educate consumers. Meanwhile, brands must bolster their email security by strategically integrating DMARC.

How to stay safe as a shopper this shopping season

Here’s how you can safeguard your data and hard-earned money while enhancing your shopping experience:

Double-check every website before placing an order
Be extra cautious with the payment options
Avoid clicking on any “LAST CHANCE” and “LIMITED-TIME OFFER” banners
Be skeptical of too-good-to-be-true offers
Avoid clicking on any link received from an unknown sender
Don’t trust any domain blindly, even if it appears at the top of the search engine result pages.

Join the thousands of organizations that use Phish Protection

Find out how easy and effective it is for your organization today.

60-Day Free Trial

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Others