On the 28th November, brands all around the world will kick off their busiest sale of the year: Black Friday.
And although Black Friday is known for promising bigger savings than ever, it also creates big opportunities for cybercriminals to target shoppers chasing limited-time deals.
According to data from NordVPN’s Threat Protection Pro™, new fake Amazon websites increased by 232% in October compared to September. Across all analysed shopping websites, fake shops jumped by 250%. eBay saw the most dramatic increase, with impersonations skyrocketing by 525%.
And when it comes to protecting themselves, consumers don’t do a great job. Nord’s research shows that 68% of consumers globally do not know how to identify a phishing website. This becomes incredibly dangerous during the holiday shopping season when consumers visit multiple online retailers, often clicking through promotional emails to access deals on unfamiliar websites.
“Shopping events like Black Friday are a goldmine for cybercriminals. Scammers exploit the frenzy around doorbuster deals and flash sales, knowing that rushed shoppers are more likely to click on malicious links or share personal information without thinking twice. Even in the heat of bargain hunting, people need to maintain good cyber hygiene,” says Marijus Briedis, chief technology officer (CTO) at NordVPN.
Why Do Cyberattacks Increase Around Black Friday?
According to The Guardian, close to 3,500 scams a day were reported to Three during the Black Friday period in 2023. The following year, Darktrace reported a 692% surge in Black Friday Scams, as attackers exploit the increase in online transactions over the holiday period.
And as cyberattacks become more sophisticated, even the National Cyber Security Centre is urging shoppers to protect themselves from scams and turn on 2 step verification to add an extra layer of protection.
But why does it happen?
Well, over Black Friday, websites process high volumes of payment data, this can put pressure on systems and make their vulnerabilities more noticeable to cybercriminals. It can also make it harder for security teams or software to spot any unusual activity in amongst the noise.
Another big issue is the speed at which websites encourage shoppers to check out. Flash sales mean consumers might be clicking fast to get a deal, but also means they could be less cautious. Phishing emails, fake links and ads mean the emotional rush to pay overrides any form of rational security.
But whilst the stats might sound scary, the truth is that there are some easy ways for people to protect themselves during Black Friday.
To find out what to do, we asked the experts. Here’s what they had to say:
Our Experts
- Vonny Gamot, Head of EMEA at McAfee
- Spence Young, SVP International at Delinea
- Mick Baccio, Global Security Advisor at Cisco Foundation AI (Splunk)
- Lee Suker, Head of Authentication at Sinch
- Leyla Bilge, Director of Scam Research at Norton
- Adam Seamons, Head of Information Security at GRC Solutions
- Lydia McElligott, Security Researcher at Forcepoint X-Labs
For any questions, comments or features, please contact us directly.
Vonny Gamot, Head of EMEA, at McAfee
“McAfee research found that 97% of Brits will be planning to shop online during the festive period, and it is important for those trying to save this Black Friday to be aware of the clever tactics scammers are using to deceive shoppers online. Research also shows that 6 in 10 consumers (58%) say they’re more concerned about AI-generated scams this year compared to last, and one third of shoppers (35%) say fear of scams has stopped them from completing a purchase at least once.”
“Different scam tactics include deepfake videos, scammers impersonating major retailers, and pressure tactics such as ‘flash deal’.”
Vonny’s tips to stay safe this Black Friday:
- “Think before you click. If you receive an email or text message asking you to click on a link, pause and ask yourself if it could be a scam. Often it’s best to avoid interacting altogether and go directly to the source.”
- “Don’t rush. Scammers use urgency to pressure you into acting. Take a moment to verify any email or message that claims you need to make a payment quickly or resolve an issue.”
- “Stick to well-known stores and double-check any unfamiliar ones by reading reviews.”
- “Don’t trust every face: Be sceptical of celebrity or influencer endorsements, as AI can fake them easily.”
- “Consider taking advantage of AI-powered online protection tools that detect and block scams across text, email and video, so you can shop peacefully and securely.”
Spence Young, SVP International at Delinea
“Black Friday is a great opportunity for both shoppers and cyber criminals alike. With spikes in online traffic, transactions and third-party interactions, attackers have endless chances to exploit weak access controls and steal data or deploy ransomware. The recent high-profile breaches at major UK retailers show how easily identities can be compromised.
“Retailers need to treat identity as a business priority to stay ahead. Applying zero trust principles, continuously validating users and devices, and enforcing least-privilege access are key. They should also stress-test incident response plans, make MFA mandatory, and use intelligent automation to flag suspicious activity early.
”By tightening identity controls now, retailers can cut risk, preserve customer trust, and keep operations running smoothly when the rush hits.”
Mick Baccio, Global Security Advisor, Cisco Foundation AI
For any questions, comments or features, please contact us directly.
Lee Suker, Head of Authentication at Sinch
“As shoppers gear up for Black Friday and festive deals, scammers are doing the same by flooding inboxes, comment sections, and chat windows with convincing fakes. From bogus shipping alerts to fake giveaways, these scams mimic real brand interactions across SMS, email, social media, and customer service channels.”
Here are five scams to watch out for this season:
1. “Your order has shipped!”
-
Fraudsters are sending fake SMS alerts with tracking links, designed to lure shoppers into phishing sites. These messages often look legitimate and tend to spike during Black Friday and Cyber Monday, when consumers are expecting deliveries
2. Flash sales flooding your feed
-
Scammers are flooding platforms like Instagram and TikTok with ads offering 90% off big-name brands. The catch? The sites are fake, and payment details are harvested.
3. Beware the customer service chatbots (that are not really there to help)
-
A quick search for a brand’s support page can land shoppers on a fake site, complete with a chatbot that asks for sensitive information like card details. These bots are convincing and built to steal, especially during key shopping seasons like Black Friday.
4. “Exclusive VIP access”
-
Emails promising early access to secret sales are often phishing attempts. Clicking the link can install malware or steal login credentials
5. “Black Friday giveaway!”
-
Scammers are hijacking comment sections and impersonating brands with fake giveaway posts, often promising gift cards, tech gadgets, or exclusive discounts. The rise of conversational commerce means fraudsters are getting more creative and more convincing.
Leyla Bilge, Director of Scam Research at Norton
“From AI tools to social media ad clicks, people are leaning into convenience. But scammers are leaning in too, just like hiding a spare key under the doormat, the habits people underestimate are the very ones that make them most vulnerable.
“Scammers thrive on pressure, distraction, and emotional decision-making, and the holiday season delivers all three in spades. Scammers aren’t waiting for you to slip up. They’re counting on you to be busy, stressed, and in a rush. And the moment you let your guard down, they’re ready. Nowadays with the sophistication of scams, even if your guard is up, they’re ready.”
Adam Seamons, Head of Information Security at GRC Solutions
Lydia McElligott, Security Researcher at Forcepoint X Labs
“Every year, shoppers start the season the same way: scanning their inboxes for early deals and limited-time offers. Cybercriminals know this, and they tailor campaigns to blend seamlessly into the noise. This year, attackers are using AI to craft fraudulent emails, clone online stores, and execute scams that are nearly indistinguishable from legitimate holiday deals.
What makes today’s attacks dangerous is how closely they mirror real retail behavior. Attackers can now produce phishing emails identical to brand templates, fake product reviews and social ads, and compelling “small business” storefronts that don’t exist.
Recognizing a scam is easier when you know what to look for. Although techniques vary, verifying sender domains, checking URLs and questioning unbelievable discounts can prevent most scams. A few seconds of scrutiny – checking the sender, reviewing the URL, questioning the offer – can prevent a costly mistake.
When an offer feels even slightly suspicious, trust your instincts. Caution is the best bargain of the season.”
For any questions, comments or features, please contact us directly.
