The annual Black Friday sales event consistently attracts a surge in malicious cyber activity, as detailed in a recent threat analysis. During the peak shopping season encompassing October and November, security researchers observed a significant uptick in attempts to defraud online shoppers. Cybercriminals deployed a variety of tactics aimed at stealing financial information, personal data, and money from consumers hunting for bargains on popular retail platforms.

Phishing Campaigns and Financial Threats

Throughout the observed period, security solutions detected and blocked more than 5.5 million phishing attacks. These attacks primarily involved fraudulent web pages designed to mimic the look and feel of legitimate e-commerce websites and payment system portals. Analysis of the threats revealed a 28% increase in the activity of banking Trojans, specifically from the Zbot and Ramnit malware families. These malicious programs are engineered to steal payment card details and online banking credentials directly from infected devices.

Impersonated Brands and Scam Techniques

Cybercriminals heavily leveraged the brand recognition of major retailers and online services in their campaigns. The most frequently impersonated brands included Amazon, Walmart, and eBay. Attackers also created fake pages for payment systems like PayPal to capture login credentials. Common techniques involved disseminating links to these fake websites through phishing emails disguised as special offers or order confirmations. Additionally, fraudulent advertisements on social media platforms directed users to malicious domains offering products at impossibly low prices.

These campaigns were not limited to simple website spoofs. Many involved malicious email attachments, often presented as receipts or shipping details, which would install malware when opened. The primary goal of these varied operations was the acquisition of sensitive user data for subsequent financial fraud.

Source: https://securelist.com/black-friday-threat-report-2025/118083/