Black Friday Triggers More Than 600% Rise in Attempted Retail Cyber Scams

CAMBRIDGE, UK – Darktrace, a global leader in AI for cybersecurity, today revealed a surge in retail cyber attacks at the opening of the 2024 holiday shopping season.

Analysis from Darktrace’s threat intelligence team using data from across the Darktrace customer fleet shows that during Black Friday week (25^th to 29^th November 2024) attempted Christmas-themed phishing attacks leapt 327%¹ around the world, while Black Friday themed phishing attacks jumped 692% compared to the beginning of November (4^th – 9^th November)², as bad actors seek to take advantage of consumers and holiday brands during the busy shopping period.

The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands³ including Walmart, Target, and Best Buy increasing by more than 2000% during peak shopping periods.

The analysis also highlighted the shifting attention of scammers as the festive season arrives from targeting business to consumer needs, with impersonation of major consumer brands⁴ growing 92% globally between the analyzed periods while mimicking of workplace focused brands⁵ declined by 9%.

Brands, particularly major retailers like those analyzed, invest significantly in protecting themselves and their customers from scams and cyber attacks and often step up those measures for the holiday period. However, brand impersonation in phishing occurs entirely outside retailers’ legitimate infrastructure and security controls and happens at too great a volume for brands to catch and stop every instance. While new technologies, like AI, are helping security teams close the gap, brand impersonation remains a common challenge for brands.

“The festive shopping season creates a perfect storm for cyber criminals,” says Nathaniel Jones, VP of Threat Research, Darktrace. “Consumers are primed to expect floods of retail deals, while retailers are processing tremendous transaction volumes at speed. This combination makes spotting suspicious patterns more challenging than at any other part of the year. Bad actors taking advantage of that with brand impersonation is nothing new, but the rapidly growing volume of those attacks makes them a real worry. Both consumers and brands need to be increasingly alert to potential scams, but we can all take heart that big name retailers have some of the most sophisticated protections possible to help safeguard their customers, and technologies like AI cybersecurity, that spot spoofs and attacks that humans wouldn’t, are catching and stopping more of these attacks than ever before.”

Darktrace’s findings demonstrate some of the most common brand spoofing strategies used by attackers during the holiday season. In one strategy, brand impersonation phishing, attackers send a phishing email designed to look like a favorite retailer, enticing their target to click a link for a discount, when in fact the link downloads malware to their device. The most effective attacks are multi-stage: brand impersonation emails lead unsuspecting shoppers directly to websites that look like the retailer but harvest login or payment details, creating a seamless deception that hands personal and financial data directly to attackers. This coordinated approach exploits the chaos of holiday sales, when shoppers are primed to expect high volumes of retail emails and website traffic promoting significant savings.

Five essential security measures for retailers

With the festive season in full swing, retailers must stay vigilant against rising cyber threats. Here are five tips to help businesses protect themselves and their customers. 

1. Make logins secure: Firstly, ensure all staff have strong passwords (12-16 characters). Set up multi-factor verification across all business systems. This extra layer of security means even if passwords are compromised, unauthorized users can’t access your accounts during the busy retail period and use them to target your customers.
2. Lock down email: Call your IT team and ask them if they have DMARC switched on. DMARC stops scammers from sending emails that look like they’re from your company and helps you see who is illegitimately sending from your email domain to protect your brand.
3. Prepare your team: Regular security training and business wide communications help staff identify and report seasonal scams. Focus on current threats and emerging patterns – when your team knows what to look for, they become your strongest defense against cyber attacks.
4. Monitor brand impersonation: Set up Google Alerts to track mentions of your brand and warn you of counterfeit websites and fraudulent domains. Also lock down your brand name with official registrations. This makes it easier to spot and shut down fake accounts and copycat websites. Several brand protection tools out there can help catch imposters too. Quick detection helps you respond rapidly to brand exploitation and protect your customers from sophisticated scams.
5. Strengthen payment processes: Implement tiered access policies with stricter controls for finance team members who handle transactions. Apply more rigorous authentication and monitoring requirements compared to non-financial roles, ensuring sensitive payment operations are limited to authorized personnel.