Phishing attempts targeting Black Friday shoppers surge 620% in the weeks leading into the holiday weekend

Cambridge, UK, Nov, 2025 (GLOBE NEWSWIRE) —

• New data from Darktrace reveals a 54% jump in phishing attacks impersonating well-known festive retailers like Walmart, Macy’s and Best Buy in just the last week
• Amazon is the most mimicked brand, making up 80% of phishing attacks in Darktrace’s analysis of global consumer brands
• Darktrace warns online holiday shoppers about prolific ‘Deal Watchdogs’ phishing campaign and publishes top tips on how to stay cyber safe over the holidays
• Volume of phishing attacks expected to jump a further 20-30% during Black Friday week

Shoppers heading into Black Friday this week face a wave of increasingly convincing scam emails, according to a new analysis by Darktrace, a global leader in AI for cybersecurity. Phishing attacks targeting Black Friday sales are spiking 620% since the start of November, while attacks mimicking well-known major retailers like Walmart, Macy’s and Best Buy have jumped 54% in the past week^[1]. Amazon was the top target for brand impersonation in November, accounting for 80% of all phishing attacks involving major global brands tracked by Darktrace, far more than Apple, Netflix, or PayPal^[2]. With attacks already surging, Darktrace warns the threat has not yet peaked, with phishing volumes forecast to climb a further 20–30% during Black Friday week (22–29 November).

The findings are based on an anonymized analysis of emails sent to businesses using Darktrace / EMAIL^™, revealing clear trends in how scammers use seasonal lures and brand impersonation to target shoppers.

Throughout November, Darktrace has stopped multiple phishing scams sent from fake marketing domains like “Pal.PetPlatz.com” and “Epicbrandmarketing.com”. Some of these emails promote bogus deals on Rolex watches and Louis Vuitton bags, but most pretend to be from a fake brand called “Deal Watchdogs,” which claims to find the best online bargains for consumers. These emails advertise “can’t miss” Black Friday offers supposedly found on Amazon and use social engineering tactics to lure shoppers into clicking the links. Anyone who clicks is taken to a fake Amazon website, where attackers steal their data and payment information.

5 tips to stay safe while you fill your basket

Darktrace provides five tips to help shoppers stay safe while grabbing deals throughout the holiday season:

1. Check every website (twice). Cybercriminals often set up sites that look almost identical to the real thing. Check the URL carefully – scammers might turn “John Lewis” into “J0hn Lewis” (with a zero) or use domains like “Amazondeals.com” to trick rushed consumers. If in doubt, look up reviews linked to the URL on trusted platforms such as Trustpilot.
2. S is for both Santa and Secure. When on a shopping site, make sure the web address starts with https:// – the “s” signals a secure connection. If it’s just http://, someone may be able to view or alter the information you send, opening you up to data theft. Many browsers will flag insecure sites with a warning next to the address bar.
3. Leave the rushing to the elves. Creating a sense of urgency is one of scammers’ favorite tricks. Countdown timers, “last few in stock” warnings and threats that an offer will disappear in minutes are designed to make people click before they think. If you feel pushed to act immediately, slow down and double-check it’s genuine.
4. Look at the payment options. Legitimate online stores usually offer flexible ways to pay, including “pay later” options. Fraudulent or fake stores are more likely to insist on upfront payment only, or to push unusual methods such as cryptocurrency. If the only options feel odd, walk away.
5. Be wary of Christmas miracles. Slogans like “buy one get one free” on high-ticket items or “below factory price” offers are classic lures to draw people onto fake sites where criminals can steal personal information. If a deal looks unrealistically generous, treat it with caution.

“The holiday inbox is a major hunting ground for scammers,” commented Nathaniel Jones, VP of Security & AI Strategy at Darktrace. “Attackers know people are expecting shipping updates, discount codes and last-minute deals from the retailers they love, so a fake email doesn’t have to work very hard to look believable. These attacks don’t just put consumers at risk of having their money and data stolen. Brands are also losing sales and loyalty as customers fall victim to these scams and become wary of genuine holiday offers.”

“These aren’t the badly written scam emails people were taught to ignore,” Jones continued. “Today’s phishing emails can be almost indistinguishable from the real thing, right down to the tone of voice and timing. That makes it incredibly tough for shoppers to tell what’s genuine in a busy inbox, and it leaves retailers picking up the pieces when their name and logo are used as bait.”

As phishing emails become harder to distinguish from genuine offers or delivery updates, traditional spam filters and cybersecurity training struggle to keep up. Businesses now need defenses that can quietly spot and block fake emails before they reach the inbox. AI-based security like Darktrace / EMAIL does this by spotting subtle warning signs that an email isn’t what it claims to be – such as unusual writing style and tone, strange links, unknown senders, or even odd-looking branding. This takes the pressure off people to spot tiny mistakes in a crowded inbox and helps businesses protect their brand, staff, and customers.

About Darktrace
Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organizations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate – from network to cloud to email. It provides pre-emptive visibility into the customer’s security posture, transforms operations with a Cyber AI Analyst™, and detects and autonomously responds to threats in real-time. Breakthrough innovations from our R&D teams in Cambridge, UK, and the Hague, Netherlands have resulted in over 200 patent applications filed. Darktrace’s platform and services are supported by over 2,300 employees around the world who protect nearly 10,000 customers across all major industries globally. To learn more, visit  http://www.darktrace.com

^[1] Based on live tracking of phishing emails spoofing Walmart, Target, Best Buy, Macy’s, Old Navy, 1800-Flowers across email inboxes protected by Darktrace.  November 15^th – November 21^st 2025

^[2] Comparison against Apple, eBay, Netflix, Alibaba and PayPal across a random sample of customer inboxes protected by Darktrace / EMAIL. 1^st November – 21^st November 2025

Contact Info

Darktrace Media Relations
media@darktrace.com
+1 929-316-4384

Also Read: 

Top 5 AI Tools Every Web Developer Should Know for Smarter Coding and Productivity

Digital Product Passports (DDPs): Enhancing Transparency and Sustainability in Product Lifecycle