Cyberattack Increases Amidst Black Friday

As holiday-season shopping ramped up in 2025, so too did the darkest corners of the internet. The retail surge sparked a wave of sophisticated cyberattacks aimed not just at wallets, but at human fear. Black Friday 2025 wasn’t just about record-breaking sales; it became a landmark for one of the most aggressive waves of cyberattacks the retail world has seen.

At The Silicon Journal,  we are committed to delivering the latest news and happenings occurring worldwide. With our content team standing at the forefront of researching, crafting, and delivering all that you need to know, The Silicon Journal keeps readers informed and empowered in the business world.

Black Friday Under Fire: Cybercriminals Turn Holiday Frenzy into Fraud Frenzy

The frenzy of Black Friday discounts and online deals has long sparked excitement, but in 2025, that surge in shoppers also triggered an explosion of cybercrime. As consumers rushed to snag bargains, cybercriminals seized the moment. Phishing campaigns, banking trojans, and even disturbing virtual-kidnapping scams emerged from the shadows.

According to global cybersecurity trackers, phishing attacks targeting holiday shoppers surged by a staggering 620% in the weeks leading up to Black Friday compared with normal traffic. 

As the Black Friday cyber attacks increase in the United States, the country experienced some of its historical Black Friday cyberattacks. In November 2019, Macy’s fell prey to a Megacart attack just before Black Friday. During the attack, hackers injected malicious code into the company’s online payment system, which enabled them to trace customers’ credit card information directly from the checkout page, from credit card numbers to verification codes. It is estimated that thousands of customers were affected by this breach.

There has been a 692% increase in phishing attacks during Black Friday week compared to early November, with a 392% rise in Christmas-themed phishing attacks worldwide. Phishing and holiday-themed scams account for 42% of Black Friday-specific threats, with 32% targeting digital wallets and payment systems in 2025.

Phishing became the opening act: during Black Friday week, attempts soared by more than 600%, many impersonating trusted retail giants and masquerading as genuine sale notifications or payment alerts. Once victims clicked, they were often funneled into fake checkout pages or prompted to install malicious banking trojans — a method especially effective given the volume of transactions and distracted mindset of holiday shoppers.

Cyberattackers intensify their efforts around holiday shopping, with phishing being a major weapon. The holiday-themed discounts, deals, and shipping notices significantly amplify scam volume. During this time, online wallets and shoppers’ payment methods have become a frequent target, and the volume of attacks has risen dramatically with the advent of e-commerce. The United States retail sector encountered a violent wave of cyber threats, with phishing attacks mimicking major holiday brands, including Walmart, Best Buy, and Target, increasing the attacks by 2000%.

In the same period, automated malware, especially banking trojans, designed to hijack payment apps and banking sessions, rose sharply. Security firms documented a notable uptick in malware incidents tied to e-commerce and payment gateways, reflecting how attackers timed their strikes to coincide with peak transaction volumes. Meanwhile, scammers exploiting fear and emotion started deploying dark new tactics. In a wave of AI-powered fraud, “virtual kidnapping” schemes surfaced, where attackers used deepfake images or threatening messages to impersonate kidnappers demanding ransom, preying on panic rather than impatience.

What made 2025’s Black Friday particularly dangerous was the scale and variety of attack vectors. Fake retail domains, spoofed brand emails, fraudulent payment pages, and AI-enhanced social engineering combined to create a perfect storm. Security researchers also flagged a rise in bot-driven traffic. Many fraudulent sites deployed automated bots to blend in with shoppers, hiding malicious activity among a high volume of legitimate purchases. It was a frightening evolution of social engineering, where fear and urgency replace discount countdowns to force compliance.

Behind the scenes, criminal networks used botnets, proxy servers, and automated scripts to amplify their reach — generating thousands of fake retail sites, spam emails, and fraudulent payment portals in mere hours. For a consumer rushing to check out the latest deal, it became near-impossible to detect the trap until it was too late.

The result? For countless consumers, a quest for bargains ended with stolen credentials, drained bank accounts, or terrifying ransom demands. In such an environment, Black Friday transformed from a shopping holiday into a high-stakes test of digital safety, underscoring how critical cybersecurity awareness and proactive defense have become in our hyper-connected world.

This Black Friday surge offers a stark lesson: when convenience and urgency dominate, cybercriminals adapt faster than ever. In the face of 2025’s storm of digital deception, the only safe bet is awareness, caution, and a commitment to never treat a “bargain” as anything but a potential threat. The holiday shopping season morphed into a battleground — one where only vigilance, skepticism, and strong cybersecurity habits stood between a deal and a disaster.

The ‘Black Side’ of Black Friday: Scams and More

E-skimming attacks give hackers unauthorized access to customer payment information by injecting malicious code into a payment system, leading to a bank account malware attack. During the 2024 Black Friday sale, there was a significant rise in Gozi malware activity. While consumers were purchasing items, cyber criminals exploited the shopping frenzy. On November 29, 2024, IBM detected a sudden surge in Gozi malware activity targeting financial institutions across North America. Gozi malware is engineered to steal banking credentials, execute advanced web-injects, and monitor user activity duing online banking sessions. With features like anti-debugging mechanisms and encrypted communication, Gozi malware executes targeted attacks on specific financial institutions. These attacks highlight the need for vigilance and proactive security measures. 

While people enjoy the convenience of online shopping, its crucial for them to stay aware of the ever-present cyber threats looming over the digital landscape. Leveraging robust security practices and staying cautious can reduce the risks of such attacks and protect consumers. Technologies like AI cybersecurity help detect spoofs and attacks that often human fail to detect. 

Rising Virtual Kidnapping Scam Amidst the Festive Season

According to FBI, cybercriminals are manipulating social media and other publicly available images of people to use as fake proof of life photos in “virtual kidnapping” and extortion scams. During such attempt, scammers contact their victims through text messages and claim to have kidnapped their loved one. In the face of this crime, FBI has warned people to be extremely careful about posting real missing person info online, as scammers can scrape these images and contact the missing person’s family with fake information. This fraud resembles age-old grandparent scams. The FBI classifies this type of fraud as “emergency scams” and reported a loss of $2.7 million and 357 complaints.

In 2025, the miscreants have launched a newer version of the grandparent scam in which they send the images or videos of the “missing” perosn that appears to be real to victims to show proof of life. As commented by the federal cops, they often “express significant claims of violence towards the loved one if the ransom is not paid immediately," to increase pressure on the victims to pay the ransom. With the virtual kidnapping scam threats amplifying in the USA, the volume of scams associated with the festive season rises significantly.