Logo Leicom ITEC AG
Spiegelung Gebäudefassaden Spiegelung Gebäudefassaden

Black Friday: When Cybercriminals Go Shopping

27.11.2024

Black Friday is becoming the favorite time of year for cybercriminals. According to data from Kaspersky, in 2023 the volume of targeted attacks on consumers during this period increased by 178% compared to the yearly average, with alarming spikes in the 48 hours leading up to the event.

The online shopping boom creates fertile ground for increasingly sophisticated scams. The latest report from CheckPoint shows how cybercriminals are refining their techniques by exploiting the urgency and emotional pressure typical of this time. It’s no longer just about poorly crafted phishing emails—attacks have become so sophisticated that even the most vigilant users can fall into the trap.

A striking example comes from phishing campaigns analyzed by Akamai: scammers replicate emails from leading e-commerce platforms with near-perfect precision—logos, formatting, even the brand’s tone of voice. The difference? Often just a single character in the email domain—an “rn” instead of an “m,” nearly impossible to notice in the rush of shopping.

Digital skimming is among the most insidious threats. It involves intercepting sensitive data like credit card information while users fill out online forms. Experts at RiskIQ identified over 40,000 compromised e-commerce websites in November 2023 alone, where malicious scripts were embedded in payment forms. These scripts, invisible to the user, transmit card data in real time to cybercriminals.

Particularly alarming is the rise in attacks via fake mobile apps. According to Symantec, in the weeks leading up to Black Friday, digital app stores are flooded with cloned applications imitating major retailers. These apps not only steal personal and banking data but often install malware that can compromise the entire device.

Social engineering is reaching unprecedented levels of sophistication. Analysts at IBM X-Force documented a rise in scams based on “too good to be true” offers spread through social media.

These campaigns use advanced persuasion techniques and social pressure to push users into impulsive and risky purchase decisions.

On the other side are DDoS attacks, which crippled numerous e-commerce platforms during Black Friday 2023. When a website becomes unavailable, frustrated consumers often flock to alternative platforms—many of which are deliberately set up by criminals to capture this “bounce” traffic.

The real novelty in 2024, according to Mandiant experts, is the use of artificial intelligence to personalize attacks. Cybercriminals are leveraging advanced language models to craft highly convincing communications tailored to the digital profiles of potential victims.

The numbers speak for themselves: during Black Friday 2023, 40% of online shoppers reported fraud attempts, with an average financial loss of €750 per victim. But the most alarming figure comes from Imperva’s report: 60% of victims only discovered the compromise weeks later—too late to take effective action.

Black Friday is proving to be the perfect storm for cybercrime: a volatile mix of decision pressure, high transaction volume, and users willing to take greater risks, lured by seemingly irresistible deals. A perfect storm where the line between bargain and scam grows dangerously thin.