<p“Is that deal real — or a setup?” It’s a simple question that, this time of year, separates bargain hunters from victims.
Black Friday used to be a test of patience and timing; in 2025 it has become a test of scepticism. Security firm Darktrace reported a 620% surge in Black Friday–themed phishing in the weeks leading up to the sale day, a figure that should make even the most experienced online shopper pause before clicking an unsolicited “limited-time” offer. That spike is not an isolated quirk; it’s part of a broader shift in the fraud ecosystem driven by more convincing messaging, new delivery channels and automation tools that lower the bar for criminals.
Three scams, in particular, dominate the season and the headlines. Each is simple in concept, dangerous in effect, and increasingly polished in execution.
- Phishing emails and fake landing pages that mimic retailers. These messages promise exclusive doorbuster discounts or forced “order confirmations” that trick recipients into entering payment and login credentials. Many of these pages now use legitimate logos, realistic domains and even PayPal or bank-styled payment flows to appear authentic.
- Smishing and SMS-based fraudulent notifications. A short text claiming that your delivery is delayed, or that you’ve won a flash coupon, contains a link that leads to credential theft or malware. These attacks bypass some email filters and exploit the immediacy and trust people place in messages that look like carrier or courier alerts.
- Fake marketplaces and counterfeit listings on social platforms. Scammers create storefronts on well-known marketplaces or set up convincing profiles on social apps, selling sought-after products that never arrive — or deliver counterfeit goods. Sophisticated sellers even post fake reviews and use stolen photos to appear legitimate.
Background matters. For years, defenders measured success by the blunt metric of volume: fewer obvious spoofing campaigns meant progress. But attackers adapted. They shifted to SMS, voice, social platforms and targeted spear-phishing, and they increasingly leverage generative AI to craft personalised lures that are harder to detect and report, a trend documented across recent security reporting . The result is fewer low-skill, noisy campaigns and more focused, high-yield attacks that exploit trust, urgency and holiday spending patterns.
Why this matters: Black Friday concentrates commerce into a narrow window, and that concentration is a windfall for fraudsters. Consumers, expecting deals, are more likely to click links and bypass normal caution. Merchants, overloaded by demand, may struggle to vet new sellers or to process fraud reports quickly. Financial institutions see spikes in chargebacks and fraud investigations. And regulators face pressure to balance consumer protection with the operational burden on small businesses that rely on seasonal sales.
Different stakeholders view the threat through distinct lenses. Technologists point to improved detection and authentication tools — email authentication (SPF, DKIM, DMARC), multi-factor authentication, and behaviour-based fraud systems — as essential countermeasures. They also warn that AI tools help both sides: defenders can scale detection, but attackers can scale deception more cheaply and creatively, amplifying the attack surface .
Policymakers see a policy gap. Cross-border takedowns remain slow, and platform liability rules vary by jurisdiction. Regulators debate whether to mandate faster disclosure and stricter seller verification on marketplaces, or to require payment processors to adopt better fraud-detection standards. Each option raises trade-offs between consumer safety and the cost of compliance for legitimate sellers.
For users, the calculus is practical and immediate: the fastest way to lose money this season is to act on urgency rather than verification. The simplest advice — verify, don’t click; retype retailer URLs; confirm offers directly with the merchant; use credit cards with strong fraud protections; and enable transaction alerts — remains the most effective defense. For institutions, the imperative is to make safe behaviour easier: better sender authentication, quicker dispute resolution, clearer communications about real sales, and active takedown cooperation with platforms and law enforcement.
Adversaries, meanwhile, adapt. The economic incentives are clear: a small success rate on a large volume of personalised lures yields steady returns. As criminals adopt automation and data-enriched targeting, their operations become more resilient to standard mitigations, forcing defenders into a continuous catch-up game.
What practical signs should shoppers watch for?
- Unsolicited messages that urge immediate action or ask for payment information via a link.
- Lookalike domains (extra letters, hyphens, misspellings) and sender addresses that don’t match the claimed retailer.
- Offers that seem too good to be true — steep discounts on brand-new, high-demand items from private sellers.
- Requests to complete payment through unfamiliar payment apps or gift cards; legitimate retailers rarely request payment in that way.
Retailers and payment providers can blunt these attacks with layered defenses: robust authentication, behavioural analytics that flag anomalous purchasing patterns, transparent dispute and refund processes, and consumer education built into the checkout experience. Industry cooperation on rapid takedowns and information sharing can also raise the cost for criminals and reduce their window to exploit victims.
Darktrace’s 620% figure is a stark reminder that risk spikes when commerce and emotion meet. The holiday shopping season will always offer temptation — and with new tools, temptation looks more compelling than ever. So where does responsibility lie? With technology, policy or individual vigilance? The short answer: all three.
As you chase the best deals this season, remember that a smart buy includes not just price comparison but a moment of scepticism. In a marketplace where perception can be manufactured in milliseconds, that little pause may be the difference between a bargain and a lesson.
Source: https://www.infosecurity-magazine.com/news/three-black-friday-scams-2025/




