Phishing scams impersonating major holiday brands like Walmart, Target, and BestBuy increased by more than 2000% during Black Friday week, new research from Darktrace has revealed.

These findings come as part of a wider increase in phishing activity during the early holiday shopping season. From November 25th to November 29th, 2024, attempted Christmas-themed phishing attacks leaped 327% worldwide, while Black Friday-themed phishing attacks jumped 692% compared to the 4^th to the 9^th of November.

According to Nathaniel Jones, VP of Threat Research at Darktrace, we can attribute these surges to the rise of AI, which, combined with automation and growing cybercrime-as-a-service marketplaces, is increasing the speed, scale, and sophistication of cyberattacks, including phishing.  

Holiday Season Breeds Phishing Scams

Jones notes that the festive shopping season is a “perfect storm” for cybercriminals, with consumers primed to expect floods of retail deals while retailers process abnormal transaction volumes.

“This combination makes spotting suspicious patterns more challenging than at any other part of the year. Bad actors taking advantage of that with brand impersonation is nothing new, but the rapidly growing volume of those attacks makes them a real worry,” he said.

Mr. Mika Aalto, Co-Founder and CEO at Hoxhunt echoed this sentiment, adding that “the holidays contain more travel and gift-buying activity along with heightened emotions, so there are a lot more psychological buttons available to hackers during this season of giving.”

In the report, Darktrace notes that during the holidays, scammers shift away from a business to a consumer focus. During the analyzed periods, impersonation of major consumer brandsgrew 92% globally, while mimicking of workplace-focused brands declined by 9%.

Old Techniques, New Techniques

Darktrace’s research shows that while attackers still heavily rely on established techniques like brand spoofing, new, sophisticated techniques, like thread hijacking, are gaining prominence.

“Thread hijacking typically involves attackers gaining access to a user’s email account, monitoring ongoing conversations, and then inserting themselves into these threads. By replying to existing emails, they can send malicious links, request sensitive information, or manipulate the conversation to achieve their goals, such as redirecting payments or stealing credentials,” said Jones.

Because these emails appear to come from a trusted source, they are more likely to bypass human security teams and traditional security filters and compromise computer systems.

Fighting Back Against Holiday Scams

Experts argue that the surge in holiday scams necessitates a greater focus on tailored security awareness training. Mr Aolto argues that now “is a good time to send targeted phishing simulations along with a general communication full of examples of holiday-themed phishing campaigns to bring the topic to the front of people’s minds.”

However, according to Stephen Kowski, Field CTO at SlashNext Email Security+, protecting against modern phishing threats, which have evolved beyond traditional corporate email security boundaries, requires a more technical solution.

“Organizations need comprehensive protection that extends beyond corporate infrastructure to detect and block sophisticated phishing attempts across all digital channels while ensuring employees can safely participate in holiday shopping without compromising security,” he said.