The shopping frenzy that starts in November has become a ripe picking ground for hackers who target retailers and consumers caught up in sales and discounts, rather than being on the lookout for fraud.
This threat is compounded by typical holiday staffing patterns. Although shop floors are fully-staffed, many admin roles run on skeleton crews. The strain on remaining staff increases the likelihood of human error – a critical vulnerability, as phishing attacks remain the most common technique used by threat actors.
Lynette Drevin, professor at the School of Computer Science and Information Systems at North West University, notes that cyber criminals exploit vulnerabilities by attacking at times when retailers are less likely to be able to quickly respond, or when they focus more on customers’ demands or expectations than technical issues.
Mimecast data shows a spike in phishing over November and December every year. Retail, it says, is one of the top sectors targeted by fraudsters.
In December last year, security company Darktrace noted that phishing attacks surged by more than 600% in the build-up to Black Friday. Tactics used by criminals included domain spoofing and brand spoofing, it says.
Hiwot Mendahun, threat research engineer at Mimecast, says historically, cyber attacks coincide with major retail and holiday events, such as Black Friday, Christmas and New Year. “This period presents a heightened risk landscape, as cyber criminals strategically exploit the surge in digital transactions and user engagement.”
Drevin agrees, saying the retail sector often faces heightened vulnerabilities, particularly during peak shopping seasons like Black Friday, Cyber Monday and the holiday shopping period.
Mendahun says retailers “with the highest transaction volumes and digital footprints are a lucrative target for cyber criminals this festive season”.
Drevin also points out that small and medium retailers may not have the same level of cyber security measures in place as larger companies. “This can be due to high costs or lack of trained staff.”
Mendahun adds that campaigns aimed at harvesting card information could be especially lucrative in the build-up to Black Friday, as suspicious transactions may not be flagged during the shopping fever.
Pick n Pay, the only retailer to respond to a request for comment from ITWeb, indicates it does not discuss cyber security issues externally to help limit the amount of information in the public domain that could inadvertently compromise systems.
“Cyber security must be seen as a critical investment for retailers for safeguarding their business activities, financial assets, consumer trust and reputation,” says Drevin.
Consumers at risk
While retailers face threats to their infrastructure and operations, consumers navigating the Black Friday shopping rush are equally vulnerable to fraud.
JustMoney’s recent large-scale survey, Money & Me, found that 50% of its 5 500 respondents have been scammed at least once during their lifetime. Most of these scams occurred on social media, it says.
“As excitement builds and spending ramps up, criminals use the urgency of ‘limited-time offers’, cloned websites, phishing and other ploys to catch people off guard,” says Sarah Nicholson, head of customer experience at JustMoney.
The South African Banking Risk Information Centre’s 2024 Annual Crime Statistics report shows digital banking fraud cases almost doubled year-on-year, rising from around 31 600 incidents in 2023, to roughly 64 000 in 2024, with losses to the industry increasing from around R1 billion to over R1.4 billion.
For consumers, these crimes don't just mean lost money – they also erode trust in digital systems, says security company Phangela Group.
Beyond phishing
Phishing attacks aren't the only techniques that increase over the holiday period.
Ransomware leak site activity reached a new quarterly peak in the last three months of 2024, with 1 663 victims posted globally – breaking the previous highest number in the third quarter of 2023, according to research by cyber insurance company Travelers.
Radware’s 2025 e-commerce bot threat report notes that the 2024 holiday shopping season “recorded increasing sophistication in malicious bot activity targeting e-commerce platforms, with bad bots representing a consistently growing share of online shopping traffic”.
The cyber security company added that, just as online sales reached record volumes, there was a corresponding surge in bot activity that created significant security and operational challenges for digital retailers.
“Overall, bad bot transactions detected globally across industries in 2024 increased by 35% compared to the previous year,” said Radware.
Phangela Group CEO Christopher Thornhill says: “The speed and sophistication of these scams are outpacing the systems designed to stop them.”
Share